Trojan

Remove Shlayer Malware (Mac) August 2019 Update


How irritating is this problem? (7 votes, average: 5.00)
Loading...

This page aims to help you remove Shlayer Malware. Our removal instructions work for every version of Mac.

Shlayer is a noxious Trojan Horse virus, which mainly infects poorly protected Mac-based computers. It often uses camouflaged malicious transmitters to spread its harmful code over different web locations and trick the unsuspecting online users into clicking on it. The contamination usually requires the victims to interact with the harmful carrier, open infected links or ads, download some shady files or install some questionable software on their machines without carefully checking their source. Typically, the criminals rely on various carriers such as legitimate-looking messages, links or files sent from friends, fake software update requests, different torrents, intriguing emails with attachments or free downloads to make the users interact with their harmful payload. They also exploit system vulnerabilities or the lack of reliable antivirus software to attack the computer and insert their malware secretly. Unfortunately, once the Trojan has infected the system, there may be no typical symptoms which can reveal its presence. The nasty virus may remain there for weeks, months and sometimes even years, silently waiting for commands from its creators and secretly performing specific criminal tasks.

If you have detected Shlayer Malware on your computer, however, you are already one step further on your way towards removing the infection. Finding the Trojan inside your system and safely deleting it without risking the health of your computer can be a very challenging task, especially if you don’t have reliable antivirus software. That’s why we usually advise our readers to not experiment with their malware-removal skills and to instead invest in a professional security tool. Alternatively, those of you who believe they have enough experience can try to remove the infection with the help of the manual removal guide below.

How harmful could Shlayer be?

The Trojan Horse infections can be very nasty. They can perform different criminal tasks one after the other. That’s why it is very difficult to tell you what exactly a threat like Shlayer may do while on your machine. Typically, such a malware infection could be used to weaken your system and to create backdoors for other viruses to enter. A huge number of Ransomware attacks usually happen thanks to a previous contamination with a Trojan-based virus. Furthermore, the Trojan can sometimes modify the system’s default configuration settings and make changes in the registry so that its harmful processes can run uninterrupted every time Windows is loaded. Some of the most harmful effects of its nasty work could be data corruption, frequent system errors and instability of the system as a whole and sometimes permanent OS damage as well as theft of personal data and sensitive information like passwords and banking details (and many more).

In some cases, manual removal of the Shlayer virus may be possible. However, you should keep in mind that the malicious components and files of this Trojan may often look like legitimate operating system elements. Therefore, in order to avoid deleting the wrong computer files and affecting the system’s health, you are advised to use a professional anti-malware solution which can easily and safely remove the malware and all of its associated hidden files without risks for the system.

SUMMARY:

Name Shlayer
Type Trojan
Danger Level  High (Trojans are often used as a backdoor for Ransomware)
Symptoms  This malware rarely triggers visible symptoms but frequent system issues may eventually indicate some hidden malicious activity. 
Distribution Method  Fake software update requests, malicious emails and attachments, spam, infected files and download links, pirated software.
Detection Tool

Remove Shlayer Malware

Step1

The first thing you need to do is to Quit Safari (if it is opened). If you have trouble closing it normally, you may need to Force Quit Safari:

You can choose the Apple menu and click on Force Quit.

Alternatively you can simultaneously press (the Command key situated next to the space bar), Option (the key right next to it) and Escape (the key located at the upper left corner of your keyboard).

If you have done it right a dialog box titled Force Quit Applications will open up.

In this new dialog window select Safari, then press the Force Quit button, then confirm with Force Quit again.

Close the dialog box/window.

Step2

WARNING! READ CAREFULLY BEFORE PROCEEDING!

Start Activity Monitor by opening up Finder, then proceed to activity-monitor

Once there, look at all the processes: if you believe any of them are hijacking your results, or are part of the problem, highlight the process with your mouse, then click the “i” button at the top. This will open up the following box:

chromeinfo

Now click on Sample at the bottom:

chromesample

Do this for all processes you believe are part of the threat, and run any suspicious files in our online virus scanner, then delete the malicious files:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at: https://howtoremove.guide/online-virus-scanner/




Scan Results


Virus Scanner Result
ClamAV
AVG AV
Maldet

Step3

The next step is to safely launch Safari again. Press and hold the Shift key while relaunching Safari. This will prevent Safari’s previously opened pages from loading again. Once Safari is opened up, you can release the Shift key.

On the off chance that you are still having trouble with scripts interrupting the closing of unwanted pages in Safari, you may need to take some additional measures.

First, Force Quit Safari again.

Now if you are using a Wi-Fi connection turn it off by selecting Wi-Fi off in you Mac’s Menu. If you are using a cable internet (Ethernet connection), disconnect the Ethernet cable.

Step4

Re-Launch Safari but don’t forget to press and hold the Shift button while doing it, so no previous pages can be opened up. Now, Click on Preferences in the Safari menu,

Preferences in Safari

and then again on the Extensions tab,

extensions in safari

Select and Uninstall any extensions that you don’t recognize by clicking on the Uninstall button. If you are not sure and don’t want to take any risks you can safely uninstall all extensions, none are required for normal system operation.
Step5

The threat has likely infected all of your browsers. The instructions below need to be applied for all browsers you are using.

Again select Preferences in the Safari Menu, but this time click on the Privacy tab,
Privacy in Safari

Now click on Remove All Website Data, confirm with Remove Now. Keep in mind that after you do this all stored website data will be deleted. You will need to sign-in again for all websites that require any form of authentication.

Still in the Preferences menu, hit the General tab

General Tab in Safari

Check if your Homepage is the one you have selected, if not change it to whatever you prefer.
Default Home Page

Select the History menu this time, and click on Clear History. This way you will prevent accidentally opening a problematic web page again.

firefox-512 How to Remove Shlayer From Firefox in OSX:

Open Firefoxclick on mozilla menu (top right) ——-> Add-onsHit Extensions next.

pic 6

The problem should be lurking somewhere around here –  Remove it. Then Refresh Your Firefox Settings.


chrome-logo-transparent-backgroundHow to Remove Shlayer From Chrome in OSX:

 Start Chrome, click chrome menu icon —–>More Tools —–> Extensions. There,  find the malware and  select  chrome-trash-icon.

pic 8

 Click chrome menu icon again, and proceed to Settings —> Search, the fourth tab, select Manage Search Engines.  Delete everything but the search engines you normally use. After that Reset Your Chrome Settings.

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!


Leave a Comment