How to remove Trojan horse virus from Mac: a complete 2025 removal guide

Worried that your Mac may be infected with a Trojan virus? While they are good at hiding, most of them are easy to remove and shouldn’t have a long-term effect on your Mac or your data. Keep on reading to learn how to get rid of Trojan virus on Mac and how to prevent infecting your MacBook with Trojans and other malware in the first place.

What is a Trojan virus?

A Trojan virus — or, to give it its full name, a Trojan Horse — is so called because it’s a cyber equivalent of the Wooden Horse of Troy. It tricks users into downloading the virus by hiding it in something that looks legit. Trojans are often disguised as software updates — say, for Adobe Flash or, worse, as antivirus tools. They may also display a pop-up claiming your Mac has been infected and then takes you to a download for what is claimed to be an antivirus tool, but which in itself is a virus.

Although it contains "virus" in its name, Trojan is not a virus, but a type of malware — a broader term used for describing all types of malicious software. Unlike true computer viruses, it does not self-replicate itself. Instead, it tricks you into downloading itself, and this is how they spread. In essence, it depends on social engineering — making a user believe that it is legit and convincing them to run it.

What does a Trojan virus do?

You may have seen a Trojan before. It could take the form of an email attachment. Although the letter may seem trustworthy, its only purpose is to make you click a malicious link or download the attachment, which will immediately infect your Mac with a Trojan.

The primary issue with Trojans is that you don’t know that you’re installing them — they look and act like legitimate files, but they can install other malware and even track your activity without you noticing.

Once you download and execute a Trojan, it infiltrates your device and may collect keystrokes, steal data, or even create a backdoor for other malware. The impact of a Trojan can go beyond minor computer glitches — if left unnoticed, they can result in data theft (financial and identity), credential harvesting, and even banking fraud.

Based on what they do, there are numerous different types of Trojan viruses: backdoor Trojans, banking Trojans, Remote Access Trojans (RAT), ransomware Trojans, rootkit Trojans, downloader Trojans, and keylogger Trojans, to name just a few. But there are dozens of other types of Trojans.

You may have heard of some Trojans. One of the best known is Zeus, also known as Zbot. It was designed to steal user banking credentials and was spread through phishing campaigns. Another example is Emotet Trojan that started as a banking Trojan but was later used for spreading other malware (including ransomware). One more Trojan that harvested financial data and store credentials is TrickBot.

Signs of Trojan infection on Mac

Many of the symptoms of Trojan horse viruses are the same as other types of viruses. These include:

• Your Mac starts behaving erratically and doing things you don’t expect.
• Your Mac starts running very slowly, as if something is hogging the processor (e.g., apps are slow to open or react to clicks).
• You start seeing adverts on your desktop.
• Your internet connection becomes slow and unstable. 
• You notice changes in browser settings or system preferences. 
• You cannot access some files or apps you could access in the past.

The telltale sign of a Trojan virus, however, is that you discover software on your Mac that you didn’t intend to download. That could be an application in your Applications folder or an extension in the web browser you use.

How to detect Trojan virus on Mac

The easiest way to detect Trojan virus on Mac is to run a Mac virus scan, especially if you notice any of the signs we’ve outlined above. To scan your Mac for malware, including Trojan Horses, you’ll need a trusted tool that can do the job. We recommend CleanMyMac — a Mac cleaner app notarized by Apple — and its Malware Removal feature that comes with the Protection tool.

Here’s how to use it:

1. Start your free CleanMyMac trial.
2. Click Protection > Scan, and CleanMyMac will start examining your Mac for malware, including worms, spyware, viruses, etc.
3. Wait for the scan to complete.

Now that you know how to detect Trojan virus on Mac when you think it is infected, let’s find out how to remove Trojans and other malware from your computer. 

How to remove a Trojan virus from Mac

If you’ve spotted that your Mac behaves strangely and detected Trojan after a thorough malware scan, the best way to deal with it is to use CleanMyMac to remove it. It’s much better than ordinary Trojan virus removers, as it can detect and neutralize thousands of threats, including adware, spyware, ransomware, worms, and more. 

Here’s how to get rid of malware with CleanMyMac:

1. Once again, open CleanMyMac.
2. Click the Protection tab > Scan.
3. When the scan is done, click Remove.

Trojan virus removal has never been easier — every trace of the malware will be removed from your Mac.

How do I manually remove a Trojan virus

If you do not want to use a third-party tool for removing malware, it’s still possible to get rid of Trojan manually. Some detective work is needed, though. Below, we list all the steps necessary for Trojan removal. Based on a particular virus, you may need to take fewer of them, but we recommend not to skip any. 

Also, be ready that while manual removal is possible, you may still need to use a malware removal tool to make sure that you managed to find all components of the Trojan and the deletion was complete.

Before taking any step, disconnect your Mac from the internet to prevent further damage and data loss. It prevents the virus from connecting to its command and control server. Worry not about going offline since you do not need the internet to complete the steps outlined below.

1. Remove malicious profiles

Some Trojan viruses create additional profiles and use them to change browser and system settings. So, the first step is to check whether new profiles have been added and remove the malicious ones. Here’s how:

1. Open System Settings. 
2. Navigate to Users & Groups.
3. If there is a profile you haven’t created, click an i next to it and select Delete Account. Select Delete the home folder from the pop-up.

Repeat the steps for any profiles you want to remove. 

2. Delete malicious apps

As mentioned, Trojans can install apps on your Mac without you even knowing it. Therefore, the next step is to find and delete those apps.

Here are the steps for complete app removal: 

1. Open the Applications folder and find the malicious app. 
2. Move it to the Trash and empty it.
3. Now, find and delete leftover files by opening the Finder and clicking Go > Go to Folder from the menu bar. Paste the following paths into the window that pops up one at a time and send to the Trash any files associated with the app you’ve just removed: 

~/Library/Application Support

/Library/Caches/

~/Library/Caches/

~/Library/Internet Plug-Ins/

~/Library/Preferences/

~/Library/Application Support/CrashReporter/

/Library/LaunchAgents

~/Library/LaunchAgents

~/Library/Saved Application State/

/Library/Application Support

/Library/LaunchDaemons

Once you’ve removed the files, empty the Trash and restart your Mac. 

3. Reset browser settings 

Trojan viruses commonly change browser settings, so resetting them to default is necessary in order to get rid of malware. Steps vary for different browsers. 

Safari

1. Open Safari and go to Settings from the menu bar.
2. In the General tab, set your preferred homepage.
   

   

3. Go to the Search tab and choose your preferred search engine. 
4. Now, navigate to the Privacy tab and click Manage Website Data.
   
5. Click Remove all and confirm by hitting Remove Now. 
   

   

6. Finally, move to the Advanced tab and select Show features for web developers.
7. Now, from the menu bar, click Develop > Empty caches.

Chrome

1. Open Chrome.
2. Click three vertical dots top right and navigate to Settings. 
3. Go to Reset settings from the sidebar. 
4. Click Restore settings to their original defaults and confirm the reset. 

Firefox

1. Open Firefox.
2. Click three horizontal lines top right and go to Help > More troubleshooting information.
3. Click Refresh Firefox and confirm the refresh. 

4. Remove malicious extensions

Another important step in Trojan virus removal is getting rid of any malicious extensions it may have placed on your Mac. Below are the steps for different browsers. 

Safari

1. Go to Safari Settings > Extensions.
2. Select an extension and click Uninstall.

Chrome

1. Open Chrome and click on the 3-dot icon in the upper right corner.
2. Select Settings and choose Extensions from the menu that appears.
3. Choose any extension you don’t recognize and click Remove.

Firefox

1. Open Firefox.
2. Click the 3-line (hamburger) icon at the top right corner.
3. Select Add-ons and themes.
4. Click the Extensions tab and remove any extension you don’t recognize.
5. Click the ellipsis and select Remove

By now, you should have removed any virus from your Mac. However, if you could not complete any of the steps above — say, you could not delete the user or change browser settings — follow the extra steps below. 

5. Boot into safe mode

For extremely stubborn and hard-to-delete Trojans, you may need to boot into safe mode and try following the steps above once again. Safe mode is a special startup mode that loads only vital system extensions, so if something is running in the background and prevents you from following any of the steps above, it should disable it and let you complete Trojan virus removal. Follow the steps below, depending on your chip/processor.

Apple silicon

1. Shut down your Mac and press and hold the power button.
2. Release it when you see Loading startup options.
3. Select the volume and press and hold the Shift button.
4. Click Continue in Safe Mode and enter your login credentials.
5. Your Mac will restart, and you should see Safe boot top right.

Intel

1. Shut down your Mac.
2. Turn it on and immediately press Shift until the login window appears.
3. Log in to your Mac — you may need to do it twice.

6. Reinstall macOS

If booting into safe mode did not help and you still ask how to remove Trojan virus from Mac, consider reinstalling macOS. It overwrites the current macOS version and may help remove some types of malware. However, if Trojan is in your files, it might not help because your data should remain intact.

Before reinstalling macOS, make sure that you have a backup. Just in case anything goes wrong. Ideally, it should be a snapshot of your Mac before you started noticing malware-related behavior. 

Next, follow the steps below to boot into macOS Recovery, depending on your chip/processor.

Apple silicon

1. Shut down your Mac.
2. Press and hold the power button until you see Options or Loading startup options.
3. Click Options > Continue.
4. Select your startup disk and click Next.
5. If requested, log in and click Next.
6. Click Reinstall macOS [your macOS version] and follow the on-screen instructions.

Intel

1. Shut down your Mac.
2. Press and hold Command + R when booting it.
3. You may be asked to connect to Wi-Fi, select a volume or user, or enter your password.
4. Click Reinstall macOS [your macOS version] and follow the instructions on the screen.

If reinstalling macOS hasn’t helped, consider booting into recovery mode following the steps above and erasing your disk using Disk Utility. After erasing the disk, you can try reinstalling macOS once again.

Still, it is better to try removing Trojan with a dedicated cleaner first before you do it, especially if you do not have a backup with all your files.

How to protect your Mac from Trojan viruses

Now that you’ve removed Trojan from your Mac, you need to prevent any further infections. Here are a few effective ways to do it: 

• Stay vigilant online. Don’t download anything unless you’re absolutely sure what it is and don’t click on a link in an email or a message unless you’re 100% certain where it leads to. Also, heed warnings in web browsers when they tell you a site is suspected of being unsafe. 
• Keep your Mac’s Firewall turned on and keep your Mac and apps updated to the latest version of macOS.
• When you download an application, and your Mac alerts you that you have done so and asks if you trust it and want to proceed, don’t just agree. Check the name of the application and make sure it’s what you thought you were downloading.
• Make sure to back up your Mac regularly so that you can restore your data should Trojan removal go wrong. 
• Use password managers to generate secure passwords and keep them safe — it can help protect from Trojan-PSW attacks that mainly steal logins and passwords from infected computers.
• Scan your Mac for malware regularly. The easiest way is to have a tool run in the background and protect your Mac from Trojan viruses and malware in real time. CleanMyMac and its malware monitor can do it for you. To enable it, click the CleanMyMac icon in the menu bar and click Turn On in the Protection section.

Removing Trojan viruses from a Mac isn’t too difficult, but as with any malware, it’s much better if you can prevent your Mac from downloading it in the first place. A little vigilance and common sense go a long way. And if you do need to remove an application, use a cleaner like CleanMyMac to get rid of it completely.

Frequently asked questions

Can I remove a Trojan without antivirus software?

You can try removing it manually, and sometimes, this effort will be successful. However, to remove it completely, you will have to find all components of the Trojan and delete them. The process may be too time-consuming and even risky. Depending on the type of Trojan, you may need to reinstall your macOS or even wipe the drive, meaning that you will lose your data. So, using cleaner software is generally faster and safer. That is why some users online say that trying to get rid of Trojan manually is never worth it. 

Do I need to reinstall my operating system after a Trojan infection?

It is not always necessary. However, if you cannot undo system changes that Trojan has made or you suspect that Trojan removal has not been complete, reinstalling macOS is a sure way to remove some types of system malware.

How do Trojans establish persistence on my system?

Once you execute a Trojan, it can change system settings and system files so that it launches automatically every time you start your device.

Are key generators, crack programs, and cracked software Trojans?

Not always, but too frequently, they are. We do not recommend downloading cracked software or using key generators and crack programs on your Mac; instead, always get your apps from the App Store or trusted developers, not freeware websites.

Why does my antivirus keep detecting the same Trojan?

It may be that it is a false positive. In some cases, your antivirus may not be updated, its settings may be preventing it from properly scanning your computer, or it may be compromised. In either case, try switching to another antivirus software and running another scan. 

What is a boot-time scan and when should I use it?

A boot-time scan is a security feature that some antimalware tools come with. It scans your Mac before macOS loads, and so lets you find and remove malware that might be hidden or active during normal operation. You can use it if a standard scan has not found any threats, but your Mac is acting weirdly. But note that not all malware removal apps have this feature.

How do I clean an infected hard drive?

To clean an infected hard drive, you need to either remove the Trojan with an antimalware tool that can scan connected devices or completely wipe it. Either way, do not forget to scan your computer to make sure that the Trojan has not infected it.