MAC.OSX.Backdoor.Icefog removal instructions

What is a MAC.OSX.Backdoor.Icefog?

MAC.OSX.Backdoor.Icefog is a Trojan infection. A trojan (sometimes referred to as a Trojan virus or Trojan horse virus) is malware that stealthily infiltrates users’ computers and performs various malicious tasks. The term ‘Trojan’ originates from a well-known historical event in which Greeks used a decoy to enter the independent city of Troy and win the war. The malware uses the Trojan name, since it employs similar tactics. Users are made to believe that they are downloading a Flash Player update or opening a legitimate email attachment, but in fact they are infecting their computers with malware.

After successful infiltration, trojans usually attempt to gain remote control of vulnerable Mac computers, record users’ Internet browsing behaviour, steal banking details and passwords from users’ keychains (password management systems), and perform other malicious tasks. The main task of a trojan infection is to stay undetected for as long as possible. Therefore, these types of infections are difficult to spot and often go unnoticed.

Here are different types of Trojans distributed by cyber criminals:

  • Banking Trojans – Steal banking and other online transaction information. Inject a virtual layer over legitimate banking websites and collect information entered by the user.
  • Downloader Trojans – Install additional malware on victims’ computers.
  • DDoS Trojans – Infects victims’ computers and apply a botnet that is later used to execute DDoS attacks on selected targets.
  • Spy Trojans – These trojans stealthily infiltrate users’ computers and attempt to track various details including, for example, keystrokes, websites visited, screenshots taken, etc. Collected data is then sent to a Trojan command server where cyber criminals can view the information.

This is the appearance of a fake Flash Player installer that distributes Trojans:

fake flash player installer distributing trojans

Indications of a trojan infection can be reduced Mac performance and strange behaviour when browsing the Internet. For example, when visiting banking portals, banking Trojans inject a virtual layer over legitimate websites to capture login details.

How did MAC.OSX.Backdoor.Icefog install on my Mac?

Trojan infections are not as widely proliferated on Mac computers as those running the Windows operating system. Most commonly, Trojans are distributed using infected email attachments and fake downloads. Users are tricked into opening a seemingly harmless CV, invoice, or other document attached to a (supposedly legitimate) email. Rather than receiving the required file, however, they inadvertently infect their systems with malware. Another Trojan distribution source is fake downloads. For example, rather than installing a Flash Player update, Mac users inadvertently infect their computers with a Trojan.

How to avoid getting your Mac infected by Trojans?

To remain safe when browsing the Internet, never trust websites that demand you update Flash Player. If you do wish to update it, the only safe source is the official Adobe website. Do not download software cracks or various keygens (key generators). Visiting Torrent websites also poses a high risk of infection.

Automatic MAC.OSX.Backdoor.Icefog removal:

Manual trojan removal can be a lengthy and risky process. This type of malware is specifically designed to avoid detection and hide within systems. Combo Cleaner is award-winning Mac antivirus software that can detect and remove MAC.OSX.Backdoor.Icefog automatically. Click the button below to download Combo Cleaner:

Download Combo Cleaner Now
Free Scanner checks if your computer is infected. To remove threats, you have to purchase the full version of Combo Cleaner

Manual MAC.OSX.Backdoor.Icefog removal:

1. Open you Launchpad, select “Other“, in the opened list select “Activity Monitor“.

launch activity monitor

2. In Activity Monitor look for any suspicious process name, when located double click on it.

locate the suspicious process name using activity monitor
3. In the opened window click the “Sample” button. This will open an additional window where you will see a line starting with “Path:” Select the path of the suspicious process (select the path, then right click your mouse over the selection and click “copy”).

double click the process name and click on sample button then select the path of the file
4. Click on any blank space on your desktop, then select “Go” from the top menu. From the “Go” menu select “Go to Folder…“, in the opened window paste the path of the suspicious process you copied previously.

click on "Go" in the top menu
5. From the opened folder: drag and drop the file of the suspicious process to your trash can.

Optional steps using EtreCheck:

1. Download EtreCheck (a free application that lists unsigned application files, indicates about adware infections, etc).
2. Launch EtreCheck, select “Other problem” (or any other suggestion from the list) and click on “Start EtreCheck“.

etrecheck step 1
3. Select the Security Tab on the left side and check the list of detected items, if you find suspicious files, click on “Remove” button next to them.

Etrecheck security tab
4. Select the Network Tab on the left, look for suspicious processes by network usage.

Etrecheck network tab
5. Select Performance Tab, look for processes consuming a lot of CPU, this could indicate a crypto currency mining Trojan infection. If located click on “Reveal in Finder“, then select the suspicious file and drag and drop it to your trash can.

Etrecheck performance tab

[Back To Top]