AddUpgrade Mac Malware - How to remove

AddUpgrade malware infection affects Macs and hijacks their browsers to force them to show lots of unwanted ads. While AddUpgrade malware is installed, you can’t fix your browsers by changing their settings. And finding and removing AddUpgrade malware can be tricky on its own. Not to mention, people don’t install this adware intentionally (they get it bundled with fake software updates), so they may not even know that their Mac was infected.

About AddUpgrade malware:

Classification	Adware, browser hijacker.
Effects of the adware	Browser settings hijacked, pop-ups ads and redirects to malicious websites, your browsing history and other data is logged.
How AddUpgrade malware spreads	Through fake software updates, in free apps – adware bundlers.
Removing AddUpgrade malware	Remove malware from your settings, files, applications, and extensions, check for malware with antivirus tools (Combo Cleaner, Malwarebytes, or others).

Effects of AddUpgrade Malware

AddUpgrade malware primarily affects web browsers and can be called a browser hijacker. This gives it tremendous power, as browsers are some of the most used programs. Here are a few powers that AddUpgrade malware has:

• changing your browser settings to open a particular website as your default new tab page,
• changing browser search settings to send your internet search queries to a particular website,
• reading your browsing history and search history,
• reading the text that you type in the fields of various webpages (including passwords),
• showing notification pop-ups,
• redirecting you to malicious websites.

AddUpgrade malware may cause your browser to open AnySearchManager/Safefinder by Linkury when you search for anything. SafeFinder is one of those alternative search engines that take search results from another search engine and then inject a few ads in them, making money without creating a valuable product. For you and the other victims of AddUpgrade malware, this just means wasted time and harmed privacy.

Once AddUpgrade malware is installed, it should appear in your browser extensions, as well as in the Applications folder. To check your Safari browser extensions, you need to open Safari, open the Safari menu at the top, click on Preferences, and click on the Extensions tab. There, you should also see the permissions that AddUpgrade malware has.

It’s possible that you don’t see an extension in your browser but the settings are still hijacked. It is possible that AddUpgrade malware or another adware infection had been in your system, was removed, but left the unwanted settings stuck. You can fix that in browser preferences. I pasted the instructions for restoring browser settings at the bottom of this article.

How adware gets installed

AddUpgrade malware is similar to SkilledDeskSearch, UpgradeAgent, and maybe even the Shlayer trojan.

It’s possible to infect your Mac by downloading apps from unreliable websites. Free apps are sometimes bundled with some optional installs as a way to monetize the free program (because the developers of the optional apps pay to have their apps distributed like this).  Unfortunately, some of these optional installs end up being malicious and really hard to get rid of.

AddUpgrade malware could have also been downloaded from some deceptive website that presented it as another thing entirely. For example, sites with fake Adobe Flash update warnings have been spreading adware and other malware for Macs quite actively. They’re very well made, so it’s easy to get tricked by them.

How to remove AddUpgrade malware

You can use antivirus tools, such as Combo Cleaner, Malwarebytes, or another app to scan your Mac. The scan would tell you about malicious apps and files on your computer. Such as AddUpgrade (Virustotal link).

Manually removing them can be a bit difficult, but if you want to do it, you might be able to.

First, check your System Preferences. If there is a section called Profiles, review it for AddUpgrade or similar Profiles. Then remove it by selecting it and pressing the minus button.

In addition, open Finder, Go, Go to Folder. In the dialog, paste in these folder names one at a time and go to these folders:

• ~/Library/LaunchAgents,
• ~/Library/Application Support,
• /Library/Application Support,
• /Library/LaunchDaemons.

If you find files related to AddUpgrade malware, remove them. But do not remove items that you aren’t sure about . Or make backups of the folders before deleting files. And, after this, also scan your Mac wiht a security program.

Open your Applications, find AddUpgrade malware, and drag it to Trash. Now that you have deleted the files that were checking for it to be installed, it should stay in Trash and not come back.

Automatic Malware removal tools

Remove unwanted browser extensions

TopRemoving AddUpgrade Mac Malware from Firefox

• Click on the menu button on the top right corner of a Mozilla window and select the “Add-ons” icon (or press Ctrl+Shift+A on your keyboard).
  
• Go through Extensions and Addons list, remove everything AddUpgrade Mac Malware related and items you do not recognise. If you do not know the extension and it is not made by Mozilla, Google, Microsoft, Oracle or Adobe then you probably do not need it.
  

(Optional) Reset your browser’s settings If you are still experiencing any issues related to AddUpgrade Mac Malware, reset the settings of your browser to its default settings.

• Click on the menu button on the top right corner of a Mozilla Firefox window. Click on the Help button.
  
• Choose Troubleshooting Information on the Help menu.
  
• Click on the Reset Firefox button.
  
• Click on the Reset Firefox button on the confirmation box. Mozilla Firefox will close and change the settings to default.
  

If you cannot reset your browser settings and the problem persists, scan your system with an anti-malware program.