BenefitSites is a Mac application that reinstalls itself if you try to remove it. BenefitSites spreads with fake software updates, so most victims download and install it themselves after being tricked by malicious ads. It’s malware that injects ads into your webpages, crashes online apps, traps your mouse cursor, and displays suspicious pop-up windows that ask for your administrator password. If these symptoms sound familiar, your Mac may have been infected with an adware trojan.
Benefitsites Mac Adware quicklinks
- How BenefitSites works
- Adware
- Trojan
- Removing BenefitSites
- Automatic Malware removal tools
- Uninstall browser extensions
(Win)
Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,
(Mac)
Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,
BenefitSites needs to be removed as quickly as possible:
| Type of threat | Trojan,
adware. |
|---|---|
| BenefitSites infection symptoms | Strange pop-ups,
crashing apps, excessive ads. |
| Distribution and installation | Advertised as software updates,
installed with the help of deceptive pop-ups, reinstalls after being deleted. |
| Removing BenefitSites | Scan your Mac for malware (Combo Cleaner, etc.),
remove malicious profiles, login items, and other related files, remove the app and the browser extension. |
How BenefitSites works
Adware
Those infected with BenefitSites often have to deal with an unstable internet connection and crashing apps, especially the email app. It seems like BenefitSites might have hijacked your traffic by routing it to go to a server managed by the criminals behind BenefitSites. This would let them read what sites you visit and inject stuff into them, like ads. Your links could even return the wrong webpages.
Based on what’s known about this, BenefitSites is probably connected to Any Search Manager.
Advertising to you and getting your information are the main things that BenefitSites does. That’s the business model of this malware.
Trojan
BenefitSites, just like its siblings CustomSuccess, SystemNotes, ReachChoice, etc., is distributed by malicious websites that you open by clicking on deceptive ads. These ads say things like “Flash Player might be out-of-date”, “Recommended update”, “A Flash Player update is recommended”, and similar lines. They’re all fake and the files they offer are pure malware.
Many people are tricked into downloading these files because we can still remember the times when we couldn’t take two steps online without a functioning Flash Player. Things are different now, barely anyone uses Flash Player.
The malicious ads that download BenefitSites are a form of social engineering – manipulation. It’s not sophisticated coding tricks, but the creative presentation that helps spread the BenefitSites malware.
Removing BenefitSites
If you have a backup from before BenefitSites infected your Mac, consider restoring from it. It’s not the most reliable way to get rid of malware, but it’s relatively easy. Just scan your Mac afterward with an anti-malware program, like Combo Cleaner. And whatever file downloaded the malware on your Mac needs to be deleted, too. You don’t want to accidentally run it again.
You can also remove BenefitSites manually, though it’s still recommended to scan your Mac.
Creating a backup of your Mac now is also a good idea – to recover from in case something goes wrong.
Deleting files that belong to BenefitSites might not work while the app is running, so it needs to be shut down. The simplest way to do this is to start your Mac in safe mode by holding the Shift button during startup until you see the login screen. Safe mode stops unnecessary apps from running, so some functions might not work as expected. Don’t worry, though – the next time you start your Mac, it will boot in normal mode.
While BenefitSites is gimped, check for Profiles by opening System Preferences. Profiles are used by administrators to control your Mac settings – for example, if your Mac is given to you by your job, you likely have a profile by them. Personal Macs often have no profiles at all. Malware like BenefitSites abuses profiles to force settings on you. Select unfamiliar profiles and press the minus button to remove them.
Next, check your login items:
- System Preferences
- Users & Groups
- Login Items
These are the apps that run automatically when you start your Mac. Here, remove unknown items by selecting them and pressing the minus button.
If you don’t see anything related to BenefitSites in Login Items, you may need to go deeper:
- Finder
- Go
- Go to Folder
In the dialog that opens, paste in the names of these folders one at a time: ~/Library/LaunchAgents, ~/Library/Application Support, /Library/Application Support, /Library/LaunchDaemons. Check these folders and look for files called “BenefitSites” or anything similar, like “ManagementMark”, “MesengerDeck”, etc. You can just google the names of any files that are suspicious to see what is known about them. Delete the files that belong to BenefitSites malware.
Open your Applications folder and find the BenefitSites app. Then drag it to Trash. Also, open your web browsers and check their extensions. When you find BenefitSites, remove it. When I say “BenefitSites” here, I mean any app that might have replaced it. Whatever name this malware uses, you will probably be able to recognize it. For example, Safari warns about the extension being able to read your passwords, phone number, your credit card number, etc. Thus, you should probably change your passwords after making sure that your Mac is clean.
Automatic Malware removal tools
(Win)
Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,
(Mac)
Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,
Uninstall browser extensions
TopRemoving BenefitSites Mac Adware from Safari (Mac OS X)
- Click on the Safari menu.
- Choose Preferences.
- Click on the Extensions Tab.
- Click on the Uninstall button near the CentralRush. Remove all other unknown or suspicious entries too. If you are not sure whether you need the extension or not, you can simply uncheck the Enable check-box to disable the extension temporarily.
- Restart Safari.
(Optional) Reset your browser’s settings
If you are still experiencing any issues related to BenefitSites Mac Adware, reset the settings of your browser to its default settings.
- Click on the Safari menu on the top left corner of the screen. Select Reset Safari.
- Select which options you want to reset (usually all of them come preselected) and click on the Reset button.
If you cannot reset your browser settings and the problem persists, scan your system with an anti-malware program.
TopRemoving CentralRush from Chrome
- Click on the menu button on the top right corner of a Google Chrome window. Select “Settings”.
- Click “Extensions” on the left menu bar.
- Go through the extensions list and remove programs you do not need, especially similar to BenefitSites Mac Adware. Click on the trash bin icon next to CentralRush or other add-ons you want to remove.
- Press on the “Remove” button on the Confirmation window.
- If unsure, you can disable them temporarily.
- Restart Chrome.
(Optional) Reset your browser’s settings
If you are still experiencing any issues related to BenefitSites Mac Adware, reset the settings of your browser to its default settings.
- Click on Chrome’s menu button (three horizontal lines) and select Settings.
- Scroll to the end of the page and click on the Reset settings button.
- Click on the Reset button on the confirmation box.
If you cannot reset your browser settings and the problem persists, scan your system with an anti-malware program.
TopRemoving CentralRush from Firefox
- Click on the menu button on the top right corner of a Mozilla window and select the “Add-ons” icon (or press Ctrl+Shift+A on your keyboard).
- Go through Extensions and Addons list, remove everything BenefitSites Mac Adware related and items you do not recognise. If you do not know the extension and it is not made by Mozilla, Google, Microsoft, Oracle or Adobe then you probably do not need it.
- Click on the menu button on the top right corner of a Mozilla Firefox window. Click on the Help button.
- Choose Troubleshooting Information on the Help menu.
- Click on the Reset Firefox button.
- Click on the Reset Firefox button on the confirmation box. Mozilla Firefox will close and change the settings to default.
