Mac Virus & Malware Removal in Amherst, NY

Mac Malware Cleanup for MacBook, iMac, Mac mini, and Mac Studio

So your Mac is doing something it shouldn't. Maybe Safari keeps redirecting to weird search pages. Maybe a "your Mac is infected" pop-up showed up and now it won't go away no matter how many times you close it. Maybe MacKeeper installed itself and you can't get rid of it. Maybe you downloaded something from a sketchy site and now apps are crashing or you're seeing things that don't look right. Whatever flavor of Mac malware you're dealing with, we handle it. Drop the machine off in Amherst, we'll figure out what's going on, and we'll quote you before any work starts.

One thing worth getting out of the way up front: the old "Macs don't get viruses" line stopped being true a long time ago. We see infected Macs every week. The categories are different from PCs (we see way more adware and fake "Mac cleaner" apps than we see classic destructive viruses), but Macs absolutely get hit. The most common situations we see come from people clicking on fake update prompts in Safari, downloading software from outside the App Store, installing browser extensions that turned out to be malicious, or running cracked versions of expensive professional software. The macOS security model catches a lot, but it can't stop you from typing your password and approving something yourself.

We service every Mac currently in use: Apple Silicon MacBooks (M1, M2, M3, M4 across Air and Pro models), Intel MacBooks going back to the early 2010s, iMacs of every vintage from the white plastic ones onward, Mac minis, Mac Studio, and the older Mac Pro towers. The cleanup process varies depending on the model and which version of macOS it's running, but the basic flow is the same: drop off, free diagnostic, honest quote, real cleanup, verification.

The Mac-Specific Malware We See Most Often

Mac malware doesn't look like the PC stuff most people picture when they hear "virus." Here's what actually shows up at our counter, in rough order of frequency:

• MacKeeper and its clones: we mentioned this in the FAQ but it deserves its own bullet because we see it constantly. MacKeeper, Advanced Mac Cleaner, Mac Auto Fixer, Mac Adware Cleaner, and a dozen similar apps all behave the same way: they install through bundled downloads or aggressive web ads, they tell you your Mac has hundreds of problems, and they want you to pay to "fix" them. The app itself is the problem. Removing them properly means hunting down the launch agents, launch daemons, browser extensions, login items, and configuration profiles they leave behind, not just dragging the app to the Trash.
• Search Marquis, Search Baron, Yahoo redirect hijackers: browser hijackers that redirect Safari (and sometimes Chrome and Firefox) through their own search pages. They hang around even after you reset Safari because they install configuration profiles that override the search engine setting at the system level. Common, sticky, removable.
• Bundleware adware from "free PDF" / "free converter" sites: you needed a quick way to convert a file, you searched for it, you grabbed something free, and now your Mac is showing ads in apps that have no business showing ads. The "free" tool came with bundled adware that installed itself alongside the thing you actually wanted.
• Fake Flash Player updaters: somehow still going strong even though Flash itself has been dead for years. A pop-up tells you Flash needs updating, you click it, and you've installed a fake updater that drops adware and tracking software. Anyone telling you your Mac needs Flash is either lying or out of date.
• Crackware-bundled malware: covered in the FAQ. Cracked copies of expensive Mac software (Final Cut, Logic, Photoshop, Microsoft Office, AutoCAD, professional video editors) are one of the top sources of serious Mac infections, including some that capture passwords and crypto wallets. Worth the price of the real thing.
• Malicious Safari and Chrome extensions: an extension that promises to do something useful (coupon finder, ad blocker, screen capture tool) but is actually injecting ads, tracking your browsing, or hijacking your search. Often quiet. You might not notice immediately.
• Genuine Mac trojans and stealers: less common but real. Atomic Stealer, Realst, Amos, and others target Mac users specifically, going after passwords, browser-saved credentials, crypto wallets, and Keychain entries. Usually distributed through cracked software, fake job offers, or fake "professional tool" downloads.
• Tech support scam aftermath: same as on PC. If a fake "Apple support" caller got remote access to your Mac, we have to treat the machine as compromised regardless of whether we find specific malware on it, because we don't know everything they did.

How macOS Protection Actually Works (And Where It Falls Short)

Worth understanding what your Mac is already doing to protect itself, because it explains why Mac malware looks different from PC malware and why we approach cleanup differently.

Gatekeeper checks apps when you try to open them and verifies they're either signed by a developer Apple has approved or notarized (run through Apple's automated malware scan). If you try to open an unsigned app, macOS warns you and makes you jump through hoops to actually open it. Gatekeeper is good, but you can override it, and many users do. A lot of the malware we remove got installed because the user dismissed a Gatekeeper warning to install something they wanted.

XProtect is Apple's built-in malware scanner. It runs silently in the background and updates itself separately from full macOS updates. It catches a meaningful percentage of known malware, but it's reactive. It can only catch what Apple has added signatures for, which is why brand-new malware often slips past it for a while.

System Integrity Protection (SIP) prevents even the root user from modifying critical system files. SIP is one of the reasons rootkits are rare on Macs. Disabling SIP requires a deliberate process from recovery mode that no normal user is going to do by accident.

The T2 chip and Apple Silicon add hardware-level protection: secure boot, encrypted storage by default, and isolation of sensitive operations. On Apple Silicon Macs, the security model is even tighter: the boot process verifies every component, kernel extensions are heavily restricted, and even legitimate developers have to jump through more hoops to install low-level system components.

App sandboxing means apps from the App Store run in a restricted environment where they can only access the parts of your system you've explicitly given them permission to use. This is a big reason App Store apps are generally safer than apps from the open web.

What this all adds up to: macOS is genuinely well-defended against drive-by infections, the kind where you visit a website and get infected without doing anything. What it can't really protect you against is malware that tricks you into installing it yourself, because at that point you've typed your password and given it permission. That's why almost every Mac infection we clean started with the user clicking yes on something.

Signs Your Mac Has Malware

Some Mac-specific symptoms to watch for:

• Safari or Chrome keeps opening to a search page you don't recognize, or redirecting your searches through "Bing-Yahoo," Search Marquis, Search Baron, or similar
• Pop-ups in Safari that won't close (clicking the X just opens more, and you have to force-quit Safari to get rid of them)
• An app you don't remember installing is in your Applications folder, or showing up in your Dock
• You're seeing ads on websites that don't normally have ads, or ads inside macOS apps that shouldn't show ads
• Your Mac is suddenly running hot, the fan is loud, the battery drains fast, and Activity Monitor shows a process you don't recognize using a lot of CPU
• macOS keeps asking for your password to authorize things you didn't try to do
• Your Mac has installed a "configuration profile" you don't remember (System Settings → General → Device Management or VPN & Device Management)
• Your homepage in Safari changed by itself, and resetting it doesn't stick
• You're getting "your Mac is infected, call this number" pop-ups
• Calendar events, contacts, or reminders are appearing that you didn't create (this is a real thing where attackers spam your iCloud Calendar with malicious invitations)

Our Mac Virus Removal Process

The general flow is the same as for any computer we work on, but a few things are specific to Mac:

1. Drop off and intake.Bring the Mac in. We talk through what's been happening: what symptoms you're seeing, what you might have installed recently, whether anyone called claiming to be Apple. We need your local login password to do the work, but not your iCloud password or anything else.
2. Free diagnostic.We boot the Mac normally and inspect what's actually going on. We check the Applications folder, login items, launch agents and daemons, configuration profiles, browser extensions, scheduled tasks, kernel extensions, and the usual hiding spots. We also run reputable Mac-specific malware scanners, knowing none of them are perfect.
3. Honest quote.Once we know what's on the machine, we tell you what we found and quote the cleanup. If it's a quick adware removal, the quote will reflect that. If it's a genuine deep infection that needs a full macOS reinstall, the quote reflects that too. You decide whether to proceed.
4. Targeted cleanup.For most Mac infections, we do targeted removal: pulling out the specific apps, launch items, profiles, and extensions involved. Mac infections tend to be more localized than PC ones, which is why most don't require a full reinstall. We verify each component is gone and that the symptoms are resolved.
5. Full reinstall when needed.For deep infections, suspected stealers, or anything we can't conclusively clean, we'll recommend a full macOS reinstall. We back up your personal files first, wipe the Mac, reinstall macOS from Apple's recovery, and restore your files. On Apple Silicon Macs, this involves a process called DFU restore for the most thorough cleanup, where we essentially reset the machine to factory state.
6. Verification.Before you pick up the Mac, we use it normally for a while to confirm symptoms are actually resolved. Mac malware sometimes triggers only under specific conditions, so we want to see the machine behaving normally end-to-end, not just "the scanner says it's clean."
7. Pickup and walkthrough.We'll show you what we found and what to avoid. Most reinfections come down to a small handful of habits, and we'll cover those in two minutes.

Apple Silicon vs Intel: Does It Affect the Cleanup?

Mostly no, but a few things differ. The malware itself targets macOS rather than the underlying processor architecture, so adware and hijackers behave the same way on M-series Macs as on Intel Macs. The differences are in the recovery and reinstall processes.

On Intel Macs (especially T2 models), we boot into recovery mode using the standard Command+R or Internet Recovery. We can use macOS Recovery to wipe and reinstall, and the process is well-documented. Older pre-T2 Intel Macs are more flexible: we can boot from external media if needed, which is useful for stubborn cleanups.

On Apple Silicon Macs (M1, M2, M3, M4), the recovery process is different. We hold the power button to access startup options, we can't boot from external installers the same way, and the most thorough reset involves DFU mode and a separate Mac running Apple Configurator. It's a more locked-down recovery, which is great for security but means we need slightly different tooling. We have what we need.

For routine cleanups, meaning the vast majority of Mac infections we see, none of this matters to you. We hand you back a clean Mac. The architecture differences just affect what we do behind the scenes.

Mac Models We Service

Pretty much everything Apple has shipped that's still being used:

• MacBook Air: Apple Silicon (M1, M2, M3) and Intel models going back to the 2013 redesign
• MacBook Pro: Apple Silicon (M1, M1 Pro, M1 Max, M2, M2 Pro, M2 Max, M3, M3 Pro, M3 Max, M4 series), Intel models with and without Touch Bar, and older Retina and pre-Retina models
• MacBook: the 12-inch Retina MacBook from 2015-2017, plus the older white plastic MacBook for customers still using one
• iMac: Apple Silicon 24-inch and Intel models from the 2010s, including the 21.5-inch and 27-inch sizes, the iMac Pro, and earlier white plastic and slot-loading models
• Mac mini: Apple Silicon (M1, M2, M2 Pro, M4) and Intel models
• Mac Studio: M1 Max, M1 Ultra, M2 Max, M2 Ultra, M3 Ultra
• Mac Pro: the 2019 / 2023 cylinder and tower models, plus the older 2008-2012 cheese-grater Mac Pros for customers still using them

If your Mac is old enough that Apple no longer issues security updates for the version of macOS it's running, we'll mention that during the diagnostic. Sometimes the machine can be upgraded to a newer macOS that does still get updates. Sometimes the hardware doesn't support the newer macOS and we'll have an honest conversation about whether it's time to think about replacement. We can also help with picking the right new Mac if you decide that's the right call.

Mac Privacy and Cleanup: What We Do With Your Data

This comes up a lot with Mac customers, especially because Macs tend to have a lot of personal stuff on them: photos, iMessage history, email, Notes, Safari history. Worth being clear about how we handle this.

To clean malware off a Mac, we need to be logged in as you. That means we need your local user password, the one you type when you boot up the Mac or wake it from sleep. We do not need your Apple ID password, your iCloud password, your bank passwords, or any other passwords. We don't ask for them, we don't want them, and we have no use for them.

While we have your Mac, we're focused on diagnosing and removing the problem. We're not browsing your photos, reading your messages, or going through your email. The shop has cameras and the work happens on the open bench, not in some back room. If anything about that makes you uncomfortable, we're happy to walk you through what we're doing or have you log in and unlock things in person rather than sharing your password.

For machines that need a full reinstall, your files come back. We back up your home folder before wiping, and we restore it after the rebuild. We don't selectively look at what's in there. After your Mac leaves the shop, your backup is removed from our systems within a few days.

What to Do Right Now If Your Mac Is Acting Up

If you're reading this on the affected Mac, a few quick things while you wait to bring it in:

Don't enter sensitive information on the machine for now. No banking, no logins to email or social media, no shopping. If the issue is a stealer-type malware, the longer you keep using the Mac, the more it can capture.

If you can, disconnect from Wi-Fi. This stops most malware from communicating with whoever wrote it and prevents anything from spreading to other devices on your network.

Don't pay anything that's demanding payment, and don't call any phone number a pop-up tells you to call. Apple does not pop up phone numbers for you to call. Microsoft (yes, we still see Microsoft scams targeting Mac users) doesn't either.

Don't keep dragging unfamiliar apps to the Trash hoping that fixes it. Most Mac malware leaves components behind that the visible app icon doesn't include, so trashing the obvious app and emptying the Trash often makes the problem harder to clean later because we lose visibility into what was originally there.

If you're worried you entered passwords on the Mac while it was infected, change them from a different device. Your phone is fine. Start with email and Apple ID, then banking. Use a real device, not the suspected Mac.

Then bring the Mac in. We work by appointment only, so call 716-771-2536 first to schedule a drop-off time. Tell us briefly what's happening and we'll set up a slot. We're at 656 North French, Suite 2 in Amherst, easy parking, accessible from the I-290 / Sheridan Drive corridor. Most appointments can be scheduled within a day or two.

How Mac Malware Differs from PC Malware

Worth a brief side-by-side because the differences explain why we approach the two platforms differently. If you've also got a PC that's having issues, we cover the Windows side on our PC virus removal page.

On Macs, almost all the malware we see installs itself with the user's help (the user typed a password and approved it). Drive-by infections (where you visit a website and get infected without doing anything) are rare. On PCs, drive-by infections are still common, especially through unpatched browser plugins, malicious ads, and exploited Office documents.

On Macs, the dominant categories are adware, fake utility apps, and browser hijackers. On PCs, we see the same categories plus a wider range of trojans, ransomware, and rootkits.

On Macs, the cleanup is typically more localized: pulling specific apps, launch items, configuration profiles, and browser extensions. On PCs, deep cleanup often involves the registry, scheduled tasks, services, and Windows Defender exclusions, which gives malware more places to hide.

On Macs, full reinstalls are less common as a percentage of cases. Most Mac infections are clean enough to remove without a full wipe. On PCs, full reinstalls are more often the right call because of how deeply Windows malware can embed itself.

Reading the Activity Monitor: What to Look For

If you're a Mac user comfortable with poking around, Activity Monitor (in Applications > Utilities) can give you clues about whether something suspicious is running. It's not a definitive diagnostic (plenty of legitimate processes have weird names), but it's a starting point.

Open Activity Monitor and click the CPU column header to sort by CPU usage. On a healthy idle Mac, the top processes should be things like WindowServer, kernel_task, mds_stores (Spotlight indexing), and your active applications. If you see a process you don't recognize using significant CPU when you're not actively doing anything, that's worth investigating. Same for the Memory tab and the Network tab. Unexpected network activity from a process you don't recognize is a red flag.

Things malware likes to disguise itself as: random strings of letters and numbers, names that look almost like system processes (mds_storer instead of mds_stores), names of tools that don't normally run continuously (like installers, updaters, or "helper" processes), or names that sound generic and important like "Mac System Service" or "Apple System Helper". Those last two are not real Apple processes.

If you see something suspicious, don't try to force-quit it from Activity Monitor as your only fix. Sometimes that triggers a watchdog that just relaunches it under a new name, and it makes the cleanup harder for us because we lose visibility into the original setup. Take a screenshot or note the name, and bring the Mac in.

Configuration Profiles: The Sneaky Mac Malware Trick

This deserves its own section because it's specific to Mac and surprises a lot of people. Configuration profiles are a feature macOS offers for managing devices, originally meant for businesses and schools to push settings to employee or student Macs. Profiles can change browser settings, install certificates, restrict what users can do, and override defaults.

Mac malware figured this out years ago. Several common Mac browser hijackers install configuration profiles to lock in their changes, so even after you "reset" Safari or remove the malicious app, the profile is still pushing the bad settings back. This is why people will reset Safari five times and the search engine keeps going back to "Bing-Yahoo" or whatever, because there's a profile under the hood that keeps overriding their changes.

You can check for profiles yourself: System Settings > General > Device Management (on newer macOS) or System Preferences > Profiles (older macOS). If you see "Profiles" in the sidebar at all, that's a sign something installed a profile, because home Macs that haven't been managed by a school or workplace don't have any profiles by default. Common malicious profile names include "AdminPrefs," "Search," or random vendor-sounding names you don't recognize.

Removing profiles is straightforward once you know they're there: select the profile and click the minus button. But you'll often need your admin password, and removing the profile while the malware that installed it is still active means it'll just reinstall itself the next time the app runs. The cleanup has to happen in the right order: remove the source app, remove the profile, then reset the affected browser settings. We do this all the time.

Mac DIY Cleanup Traps to Avoid

People bring us Macs all the time where the original infection was minor but the attempted DIY cleanup made it harder to fix. Worth knowing what to skip.

Don't install three different "Mac antivirus" apps to try to clean things up. They conflict with each other, they all want startup access, and several of the most popular ones are themselves the problem we end up removing. If you want to scan something on a Mac, free Malwarebytes for Mac is reasonable for a one-shot scan. Install, scan, uninstall.

Don't pay for anything that pops up demanding payment. There's no legitimate scenario where a security warning on a Mac demands payment to fix the issue. If you've already paid one of these, contact your credit card company immediately. Most of them will dispute the charge as fraudulent.

Don't follow random "remove [malware name] from Mac" guides without understanding what they're asking you to do. Some of the guides are fine. Others are written by the malware vendors themselves, and they'll tell you to "install our cleaner tool" which is just more of the same problem. If you're going to follow a guide, stick to ones from genuinely reputable sources.

Don't run shell commands you found on the internet just because someone said it would fix your problem. Mac terminal commands run with full power, and "rm -rf" plus a wrong path is genuinely catastrophic. Save yourself and bring the Mac in.

Why Choose Us for Mac Repair in the Amherst Area

We do both Mac and PC. That sounds like a basic claim, but a lot of small repair shops only really know one platform well, and you can tell. We work on Macs every day. MacBook Airs from college students at UB, iMacs from families and small businesses, Mac minis used as servers, MacBook Pros from designers and developers. We're familiar with the quirks of each generation, what fails on them, and what malware specifically targets them.

We don't subcontract Mac work to someone else. The work happens here, in our Amherst shop, on our bench. If you have a question while we have your Mac, you call our shop and you get someone who's actually working on it.

We don't oversell. If your Mac doesn't need virus removal, we'll tell you that. If a tuneup or an SSD upgrade or just letting a software update finish would solve the problem, we'll tell you that too. We make money on the work we do, not on the work we sell you.

We're easy to get to. We're on North French in the Amherst area, off the I-290, with parking right at the building. From the UB North Campus area, Williamsville, Tonawanda, Kenmore, or anywhere in North Buffalo it's a short drive. From farther out (Lancaster, Clarence, Hamburg, Orchard Park) it's still doable for a drop-off and pickup.

Service Areas for Mac Virus Removal

Customers regularly drop off Macs from across Western New York:

• Amherst, NY
• Buffalo, NY
• Williamsville, NY
• Tonawanda, NY
• Cheektowaga, NY
• Clarence, NY
• Kenmore, NY
• Lancaster, NY

Frequently Asked Questions

Mac-specific questions we hear at the counter.

• Wait, Macs get viruses now?

  They do, and they have for years. The "Macs don't get viruses" thing was sort of true in the 1990s and early 2000s when Mac market share was tiny, but it stopped being true a long time ago. Apple sells more than 20 million Macs a year now. That's a big enough installed base that attackers absolutely target it.

  What's still mostly true is that Macs get hit with different stuff than PCs. We see way more adware, browser hijackers, and fake "Mac cleaner" apps than we see classic destructive viruses. The macOS security model is genuinely good, Gatekeeper, XProtect, app sandboxing, the T2 chip on Intel Macs, the Apple Silicon security model, all of it makes drive-by infections harder than on Windows. But malware that tricks the user into installing it themselves still works fine, because no security model can stop you from typing your password and saying yes.

• Do you take Mac drop-offs without an appointment?

  We work by appointment only, so please call 716-771-2536 first to schedule. We do this so every Mac that comes in gets real attention rather than getting buried in a queue. Tell us briefly what's going on with the Mac and we'll book a drop-off time, usually within a day or two. The drop-off itself takes about 10 to 15 minutes. We go over what's been happening, take down your contact info and the machine, and give you a realistic timeline.

• I keep seeing a "your Mac is infected" pop-up. Is it real?

  No. Apple does not show you pop-ups telling you your Mac is infected. Apple does not call you. The pop-ups telling you to call a phone number, or download "Mac Defender" or "Mac Security," or pay to clean your machine. Those are scams, and the pop-up itself is what needs to be removed. It's usually coming from a malicious browser extension or a hijacked browser shortcut. Quick fix once we know what we're dealing with.

  The legitimate built-in protection on macOS is silent. XProtect runs in the background and does its job without bothering you. If your Mac is genuinely showing you a security warning from Apple, it looks like a normal system dialog, not a flashy full-screen ad with a phone number.

• Should I install antivirus software on my Mac?

  For most home users, no. macOS has solid built-in protection. XProtect, Gatekeeper, app notarization, and the System Integrity Protection model all work together without you doing anything. Adding third-party antivirus on top of that often causes more problems than it solves: false positives, slowdowns, fans spinning up, and battery drain on laptops. The biggest "Mac antivirus" brands are also some of the apps that nag you the most aggressively.

  The exceptions: if you regularly handle Windows files for work and want to scan them before passing them on, or if you're running a small business with compliance requirements, a lightweight reputable scanner can make sense. We'll tell you honestly if your situation is one of those.

• How do I get MacKeeper off my Mac?

  This is one of the most common things we deal with, and it's harder than it looks because MacKeeper installs in multiple places. It puts files in /Library, /Library/LaunchAgents, /Library/LaunchDaemons, /Library/Application Support, the user's ~/Library tree, login items, and sometimes browser extensions. Just dragging the app to the Trash leaves all of that behind, which is why people think they removed it but the pop-ups keep coming.

  Bring the Mac in and we'll fully remove it, every component, and verify it's actually gone. Same goes for the various clones. "Advanced Mac Cleaner," "Mac Auto Fixer," "Mac Adware Cleaner," and similar apps that all behave the same way.

• My Mac has a "Search Marquis" or "Search Baron" hijacker. Can you remove it?

  Yes. These are two of the most common Mac browser hijackers we see. They redirect Safari (and sometimes Chrome and Firefox) through their own search pages so they can profit from ads. They're sticky because they install configuration profiles that override your search engine settings even after you reset them. Removing the hijacker means removing the configuration profile, the launch agents, the browser extensions, and any associated apps. We do this every week.

• Are MacBooks with Apple Silicon (M1, M2, M3, M4) safer than Intel Macs?

  Yes, marginally. Apple Silicon Macs have a tighter security model than older Intel Macs, the boot process is locked down harder, kernel extensions are more restricted, and the sandboxing is stronger. But it's a difference of degree, not kind. Apple Silicon Macs still get adware, still get fake Mac cleaners, still get phishing-related issues. The main thing Apple Silicon protects against is low-level rootkits and bootkits, which were already rare on Macs.

  The Intel Macs with the T2 security chip (2018 onward) are also pretty hardened, the T2 handles the secure boot and storage encryption similarly to Apple Silicon. Older Intel Macs without T2 are technically more exposed, but in practice the malware ecosystem doesn't target them differently.

• What about my files? FileVault is enabled. Does that affect the cleanup?

  FileVault is full-disk encryption. It protects your data if someone steals the Mac, but it doesn't affect malware cleanup once you're logged in, at that point macOS has decrypted the disk and your files are accessible normally. We can clean an infected FileVault-enabled Mac just like any other.

  The one wrinkle is that we need either your password or for you to be present to unlock the disk. We don't want or need your iCloud password, your bank passwords, or anything else, just the local user password to log into the Mac. If you're uncomfortable sharing it, you can come in and unlock it for us.

• I downloaded a "free" version of Final Cut Pro / Logic / Photoshop and now my Mac is acting weird. Now what?

  Cracked software is one of the top sources of Mac malware. Real talk: the people who crack expensive professional software and put it on torrent sites are often doing it specifically to bundle malware. Some of the worst Mac malware in recent years, including some serious ones, has spread this way.

  Bring the machine in. We'll need to remove the cracked app, hunt down whatever else came along with it, and check whether anything captured passwords or banking info while it was active. Don't use the machine for anything sensitive until we've cleaned it. And the obvious advice: if you need that software, buy it, or use the legitimate free alternatives. Adobe alone offers a free trial. Apple's GarageBand is free and does most of what hobbyists need from Logic.

• Can ransomware hit a Mac?

  It can, but it's much rarer than on Windows. There have been a handful of real Mac ransomware families over the years, and we have seen Macs come in with ransomware. But the realistic threat for most Mac users is adware and scareware, not file-encrypting ransomware.

  That said: if your important files are only on your Mac with no backup, you should still set up a backup. We can help with that. Time Machine to an external drive is the simplest setup, and we also configure cloud backups for people who want offsite protection.

• Do you service older Macs running older macOS versions?

  Yes. We work on Macs going back many years. Older Macs running older versions of macOS (Mojave, High Sierra, sometimes earlier) are actually somewhat more vulnerable because Apple has stopped releasing security updates for them. We'll clean malware off an older Mac the same way we would a current one, and if security updates have ended for your version, we'll have an honest conversation about whether the machine can be upgraded to a newer macOS or whether it's time to think about replacement.

• How long does Mac virus removal take?

  Most cases are 24 to 48 hours from drop-off. Most Mac infections we see, adware, browser hijackers, MacKeeper-style apps, are actually faster to clean than the equivalent PC infections, because there are fewer hiding places on macOS. The longer end of that range is for situations where we need to do a full reinstall of macOS, which involves backing up your files, reinstalling the OS, and putting your data back.

• How much does Mac virus removal cost?

  Quoted after diagnostic, like everything else we do. The diagnostic is free. Once we know whether you've got a quick adware cleanup, a sticky hijacker, or something requiring a full macOS reinstall, we'll give you a real number before any work happens. Call 716-771-2536 or request a quote.