0

I have been recently checking my Mac for viruses. Doing so, I found the imklaunchagent process. I Googled the process and found out it is indeed a virus, or a malware. When I try to quit this process using the kill command in the terminal, it copies itself, thus changing its PID. What can I do to completely remove this malware? Here is what I have tried to do to remove this malware in the terminal.

Here is what I have tried to do to remove this malware in the terminal.

Tetsujin
  • 47,296
  • 8
  • 108
  • 135
Kotetsu Chan
  • 11
  • 4
  • Does this answer your question? [How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC?](https://superuser.com/questions/100360/how-can-i-remove-malicious-spyware-malware-adware-viruses-trojans-or-rootkit) – Moab Aug 18 '20 at 14:27
  • Back up your data and clean install the Operating system – Moab Aug 18 '20 at 14:27
  • I don't use PC, I am a mac user. – Kotetsu Chan Aug 18 '20 at 14:27
  • @Moab, I can't backup my data using time machine because I forgot my account's administrator password. – Kotetsu Chan Aug 18 '20 at 14:31
  • copy and paste critical data to a usb drive, then reinstall. I know its a pain but may be the only solution if no one has a solution to removal. – Moab Aug 18 '20 at 14:33
  • What makes you think it's malicious? It's a standard macOS process. If you ever google a process name & all you get are 'malware removal sites trying to sell you something'… think twice about why. If the threat was real, the make-a-quick-buck sites would be far far down the list, well below real issues. – Tetsujin Aug 18 '20 at 16:37

1 Answers1

3

Frame challenge.

It's not malware, it's a standard macOS process.
[Note to commenters… you also fell for it rather than did any research.]

It's a standard macOS process.
If you ever google a process name & all you get are 'malware removal sites trying to sell you something'… think twice about why.
If the threat was real, the make-a-quick-buck sites would be far far down the list, well below real issues faced by real people.

The process is inside a protected area, in the System folder on the System partition. You'd have to try very, very hard to overwrite it with a malicious component - including rebooting to Recovery & manually disabling SIP.
macOS simply will not let a random process anywhere near that area, even with admin permission.

It does make me wonder how the OP's opening statement - "I have been recently checking my Mac for viruses." was done.
Poking in Activity Monitor trying to understand what those hundreds of processes do is not a good use of your time.
Instead, either trust Apple's built-in anti-malware structures - which are pretty darn good these days - or invest in an actual recognised name, paid anti-malware suite [though it must be noted that their predominant function is to catch Windows malware & prevent its spread to Windows machines.]

Tetsujin
  • 47,296
  • 8
  • 108
  • 135