Home Guides Mac Viruses “Navlibx (helperamc / helpermcp / hlpradc / spchplr…) will damage your computer” – remove Maftask Mac virus

“Navlibx (helperamc / helpermcp / hlpradc / spchplr…) will damage your computer” – remove Maftask Mac virus

7 min read
0
1,377
Remove Maftask Mac virus to prevent annoying popup alerts from interrupting your computer usage and get rid of affiliated dangerous scareware for good.

What is “… will damage your computer. You should move it to the Trash/Bin” popup in MacOS?

Maftask, also referred to as Maf-Task, is a malicious Mac process that impacts a host computer in a number of ways. The most conspicuous symptom is obnoxious popup activity, where the victims encounter numerous alerts generated both by the virus proper and by the operating system. This issue saw a sharp increase with the upgrade to macOS Catalina 10.15 rolled out globally in October 2019. Whereas the Maftask process could stay idle on older versions of Apple’s software platform, the new build, evidently, comes with enhanced security features and has started giving users a heads-up about the presence of the infection that used to run silently in the background. The telltale sign of this particular scenario is an influx of popup notifications saying, “Navlibx (helperamc/helpermcp/hlpradc/spchplr) will damage your computer. You should move it to the Bin/Trash.” This predicament wouldn’t be nearly as troublesome if the “Move to Bin” button actually did what it says. Clicking it doesn’t remove the culprit, though.

Maftask process running on malware-tainted Mac
Maftask process running on malware-tainted Mac

The fact that the latest macOS edition (Catalina 10.15) is flagging Maftask as a malicious application isn’t the only concern about it. Moreover, this is more of a benign turn of events that indicates an improved capacity of the system to detect harmful entities, except that the affected users are still unable to delete the pest in a regular way. That being said, the profile of this process turns out to be much shadier than the warning messages from the system. It is an executable used by Mac Auto Fixer, an infamous rogue utility that splashed onto the cybercrime scene last year. Notice the initial acronym part of Maftask name – these three characters alone give a discernible clue regarding the ties between the two.

This scareware can infiltrate Mac computers in a few ways. The most common attack vector relies on software installers that claim to streamline the setup of a harmless program, only to smokescreen more applications arriving in the same bundle. The Mac Auto Fixer junk is typically one of these extra items kept from one’s sight. Another trespass technique involves bogus Adobe Flash Player update notifications shown on malicious or hacked sites as the to-be victim is surfing the web.

GUI of Mac Auto Fixer, the scareware running Maftask process
GUI of Mac Auto Fixer, the scareware running Maftask process

As soon as the undercover installation has been completed, Mac Auto Fixer takes root on the machine by meddling with the Login Items to make sure the Maftask process is executed at boot time and continues to run throughout all computing sessions. It additionally adds an entry named com.techyutil.maftask.plist to the LaunchAgents folder for more persistence. The predatory code manifests itself through fake system scans that produce exaggerated risk reports. Among other things, the nasty app purports to find unused and duplicate files that take up a lot of disk space, as well as memory issues and unwanted software. To top it all off, the culprit is likely to skew the web browsing settings so that the prey’s default browser (Safari, Chrome, or Firefox) is redirected to misleading sites that say the visiting machine is severely infected. Obviously, trusting these scan results and follow-up notifications is risky business, because in that case you run the risk of adhering to the malware’s fairly persuasive recommendations that come down to a license purchase. This is what the whole gist of the scareware hoax is about.

Maftask is often accompanied by additional threats that could have penetrated into the system in a single bundle. Co-promotion of malware via the same contagion source is a widespread phenomenon, which explains why many Maftask virus victims discover their Macs being plagued with concomitant baddies. Most of the affiliated objects are adware and phony system cleaners. We have compiled a list of these dodgy processes that may be running on a computer alongside the core binary:

  • APMHelper
  • CellularService
  • EasyConverter-955179
  • FocusReportingService
  • freeForm-959837
  • helper
  • helperamc
  • helpermcp
  • hiprade
  • hlpradc
  • hlprmcp
  • macalive
  • MapsAndDirections-1668307
  • mchlpr
  • mohlp
  • nspchlpr
  • navlibx
  • ProntoApp
  • smbstrhlpr
  • source.app.
  • spchlpr
  • sspchlpr
  • tonictasks
  • ummhlpr
  • update
  • WebSocketServerApp
Mac alert saying a malicious process will damage your computer
Mac alert saying a malicious process will damage your computer

The victims may be unaware of these dubious processes lurking inside their Macs until they upgrade to macOS Catalina. As is the case with Maftask, they mostly come to the fore in the aftermath of the heavy alerting routine invoked by the new operating system version. The uniform pattern of the warning messages is as follows: “{malicious executable} will damage your computer. You should move it to the Trash.” Since a target Mac’s native software uninstall mechanism doesn’t appear to work in this situation, the victims have to think outside the box and leverage a specially crafted Mac virus removal procedure. Peruse and follow the steps below to handle the Maftask issue and attendant Mac threats.

Remove Maftask virus from Mac manually

If you are okay with manual troubleshooting, use the following steps to uninstall the Maftask rogue app from your Mac. Be advised the persistence mechanisms employed by the infection may prevent this technique from being ultimately effective. One way or another, here’s the workflow:

• Open the Utilities directory under the Go menu in Apple Finder

Go to Utilities on Mac

• When on the Utilities pane, select Activity Monitor (the Mac equivalent of Task Manager)
Open Activity Monitor

• Once the Activity Monitor screen appears, look for Maftask or Maf-Task on the list of running processes. Highlight that entry and click on the Quit Process option. The system will respond to this action with a confirmation dialog, where you should select Force Quit
Quit malicious process

• Now go back to your desktop, expand the Go menu and pick Applications in the drop-down
Pick Applications in the drop-down

• Spot Maftask (or Maf-Task) under Applications, highlight it and select the Move to Trash option. Your Mac may request your administrator password at this point – enter it if that’s the case. Empty the Trash when done
Applications list in Mac

• Next, go to Apple Menu and choose System Preferences in the drop-down as shown below
Go to System Preferences

• Proceed to Accounts and select Login Items. Your Mac will display the list of apps that are executed automatically at boot time. Find Maftask or Mac Auto Fixer on that list and click on the “-” (minus) button down at the bottom
Delete app from login items

• Move on to the Go drop-down menu in Apple Finder and click on the Go to Folder option

• When the folder search box appears, enter the following path in it: /Library/LaunchAgents
Go to /Library/LaunchAgents

• Having accessed the LaunchAgents folder, look for the following items in it and, if found, send them all to the Trash:

  • com.techyutil.maftask.plist
  • com.techyutil.mafuninstaller.plist

• Now, leverage the Go to Folder function to navigate to the ~/Library/LaunchAgents directory. Again, look for the objects listed above and delete all the matches you find.

• Follow the same logic to browse to a folder named ~Library/Application Support. Look for the following items in it and send them to the Trash once spotted:

  • Mac Auto Fixer
  • maf

When done with the manual process of Maftask removal, take some time and check if the virus has vanished from your Mac. If it continues to cause browser redirects, move on to the following section of this tutorial.

Restore web browser settings to their original defaults

In the circumstances of a complex browser hijack like this, executing a reset makes the most sense despite a few obvious downsides. Customizations such as saved passwords, bookmarked pages etc. will be gone, but so will all the changes made by the potentially unwanted program. The instructions below address the workflow for the web browsers most targeted by the Maftask virus.

Reset Safari

• Go to the Safari menu and select Preferences
Go to Safari Preferences
• When on the Preferences screen, select the Privacy tab and hit the Remove All Website Data button if you are up to erasing all website data stored on your Mac. Otherwise, you can use a site-specific removal option described below
Remove All Website Data button
• A dialog will appear, asking you to validate your choice. Click the Remove Now button if you are sure. Be advised this will log you out of online services and undo personalized web browser settings such as saved passwords, etc.
Confirm website data removal
• Safari also allows deleting data for specific sites rather than all sites in general. To use this option, click the Details button under Privacy tab
Details button under Privacy tab
• Select the websites for which you would like to erase data and click the Remove button
Removing data for selected sites in Safari
• Click the Done button to confirm and exit. You can also select the Remove All option to remove all data stored by the listed websites.

Reset Google Chrome

• Open Chrome, type chrome://settings in the URL bar and press Enter. Another way is to click More () in the right-hand upper part of the window and select Settings
• Move on to the Advanced area under Settings
• Find the Reset settings subsection and click the Reset settings button within itGoogle Chrome reset on Mac• The browser will display a popup dialog asking if you are sure you want to restore settings to their original defaults. Confirm and restart Chrome

Reset Mozilla Firefox

• Open Firefox, type about:support in the URL area and press Enter. Alternatively, you can go to HelpTroubleshooting Information

• Click on the Refresh Firefox button as shown below
Mozilla Firefox reset on Mac

Remove “Navlibx/helperamc/helpermcp/hlpradc/spchplr will damage your computer” virus from Mac using a security suite

The use of automatic security software to identify and delete Mac malware reduces human error and ensures that the stealthiest fragment of the culprit is spotted and terminated.

1. Download and install MacBooster. This tool combines antimalware and performance enhancement features for Mac. Launch the app and hit the Scan button on the System Status pane. The utility will scour your computer for memory issues and malware, including Maftask, and will shortly report all the detected issues. Once the scan results are ready, click Fix to eliminate the threats

Download Maftask virus remover

MacBooster main pane
2. To go all the way in Maftask removal, additionally select the Uninstaller module. It reflects all applications running on your Mac in a single list and allows you to reset or get rid of the unnecessary ones in a few clicks. Simply locate Maftask or Mac Auto Fixer if it’s still there, put a checkmark next to it and click Complete Remove at the top
MacBooster’s Uninstaller module

You’re now done with Maftask removal from your Mac computer. Last but not least, be sure to exercise some extra caution with suspicious application installs further on.

FAQ

How do I clear my Activity Monitor?

How do I clear my Activity Monitor?

Activity Monitor is the gateway to all the processes currently running on your Mac. It is a one-stop tool allowing you to administer these executables and keep tabs on your CPU, disk, memory, energy, and network usage status.

For instance, if you notice your machine performing slower than usual, then Activity Monitor is the right instrument to explore which application is consuming an anomalous amount of memory. Furthermore, you can use it to quit the misbehaving process in a few clicks.

Just like regular processes, Mac malware binaries will also show up in your Activity Monitor, which is good news because you can terminate them before performing a thorough system cleanup to remove the culprits. This is a great way to prevent viruses from tampering with the fix. However, it is strongly recommended to exercise caution when clearing your Activity Monitor otherwise you may cause serious system malfunctions.

First of all, take a look at the ‘User’ column. A vast majority of system-critical processes have an underscore preceding their owner’s name (e.g., _netbios, _appleevents, _dock). As a general rule, you should refrain from quitting these entries.

If there is an icon next to a process name, this item is typically safe to terminate as it most likely denotes a third-party app you installed. If it’s benign and you need it, then simply re-launching it manually afterward shouldn’t be a problem, plus many of these entities will be automatically up and running as soon as you reboot your Mac. The most hassle-free scenario, though, is if you know the exact process name you need to close. If you are sure a specific item is malicious, then you can safely kill it using Activity Monitor.

How do you force quit on Maftask?

How do you force quit on Maftask?

Maftask is a process you should definitely close once spotted. Moreover, doing so is essential to a successful removal of the respective scareware called Mac Auto Fixer. Unless you terminate Maftask executable from the get-go, the cleaning procedure may not pan out because the process will keep re-enabling the infection’s components.

Fortunately, it’s easy to stop this malicious binary on Mac. Here’s what you need to do:

  • Go to the Finder, click ‘Utilities’, and select ‘Activity Monitor’
  • Click the header of the ‘Process Name’ column to sort the executables alphabetically – this will help you quickly find the pest
  • Locate ‘maftask’ on the list, select it, and click the ‘Quit Process’ button in the top part of the Activity Monitor window
  • Confirm by clicking ‘Force Quit’ on a dialog box that will appear.

What is Hlprmcp?

What is Hlprmcp?

Hlprmcp is a process name associated with a malicious app called Mac Cleanup Pro. If this rogue utility hits a Mac computer, it configures the host system to launch the Hlprmcp binary at boot time as part of the normal login routine. Therefore, the executable is displayed in an infected Mac’s Activity Monitor, posing as one of the symptoms of the Mac Cleanup Pro attack. A recent adverse effect related to the activity of this harmful code is the emergence of popup alerts that say, “Hlprmcp will damage your computer. You should move it to the Trash”.

Additional signals of the incursion include deceptive Mac scan reports that try to hoodwink the victim into thinking their computer is full of junk files and privacy issues. To take care of these dummy problems, the scareware instructs the user to buy its full version. If you discover the Hlprmcp process running on your Mac, be sure to close it and then proceed with eradicating the rest of the fake application’s components.

What is hlpradc?

What is hlpradc?

If a process named hlpradc is running on a Mac computer, it is a telltale sign of a pseudo antimalware application called Mac Ads Cleaner being on board. The goal of this infection is to make the victim think that their system has a slew of security issues and badly needs a cleanup. Predictably enough, this is a way to fool Mac users into paying a fee to register the “fully-functional” edition of the worthless program.

As of October 2019, the macOS Catalina update has resulted in extra inundation of the affected users’ experience with popup notifications that go, “hlpradc will damage your computer”. Although this is a commendable security measure that has evidently been added to the new build of the operating system, the recurrent warning messages won’t vanish until the scareware is completely uninstalled. On a side note, this particular problem often co-occurs with the Maftask virus raid. This fact demonstrates that cybercrooks tend to focus on distributing multiple malicious apps in the same sketchy bundle.

What is Spchlpr?

What is Spchlpr?

Spchlpr is a harmful process dropped and triggered on Mac computers by a phony system optimizer called Similar Photo Cleaner. As the name suggests, the infection pretends to scan a Mac for duplicate or nearly identical images. Whereas the alleged objective is to free up disk space by deleting such graphical clones, the actual motivation of the app’s authors is to manipulate victims into coughing up money for the service they don’t need. On top of that, the Similar Photo Cleaner virus infiltrates Macs without the admins’ awareness and consent.

A common symptom of this onslaught revolves around popup warnings from macOS Catalina saying, “Spchlpr will damage your computer”. It’s worth mentioning that the earlier versions of the operating system didn’t generate such reports. It probably means that the macOS upgrade to version 10.15 has introduced a new logic of flagging unwanted code. However, there is still a stumbling block to dodge: those infected cannot get rid of Spchlpr virus easily. If this executable is found on the processes list in your Activity Monitor, don’t hesitate to force quit it. This will allow you to remove the core scareware without being impeded.

Rate article

5/5 (1)

Leave a Reply

Your email address will not be published. Required fields are marked *