“Navlibx (helperamc / helpermcp / hlpradc / spchplr…) will damage your computer” – remove Maftask Mac virus

Remove Maftask Mac virus to prevent annoying popup alerts from interrupting your computer usage and get rid of affiliated dangerous scareware for good.

1. What is “… will damage your computer. You should move it to the Trash/Bin” popup in MacOS?
2. Remove Maftask virus from Mac manually
3. Restore web browser settings to their original defaults
4. Remove “Navlibx/helperamc/helpermcp/hlpradc/spchplr will damage your computer” virus from Mac using a security suite

What is “… will damage your computer. You should move it to the Trash/Bin” popup in MacOS?

Maftask, also referred to as Maf-Task, is a malicious Mac process that impacts a host computer in a number of ways. The most conspicuous symptom is obnoxious popup activity, where the victims encounter numerous alerts generated both by the virus proper and by the operating system. This issue saw a sharp increase with the upgrade to macOS Catalina 10.15 rolled out globally in October 2019. Whereas the Maftask process could stay idle on older versions of Apple’s software platform, the new build, evidently, comes with enhanced security features and has started giving users a heads-up about the presence of the infection that used to run silently in the background. The telltale sign of this particular scenario is an influx of popup notifications saying, “Navlibx (helperamc/helpermcp/hlpradc/spchplr) will damage your computer. You should move it to the Bin/Trash.” This predicament wouldn’t be nearly as troublesome if the “Move to Bin” button actually did what it says. Clicking it doesn’t remove the culprit, though.

The fact that the latest macOS edition (Catalina 10.15) is flagging Maftask as a malicious application isn’t the only concern about it. Moreover, this is more of a benign turn of events that indicates an improved capacity of the system to detect harmful entities, except that the affected users are still unable to delete the pest in a regular way. That being said, the profile of this process turns out to be much shadier than the warning messages from the system. It is an executable used by Mac Auto Fixer, an infamous rogue utility that splashed onto the cybercrime scene last year. Notice the initial acronym part of Maftask name – these three characters alone give a discernible clue regarding the ties between the two.

This scareware can infiltrate Mac computers in a few ways. The most common attack vector relies on software installers that claim to streamline the setup of a harmless program, only to smokescreen more applications arriving in the same bundle. The Mac Auto Fixer junk is typically one of these extra items kept from one’s sight. Another trespass technique involves bogus Adobe Flash Player update notifications shown on malicious or hacked sites as the to-be victim is surfing the web.

As soon as the undercover installation has been completed, Mac Auto Fixer takes root on the machine by meddling with the Login Items to make sure the Maftask process is executed at boot time and continues to run throughout all computing sessions. It additionally adds an entry named com.techyutil.maftask.plist to the LaunchAgents folder for more persistence. The predatory code manifests itself through fake system scans that produce exaggerated risk reports. Among other things, the nasty app purports to find unused and duplicate files that take up a lot of disk space, as well as memory issues and unwanted software. To top it all off, the culprit is likely to skew the web browsing settings so that the prey’s default browser (Safari, Chrome, or Firefox) is redirected to misleading sites that say the visiting machine is severely infected. Obviously, trusting these scan results and follow-up notifications is risky business, because in that case you run the risk of adhering to the malware’s fairly persuasive recommendations that come down to a license purchase. This is what the whole gist of the scareware hoax is about.

Maftask is often accompanied by additional threats that could have penetrated into the system in a single bundle. Co-promotion of malware via the same contagion source is a widespread phenomenon, which explains why many Maftask virus victims discover their Macs being plagued with concomitant baddies. Most of the affiliated objects are adware and phony system cleaners. We have compiled a list of these dodgy processes that may be running on a computer alongside the core binary:

• APMHelper
• CellularService
• EasyConverter-955179
• FocusReportingService
• freeForm-959837
• helper
• helperamc
• helpermcp
• hiprade
• hlpradc
• hlprmcp
• macalive
• MapsAndDirections-1668307
• mchlpr
• mohlp
• nspchlpr
• navlibx
• ProntoApp
• smbstrhlpr
• source.app.
• spchlpr
• sspchlpr
• tonictasks
• ummhlpr
• update
• WebSocketServerApp

The victims may be unaware of these dubious processes lurking inside their Macs until they upgrade to macOS Catalina. As is the case with Maftask, they mostly come to the fore in the aftermath of the heavy alerting routine invoked by the new operating system version. The uniform pattern of the warning messages is as follows: “{malicious executable} will damage your computer. You should move it to the Trash.” Since a target Mac’s native software uninstall mechanism doesn’t appear to work in this situation, the victims have to think outside the box and leverage a specially crafted Mac virus removal procedure. Peruse and follow the steps below to handle the Maftask issue and attendant Mac threats.

Remove Maftask virus from Mac manually

If you are okay with manual troubleshooting, use the following steps to uninstall the Maftask rogue app from your Mac. Be advised the persistence mechanisms employed by the infection may prevent this technique from being ultimately effective. One way or another, here’s the workflow:

• Open the Utilities directory under the Go menu in your Mac’s Finder.

• When on the Utilities pane, select Activity Monitor (the Mac equivalent of Task Manager).

• Once the Activity Monitor screen appears, check the list of running processes for an item you don’t recognize. Highlight that entry and click on the Quit Process option (button with the X symbol on it). The system will respond to this action with a confirmation dialog, where you should select Force Quit.

• Now go back to your desktop, expand the Go menu and pick Applications in the drop-down.

• Spot the suspicious entry under Applications, right-click it, and select the Move to Trash option. Your Mac may request your administrator password at this point – enter it if that’s the case.

• Next, go to the Apple menu and choose System Preferences in the drop-down as shown below.

• Proceed to Users & Groups and select Login Items. Your Mac will display the list of apps that are executed automatically at boot time. Find the unwanted entry on that list and click on the “-” (minus) button down at the bottom.

• While on the System Preferences screen, select Profiles. Spot the suspicious configuration profile and click the “-” (minus) button.

• Move on to the Go drop-down menu in the Finder and click the Go to Folder option.

• When the folder search box appears, enter the following path in it: ~/Library/LaunchAgents and click Go.

• Having accessed the LaunchAgents folder, look for suspicious items in it and, if found, send them all to the Trash.

• Follow the same logic to browse to folders named /Library/LaunchAgents (no tilde prepended), /Library/LaunchDaemons, and ~Library/Application Support. Look for potentially unwanted objects and send them to the Trash once spotted.

When done with the manual process of Maftask removal, take your time and check if the virus has vanished from your Mac. If it continues to cause browser redirects, move on to the following section of this tutorial.

Restore web browser settings to their original defaults

In the circumstances of a complex browser hijack like this, executing a reset makes the most sense despite a few obvious downsides. Customizations such as saved passwords, bookmarked pages etc. will be gone, but so will all the changes made by the potentially unwanted program. The instructions below address the workflow for the web browsers most targeted by the Maftask Mac virus.

Clean up Safari

• Go to the Safari menu and select Preferences.

• When on the Safari Preferences screen, select the Privacy tab and hit the Manage Website Data button if you are up to erasing all website data stored on your Mac (this is recommended in the SearchMarquis hijack situation).

• A dialog will appear, asking you to validate your choice. Click the Remove All button if you are sure. Be advised that this will log you out of online services and undo personalized web browser settings such as saved passwords, etc.

• With Safari opened, click Develop in the Finder bar and select Empty Caches.

• Expand the History menu in the Finder area and click Clear History at the bottom of the list.

• Keep the all history option selected (it’s the default one) and click Clear History.

• Restart Safari.

Reset Google Chrome

• Click Customize and control Google Chrome (⁝) in the upper right-hand part of the window and select Settings. Another way is to type chrome://settings in the URL bar and press Enter.

• Move on to the Advanced area under Settings.

• Find the Reset settings subsection and click the Restore settings to their original defaults link within it.

• The browser will display a popup dialog asking if you are sure you want to restore settings to their original defaults. Confirm by clicking Reset settings.

• Restart Chrome.

Reset Mozilla Firefox

• Open Firefox, type about:support in the URL area and press Enter. Alternatively, you can go to Help - Troubleshooting Information

• Click on the Refresh Firefox button and confirm the changes.

• Restart Firefox.

Remove "Navlibx/helperamc/helpermcp/hlpradc/spchplr will damage your computer" virus from Mac using a security suite

The most effective way to curb increasingly sneaky and persistent Mac threats is to use trusted security software. The award-winning Intego Mac Premium Bundle X9 is one of the best options across the anti-malware spectrum.

Its VirusBarrier component boasts a high detection rate and an outstanding cleaning capability. Additionally, the product comes packed with online security, optimization, and data backup features. Follow the steps below to use this sure-shot removal method.

1. Download Intego Mac Premium Bundle X9 installer and run it. The setup client’s prompts will walk you through the installation.

Download Maftask virus removal tool

2. Open Launchpad from your Dock and select the just-added VirusBarrier app.

3. Click the Full Scan button to have your Mac checked for security issues.

4. The first full scan may take 10 minutes or more, depending on the size of your disk. VirusBarrier will keep you informed about the number of files it has already checked.

5. When the scan is through, the app will display a report that provides a summary of the detected malicious items and the total number of files checked. Click Select All and then Quarantine to move the threats to an isolated environment so that they can no longer harm your system.

6. Click the Quarantine tab in the upper toolbar and examine the files listed there. If you are sure all of them are malicious (which is most likely the case), click Repair All to completely eradicate these items from your Mac.

FAQ

5/5 (2)