Ssl.plist Virus (Mac)

Also Known As: ssl.plist cryptominer
Type: Mac Virus
Distribution: Low
Damage level: Severe

How to remove ssl.plist from Mac?

What is ssl.plist?

The ssl.plist virus stealthily misuses system resources to mine Monero cryptocurrency without permission. Research shows that many ssl.plist infections were detected in China. This malware typically infiltrates systems without users' consent, and its presence leads to a significant reduction in overall system performance. Note that the name of this virus contains 'SSL', however, SSL is a cryptographic protocol that provides communications security over a computer network. It is essentially used for secure data transfer and has nothing to do with cryptomining. Criminals simply use this name to give the impression of legitimacy.

ssl.plist scam

Cryptomining uses computer resources to solve mathematical problems. For each problem solved, the miner receives a reward - a fraction of a cryptocurrency coin. The more powerful hardware you have, the more revenue you generate. Therefore, cryptomining can be very costly in terms of computer hardware. To avoid this expense, cyber criminals started releasing various cryptocurrency-mining viruses, including ssl.plist. These viruses stealthily infiltrate systems and mine cryptocurrency without users' consent. Using a home PC to mine cryptocurrency is not viable, since the cost of electricity consumed is higher than any revenue generated, however, since cyber criminals infect thousands of computers and employ them remotely, they need not incur these costs. Cryptocurrency mining may take up to 100% of system resources - the system becomes unstable, virtually unusable, barely responds and might crash. Furthermore, hardware running at its fullest capacity generates excessive heat. Within certain circumstances (high room temperatures, bad cooling systems, etc.) it might overheat. Therefore, cryptomining can damage hardware. The presence of ssl.plist can be determined by finding the "ssl.plist" process in Activity Monitor, and also by observing the system CPU being used to full capacity when the computer is not running other resource-intensive programs.

ssl.plist is very similar to Mac Cryptominer, XMR Miner, and a number of other crypto-mining viruses. Some of these rogue apps claim to be legitimate software, whilst others infiltrate systems without users' consent. The result, however, is identical - computer performance is affected, and the system might crash and/or overheat. Therefore, eliminate ssl.plist and other malicious cryptominers immediately.

How did potentially unwanted applications install on my computer?

Research shows that ssl.plist is mostly distributed using a deceptive marketing method called "bundling". This virus is embedded within installers of various dubious applications. The installer extracts a malicious file (stored in "~/Library/"), which is presented as a PNG image. It also extracts two Mac OS X Property List files: "com.apple.Yahoo.plist" and "com.apple.Google.plist", both stored in the "~/Library/LaunchAgents/" directory. These files are executed in sequence. They connect to a remote server and download malicious files necessary to mine cryptocurrency. Note that, as with ssl.plist, extracted files also contain familiar names (Google, Yahoo, etc.), which are merely a disguise.

How to avoid installation of potentially unwanted applications?

To prevent this situation, be very cautious when browsing the Internet and downloading installing software. Carefully analyze all email attachments received. Files that seem irrelevant and those received from suspicious/unrecognizable email sources should never be opened. Furthermore, download software from official sources only, using direct download links. Third party downloaders/installers often include rogue apps, and thus these tools should not be used. The same applies to software updates. Keep installed applications up to date. To achieve this, however, use implemented features or tools provided by the official developer only. Having a reputable anti-virus/anti-spyware suite installed and running is also paramount. The main reasons for computer infections are poor knowledge and careless behavior. The key to safety is caution. If your computer is already infected with PUAs, we recommend running a scan with Spyhunter for Windows to automatically eliminate them.

CPU usage during the mining process:

Usage of computer CPU during the mining process

IMPORTANT NOTE! If you want to remove ssl.plist manually, you must first delete the following files:

"~/Library/Safari" directory:

  • ssl.plist
  • pools.txt
  • cpu.txt
  • config.txt

"~/Library/Safari/openssl/lib/" directory:

  • Libcrypto.1.0.0.dylib
  • Libssl.1.0.0.dylib

You must also delete the files extracted by malicious installers.

You can avoid this manual task by using Combo Cleaner anti-virus suite, which will delete all malicious files automatically.

Instant automatic removal of ssl.plist cryptominer: Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Spyhunter is a professional automatic malware removal tool that is recommended to get rid of ssl.plist cryptominer. Download it by clicking the button below:
▼ DOWNLOAD Spyhunter By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. Free scanner checks if your computer is infected. To remove malware, you have to purchase the full version of Spyhunter.

Quick menu:

Video showing how to remove adware and browser hijackers from a Mac computer:

Potentially unwanted applications removal:

Remove potentially unwanted applications from your "Applications" folder:

mac adware removal from applications folder

Click the Finder icon. In the Finder window, select “Applications”. In the applications folder, look for “MPlayerX”,“NicePlayer”, or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.

Remove ssl.plist cryptominer related files and folders:

Finder go to folder command

Click the Finder icon, from the menu bar. Choose Go, and click Go to Folder...

step1Check for adware-generated files in the /Library/LaunchAgents folder:

removing adware from launch agents folder step 1

In the Go to Folder... bar, type: /Library/LaunchAgents

removing adware from launch agents folder step 2
In the “LaunchAgents” folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - “installmac.AppRemoval.plist”, “myppes.download.plist”, “mykotlerino.ltvbit.plist”, “kuklorest.update.plist”, etc. Adware commonly installs several files with the same string.

step2Check for adware generated files in the /Library/Application Support folder:

removing adware from application support folder step 1

In the Go to Folder... bar, type: /Library/Application Support

removing adware from application support folder step 2
In the “Application Support” folder, look for any recently-added suspicious folders. For example, “MplayerX” or “NicePlayer”, and move these folders to the Trash.

step3Check for adware-generated files in the ~/Library/LaunchAgents folder:

removing adware from ~launch agents folder step 1


In the Go to Folder bar, type: ~/Library/LaunchAgents

removing adware from ~launch agents folder step 2

In the “LaunchAgents” folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - “installmac.AppRemoval.plist”, “myppes.download.plist”, “mykotlerino.ltvbit.plist”, “kuklorest.update.plist”, etc. Adware commonly installs several files with the same string.

step4Check for adware-generated files in the /Library/LaunchDaemons folder:

removing adware from launch daemons folder step 1
In the Go to Folder... bar, type: /Library/LaunchDaemons

removing adware from launch daemons folder step 2
In the “LaunchDaemons” folder, look for recently-added suspicious files. For example “com.aoudad.net-preferences.plist”, “com.myppes.net-preferences.plist”, "com.kuklorest.net-preferences.plist”, “com.avickUpd.plist”, etc., and move them to the Trash.

step 5 Scan your Mac with Combo Cleaner:

If you have followed all the steps in the correct order you Mac should be clean of infections. To be sure your system is not infected run a scan with Combo Cleaner Antivirus. Download it HERE. After downloading the file double click combocleaner.dmg installer, in the opened window drag and drop Combo Cleaner icon on top of the Applications icon. Now open your launchpad and click on the Combo Cleaner icon. Wait until Combo Cleaner updates it's virus definition database and click "Start Combo Scan" button.

scan-with-combo-cleaner-1

Combo Cleaner will scan your Mac for malware infections. If the antivirus scan displays "no threats found" - this means that you can continue with the removal guide, otherwise it's recommended to remove any found infections before continuing.

scan-with-combo-cleaner-2

After removing files and folders generated by the adware, continue to remove rogue extensions from your Internet browsers.

ssl.plist cryptominer removal from Internet browsers:

safari browser iconRemove malicious extensions from Safari:

Remove ssl.plist cryptominer related Safari extensions:

safari browser preferences

Open Safari browser, from the menu bar, select "Safari" and click "Preferences...".

safari extensions window

In the preferences window, select "Extensions" and look for any recently-installed suspicious extensions. When located, click the "Uninstall" button next to it/them. Note that you can safely uninstall all extensions from your Safari browser - none are crucial for normal browser operation.

  • If you continue to have problems with browser redirects and unwanted advertisements - Reset Safari.

firefox browser iconRemove malicious plug-ins from Mozilla Firefox:

Remove ssl.plist cryptominer related Mozilla Firefox add-ons:

accessing mozilla firefox add-ons

Open your Mozilla Firefox browser. At the top right corner of the screen, click the "Open Menu" (three horizontal lines) button. From the opened menu, choose "Add-ons".

removing malicious add-ons from mozilla firefox

Choose the "Extensions" tab and look for any recently-installed suspicious add-ons. When located, click the "Remove" button next to it/them. Note that you can safely uninstall all extensions from your Mozilla Firefox browser - none are crucial for normal browser operation.

  • If you continue to have problems with browser redirects and unwanted advertisements - Reset Mozilla Firefox.

chrome-browser-iconRemove malicious extensions from Google Chrome:

Remove ssl.plist cryptominer related Google Chrome add-ons:

removing malicious google chrome extensions step 1

Open Google Chrome and click the "Chrome menu" (three horizontal lines) button located in the top-right corner of the browser window. From the drop-down menu, choose "More Tools" and select "Extensions".

removing malicious Google Chrome extensions step 2

In the "Extensions" window, look for any recently-installed suspicious add-ons. When located, click the "Trash" button next to it/them. Note that you can safely uninstall all extensions from your Google Chrome browser - none are crucial for normal browser operation.

  • If you continue to have problems with browser redirects and unwanted advertisements - Reset Google Chrome.