There is a massive adware wave underway that features the Search Marquis browser hijacker haunting Mac users with annoying redirects to Bing.com
May 2021 update
|Name||Search Marquis (SearchMarquis.com)|
|Type||Redirect Virus / Browser Hijacker|
|Action||Annoying redirects of Safari/Chrome/Mozilla Firefox/Opera to Bing.com, showing sponsored ads, total system slowdown|
|Removal tool||Download Now|
Whereas the Mac world is still relatively safe from vicious threats such as ransomware and highly impactful menaces like coin miners, it is an area with a through-passage for adware. These attacks don’t cause serious harm, but they diminish the victims’ web browsing experience with a noxious reorganization of the basic Internet preferences without due approval. The Search Marquis virus represents the latest generation of such nuisances. It takes over a Mac user’s browser defaults and forwards every search query entered in the address bar to searchmarquis.com. Then, the traffic trail passes through auxiliary domains, including searchbaron.com and amazonaws.com, only to end up on Bing.com hosted results. As a result, there is no easy way left for the victim to use an alternative search provider in Safari, Google Chrome, and Mozilla Firefox. The cross-browser gist of this infection means that the average Mac user will be experiencing the symptoms regardless of their web navigation service biases.
The fact that the hijacker forces hits to Bing may seem somewhat odd at first sight. However, the operators of Search Marquis malware are pulling off a clever trick that earns them affiliate commissions for supplying unique traffic from compromised Macs. Each time the user is being rerouted, the underlying malicious application parses the search request from the legitimate URL and substitutes it with the address of a web page that has API ties to Bing. In the aftermath of these manipulations going on behind the scenes, the landing page appears to be trustworthy but the malefactors still get their sketchy revenue. Some people may mistake this hoax for some kind of a glitch that caused their favorite search engine to be replaced with a different one – that’s probably another intended element of the attack its architects are relying on so that the victims don’t get busy applying a virus cleanup process right away.
The misdemeanor of Search Marquis redirect virus is backed by an unwanted browser add-on that crops up on a Mac without proper authorization. The contamination process usually involves a bundle consisting of several apps, one of which is most likely harmless while the rest aren’t. The fake Adobe Flash Player update popups are a common source for these booby-trapped installations. This mainstream stratagem is bolstered by a network of hacked websites with corrupt scripts running on them. As soon as a user visits one of such pages, they are presented with an alert stating that their Flash Player version is out of date and insisting that they must install the latest build. Whereas the installer may seem to streamline the update process the way it should, it actually pushes additional applications furtively. Then, the pest alters the search engine value in the default browser so that the user repeatedly goes to searchmarquis.com, and from there to Bing.com via a number of affiliated URLs.
A rush of misleading popup alerts that say, “Your computer is low on memory” is one more telltale sign of this infection. Many victims find it hard to differentiate real macOS notifications about RAM draining issues from fake dialogs displayed by malicious apps. The gap is trivial to discern, though. All it takes is a quick look at the memory stats in the Activity Monitor – if the amount isn’t close to reaching its limit, then blaming the popup activity on malware is the right train of thought. Search Marquis sets this part of its evil plan in motion to camouflage various permission requests underneath legit-looking system alerts.
This malicious entity has gained notoriety for establishing persistence on a Mac. To this end, it mishandles the macOS configuration profiles feature, which is a common way for organizations to define what the employees can and cannot do on their computers. Cybercriminals are increasingly abusing this instrument to enforce rogue settings such as the browsing preferences. On top of that, the intrusive profile prevents the victim from uninstalling the extension that’s causing the Search Marquis redirect in the first place. Therefore, deleting this entity is one of the key prerequisites for successful recovery from the adware incursion. Keep reading to explore the techniques that help eliminate the threat and revert to normal web surfing.
Remove Search Marquis virus from Mac manually
First things first, every infection instance boils down to a specific rogue app underlying it. Therefore, the starting point of the fix is to find and delete the malicious program that’s causing your Mac computer to act up. This could be easier said than done, though – some viruses are sneaky and don’t leave an obvious system footprint in an attempt to avoid detection.
The steps below will walk you through the best practices of spotting and removing Search Marquis virus from your Mac.
- In the Finder’s Go pull-down menu, click Utilities
- Select Activity Monitor
- Take a look at the running processes and try to identify the malicious one. Its name isn’t likely to have anything in common with Search Marquis virus, therefore you should focus on resource-intensive entries that look unfamiliar and way out of place.
- Once you spot the suspect, select it and click Stop in the upper left of the Activity Monitor screen. Follow on-screen prompts to force quit the unwanted item. Note that you may have to enter your admin password to do it
- Reopen the Go menu and click Go to Folder
- Enter the following string in the search box: /Library/LaunchAgents. Click the Go button as shown below
- Check the folder for potentially unwanted items. As is the case with malicious executables, the names of sketchy LaunchAgents may suggest no connection with Mac threats. As a general rule, look for recently created objects you don’t recognize. Send the baddies to the Trash if found
- Now you’ll need to complete the same procedure for the following directories: ~/Library/LaunchAgents, ~/Library/Application Support, and /Library/LaunchDaemons. Go to these paths in turn (see Step 6 above), inspect their contents for dubious items and folders, and eliminate them.
- Use the Go menu in your Finder again and click Applications
- Scrutinize the list of installed apps to try and locate the malicious one. This could also be a shot in the dark because the culprit isn’t going to be named Search Marquis virus or similar. Your goal is to spot a recently added fishy-looking program you didn’t wittingly install. Send it to the Trash immediately
- Click the Apple menu icon and pick System Preferences. You can as well click the gear symbol in the Dock if it’s there
- Head to Users & Groups and click Login Items. Click the padlock icon at the bottom left to enable changes – this will require your admin password. Find the app that shouldn’t be started automatically at boot time, select it, and click the ‘minus’ symbol
- When on the System Preferences screen, select Profiles. In most cases, the list will show up blank unless it’s a company-issued Mac and your employer has added a configuration profile to manage specific areas of the system. Anyway, if you see a profile that shouldn’t be there (e.g. AdminPrefs or TechSignalSearch), select it and click the ‘minus’ symbol to eradicate it
So much for the manual removal workflow. Keep in mind that most Mac threats stretch their grip over to web browsers. If this is the case, your online activities will continue to be affected and you’ll need to additionally tackle the browser side of the attack. Here’s how you do it.
Searchmarquis.com removal in a web browser on Mac
The steps below will help you regain control of the browsing preferences hijacked by Search Marquis virus. Be advised that you may be logged out of sites and lose your web customizations as a result of this procedure. The silver lining, though, is that the malware won’t be meddling with your online sessions anymore.
Troubleshoot Safari malfunctioning
- Open Safari, expand the Safari pull-down menu, and pick Preferences
- Click Advanced and check the ‘Show Develop menu in menu bar’ box
- You’ll see the Develop menu added at the top of the screen. Click it and select Empty Caches on the list
- Expand the History entry in the Safari menu and select Clear History
- It’s best to pick all history in the follow-up screen to obliterate all malicious cookies and website data generated by the malware. Then, click Clear History
- Return to the Safari Preferences, select the Privacy section, and click the Manage Website Data button
- Click Remove All on the subsequent screen
- Finish the procedure by restarting Safari
Restore Google Chrome defaults
- Open Google Chrome, click the Customize and control Google Chrome (⁝) symbol in the upper right, and choose Settings
- Click Reset settings
- The browser will display an extra dialog so that you can familiarize yourself with the logic of the cleanup before proceeding. Go ahead and click the Reset settings button as illustrated below
- Restart Google Chrome
Fix the problem in Mozilla Firefox
- Open Firefox, click its menu icon (three horizontal lines), select Help, and click Troubleshooting Information
- Click Refresh Firefox and confirm the action
- Restart Mozilla Firefox
Remove Search Marquis virus using Combo Cleaner
Manual removal of Mac malware could be a bumpy road because you run the risk of missing small fragments of the infection, in which case all the efforts may be futile down the line. The automatic tool called Combo Cleaner eliminates this pitfall by leveraging effective detection algorithms to identify every single malicious file on your Mac. This way, Searchmarquis.com virus removal is a matter of a few clicks and a couple of minutes’ wait. Use the following steps to give it a go.
Download and install Combo Cleaner app.
The free scanner will let you know if your Mac is infected. To remove viruses, you will have to buy the Premium version of Combo Cleaner.
- Run the tool, let it perform the virus and malware definitions update, and click Start Combo Scan
- The app is equipped with a competitive mix of security, privacy, and optimization features. Therefore, not only does it spot prevalent Mac malware but it also finds tracking cookies and unneeded files that take a lot of disk space and should be deleted
- If Combo Cleaner detects threats on your Mac, it will provide a report containing the number of these infections and the categories they fall into. At this point, all you need to do is click the Remove Selected Items button
- Having uninstalled malware from your Mac, you should redefine your web browser preferences manually if they have been previously modified by the infection without your consent.