More

    Remove Yahoo Search virus from Safari, Chrome and Firefox on Mac

    In a cybercrime campaign lasting for years, threat actors ensnare Mac users with malicious apps that redirect web browsers to Yahoo without permission.

    NameYahoo Search virus Mac
    TypeBrowser hijacker, adware
    URLssearch.safefinderformac.com, search.tapufind.com, searchmine.net,
    search.chill-tab.com, search.anysearchmanager.com,
    search.searchpulse.net, searchlee.com
    ActionBrowser takeover, reoccurring redirects to search.yahoo.com,
    system slowdown
    DangerAbove average
    Removal tool Download Now

    Being able to specify default web browsing settings is something people take for granted. It’s incredibly convenient because it saves time and makes the online experience personalized to the max. However, this mechanism doesn’t work as intended if malicious code steps in. A prolific Mac threat generically called Yahoo redirect virus can ruin the whole beauty in the blink of an eye. It reorganizes the user-assigned search settings in Safari, Chrome, and Mozilla Firefox in such a way that every keyword query via the browser’s address bar returns search.yahoo.com instead of Google or whatever provider is listed in the preferences. This scheme seems odd, given that the resulting site is trustworthy. How do crooks get mileage out of it then?

    Safari rerouted to Yahoo off and on
    Safari rerouted to Yahoo off and on

    The trick is twofold. First off, Yahoo is used as a smokescreen that sidetracks the victim from shady activity going on behind the scenes. There are a handful of intermediate junk services that allow crooks to convert the entire volume of unauthorized traffic into monetary gain. These pages are intertwined with the APIs of discreditable advertising platforms, with the ties being hidden in plain sight. Every time the redirect instance occurs, the browser quietly roams through one of the following URLs:

    • search.safefinderformac.com
    • search.safefinder.com
    • search.safefinder.info
    • search.safefinder.biz
    • feed.safefinder.com
    • searchlee.com
    • search.macsafefinder.com
    • search.tapufind.com
    • searchmine.net
    • search.chill-tab.com
    • search.anysearchmanager.com
    • search.searchpulse.net

    Vigilant users will notice that the landing page address includes a YHS string, which stands for Yahoo Hosted Search. This brings us to one more facet of the conspiracy: ne’er-do-wells at the helm of it might be seeking to generate affiliate rewards that the legitimate search engine pays when receiving unique visits. This is a winning strategy for the unscrupulous online marketers because their worthless knockoff search engines on the list above have no search capability of their own. Outsourcing this feature to Yahoo while raking in profits at the same time seems like a lucrative “business opportunity”, except that it’s implemented at the expense of Mac users’ peace of mind.

    One of the dodgy web services redirecting to search.yahoo.com on Mac
    One of the dodgy web services redirecting to search.yahoo.com on Mac

    No matter which spin-off of the nasty redirect threat is running amok inside the system, it is always embodied as a specific malicious app. The culprit is responsible for turning the browser preferences upside down and establishing persistence so that the victim cannot remove it in the same way they would uninstall a regular piece of software. One more apparent element of this train of thought is that the attack starts with an installation of the unwanted program, although the user is typically unaware of it. How come? One word: bundling. This fraudulent technique underlies numerous Mac malware outbreaks, obfuscating dangerous payloads amid harmless software samples.

    Previously, the Adobe Flash Player update hoax was the most common carrier of the Yahoo redirect virus. Mac users would bump into pop-ups online stating that their version was obsolete and supposedly pushing a fresh build for proper web multimedia experience. The installer, though, would include a malicious app as well. Not that Flash Player support has been officially discontinued, this ruse is dwindling. Malefactors are increasingly promoting malware-tainted bundles that feature too-good-to-be-true browser extensions, streaming video downloaders, games, and cracked editions of popular Mac applications. That being said, it’s very important to exert caution with freeware installation clients these days. At the very least, users should opt out of the express setup mode that often conceals harmful items.

    If you are being redirected to Yahoo when running web searches on your Mac, the issue will stick around until you find and vanquish the core app. As an extra layer of cleaning, you will need to put the affected web browser back on track by reverting to correct settings. The following paragraphs will show you how.

    Remove Yahoo redirect virus from Mac manually

    First things first, every infection instance boils down to a specific rogue app underlying it. Therefore, the starting point of the fix is to find and delete the malicious program that’s causing your Mac computer to act up. This could be easier said than done, though – some viruses are sneaky and don’t leave an obvious system footprint in an attempt to avoid detection.

    The steps below will walk you through the best practices of spotting and removing Yahoo redirect virus from your Mac.

    1. In the Finder’s Go pull-down menu, click UtilitiesGo to Utilities on Mac
    2. Select Activity MonitorActivity Monitor
    3. Take a look at the running processes and try to identify the malicious one. Its name isn’t likely to have anything in common with Yahoo redirect virus, therefore you should focus on resource-intensive entries that look unfamiliar and way out of place.
    4. Once you spot the suspect, select it and click Stop in the upper left of the Activity Monitor screen. Follow on-screen prompts to force quit the unwanted item. Note that you may have to enter your admin password to do itStop unwanted process
    5. Reopen the Go menu and click Go to FolderGo to Folder
    6. Enter the following string in the search box: /Library/LaunchAgents. Click the Go button as shown belowBrowse to LaunchAgents directory
    7. Check the folder for potentially unwanted items. As is the case with malicious executables, the names of sketchy LaunchAgents may suggest no connection with Mac threats. As a general rule, look for recently created objects you don’t recognize. Send the baddies to the Trash if foundFind and delete rogue LaunchAgents
    8. Now you’ll need to complete the same procedure for the following directories: ~/Library/LaunchAgents, ~/Library/Application Support, and /Library/LaunchDaemons. Go to these paths in turn (see Step 6 above), inspect their contents for dubious items and folders, and eliminate them.
    9. Use the Go menu in your Finder again and click ApplicationsHead to Applications
    10. Scrutinize the list of installed apps to try and locate the malicious one. This could also be a shot in the dark because the culprit isn’t going to be named Yahoo redirect virus or similar. Your goal is to spot a recently added fishy-looking program you didn’t wittingly install. Send it to the Trash immediatelyRemove harmful application
    11. Click the Apple menu icon and pick System Preferences. You can as well click the gear symbol in the Dock if it’s thereSystem Preferences
    12. Head to Users & Groups and click Login Items. Click the padlock icon at the bottom left to enable changes – this will require your admin password. Find the app that shouldn’t be started automatically at boot time, select it, and click the ‘minus’ symbolGet rid of malicious Login Item
    13. When on the System Preferences screen, select Profiles. In most cases, the list will show up blank unless it’s a company-issued Mac and your employer has added a configuration profile to manage specific areas of the system. Anyway, if you see a profile that shouldn’t be there (e.g. AdminPrefs or TechSignalSearch), select it and click the ‘minus’ symbol to eradicate itEliminate virus-related device profile

    So much for the manual removal workflow. Keep in mind that most Mac threats stretch their grip over to web browsers. If this is the case, your online activities will continue to be affected and you’ll need to additionally tackle the browser side of the attack. Here’s how you do it.

    Yahoo Search redirect removal in a web browser on Mac

    The steps below will help you regain control of the browsing preferences hijacked by Yahoo redirect virus. Be advised that you may be logged out of sites and lose your web customizations as a result of this procedure. The silver lining, though, is that the malware won’t be meddling with your online sessions anymore.

    Troubleshoot Safari malfunctioning

    1. Open Safari, expand the Safari pull-down menu, and pick PreferencesSafari Preferences
    2. Click Advanced and check the ‘Show Develop menu in menu bar’ boxShow Develop menu in menu bar
    3. You’ll see the Develop menu added at the top of the screen. Click it and select Empty Caches on the listEmpty Caches listed under Develop pull-down menu
    4. Expand the History entry in the Safari menu and select Clear HistoryClear Safari history
    5. It’s best to pick all history in the follow-up screen to obliterate all malicious cookies and website data generated by the malware. Then, click Clear HistoryConfirmation to clear history
    6. Return to the Safari Preferences, select the Privacy section, and click the Manage Website Data buttonManage Website Data button
    7. Click Remove All on the subsequent screenRemove data stored by websites
    8. Finish the procedure by restarting Safari

    Restore Google Chrome defaults

    1. Open Google Chrome, click the Customize and control Google Chrome (⁝) symbol in the upper right, and choose SettingsChrome Settings
    2. Click Reset settingsReset settings section in Google Chrome
    3. The browser will display an extra dialog so that you can familiarize yourself with the logic of the cleanup before proceeding. Go ahead and click the Reset settings button as illustrated belowConfirm resetting settings
    4. Restart Google Chrome

    Fix the problem in Mozilla Firefox

    1. Open Firefox, click its menu icon (three horizontal lines), select Help, and click Troubleshooting InformationGo to Troubleshooting Information in Mozilla Firefox
    2. Click Refresh Firefox and confirm the actionComplete Firefox resetting
    3. Restart Mozilla Firefox

    Remove Yahoo redirect virus using Intego Mac Premium Bundle X9

    Spotting files dropped by Mac threats can be a wild guess and takes a lot of time if you do it manually. It is much easier and more effective to use a security tool that automates the cumbersome process and quickly delivers the result you need. Intego Mac Premium Bundle X9 leverages time-tested antivirus technology to detect, defang, and remove widespread and emerging Mac viruses. Here is how to get rid of malicious code in several simple steps using this technique:

    1. Download and run Mac Premium Bundle X9 installation file. Follow on-screen prompts to finish the setup.

      Download Yahoo Search redirect infection cleaner

      Mac Premium Bundle X9 setup process
    2. Open the VirusBarrier application from your Launchpad. This is the central module of the software suite’s security kit.
    3. Choose the scan type. Keep in mind that Quick Scan only checks a limited range of locations most often parasitized by Mac malware. We recommend you select Full Scan to maximize the detection accuracy. Run a scan
    4. Wait for the tool to examine your computer for unwelcome files, harmful processes, and suspicious configurations. The first full scan might be a bit lengthy, which is normal. VirusBarrier full scan
    5. The scan report will give you the big picture by listing the detected threats and malware families they represent. These items are automatically moved to the quarantine unless you specify a different action. Scan results
    6. To make the harmful files vanish without a trace, open the Quarantine tab and click the Repair All button. This will address your malware issue.

    Latest Posts

    WindowServer Mac high CPU usage – reasons and MacOS workarounds

    Numerous Mac users are experiencing sluggish system performance due to CPU and RAM overconsumption by a process called WindowServer.

    “Your computer is low on memory” popup virus removal from Mac

    Incessant popup alerts on Mac saying “Your computer is low on memory” aren’t necessarily caused by insufficient RAM and could be a...

    Remove Yahoo Search virus from Safari, Chrome and Firefox on Mac

    In a cybercrime campaign lasting for years, threat actors ensnare Mac users with malicious apps that redirect web browsers to Yahoo without...

    Remove Charmsearching virus redirect

    Being redirected to Bing via Charmsearching.com site on Chrome and other browsers is a symptom of adware activity that should be addressed...

    Remove Search Marquis Mac virus from Safari, Chrome, Firefox

    There is a massive adware wave underway that features the Search Marquis browser hijacker haunting Mac users with annoying redirects to Bing.com

    1 Comment

    Leave A Reply

    Please enter your comment!
    Please enter your name here