Numerous Mac users are falling victim to a prolific adware strain that reroutes Safari, Google Chrome, and Mozilla Firefox to Bing via SearchMarquis.com.
Longevity is a rare trait of adware threats focused on the plaguing computers with macOS on board. Most of these nuisances sink into oblivion mere weeks after being launched. The Search Marquis virus stands out from the crowd, though. It has been in rotation since the summer of 2019 and continues to be extremely active now in 2021. The name of this baddie was coined based on the SearchMarquis.com URL that incessantly shows up in Safari, Chrome, and Firefox on a contaminated Mac machine for no clear reason. This, however, is just a link in a longer chain of browser redirects that leads to Bing.com, Microsoft’s search engine. Although the landing page is a valid provider rather than its knock-off version, the whole situation is absolutely unbearable because the victim’s Internet preferences are overridden without permission.
Let’s suppose you have configured your web browser to return Google as the default search engine. If so, its results should appear whenever you enter a search request in the browser’s address area. When the Search Marquis virus steps in, this action will resolve Bing instead. But before the browser reaches this unwelcome destination, the traffic travels through SearchMarquis.com, its satellite service SearchBaron.com, and several gibberish-looking URL strings denoting advertising networks that don’t seem to care much about the source of user hits they receive. At the end of the day, criminals rake in profits by monetizing the traffic they illicitly intercepted at the expense of Mac users’ peace of mind.
The system footprint of this infection goes further than simply reorganizing the web surfing activities. It deposits dozens of files in different macOS locations, plus it may come with a cross-browser extension that’s visible in Safari, Chrome, and Firefox settings. The Library folders riddled with traces of Search Marquis include LaunchAgents, Application Support, and LaunchDaemons. What’s worse, though, is that the virus accesses Terminal to run a command that installs a malicious configuration profile. This entity henceforth controls browser settings such as the homepage, new tab, and default search. In Chrome, this interference manifests itself via a message saying “Managed by your organization” at the bottom of the “Customize and control Google Chrome” pull-down menu.
Removal of the Search Marquis virus is a multifaceted task that spans your garden-variety software cleaning techniques plus, most importantly, overcomes the persistence established through the above-mentioned device profile and multiple hidden components sprinkled all over the target Mac. Thankfully, there is a tried-and-tested mechanism to achieve both goals. Keep reading to learn more.
Search Marquis virus manual removal steps for Mac
Follow these simple steps to eliminate the infection that causes constant redirecting to SearchMarquis.com on Mac.
- Click Go in the Finder area and select Utilities.
- Open the Activity Monitor utility.
- Look for a suspicious process. The giveaways include high CPU and RAM usage, an unfamiliar icon, and a gibberish name.
- If you pinpoint the unwanted object, click it and use the X (“Stop”) button in the upper left of the Activity Monitor window to force quit the process. Confirm this action on a follow-up popup.
- Click Go in the Finder bar again and select Go to Folder.
- Enter ~/Library/LaunchAgents and click the Go button.
- Look for dubious files inside the LaunchAgents folder and remove them.
- Use the same technique (Go to Folder feature) to browse to the following places on your Mac: /Library/LaunchDaemons, ~/Library/Application Support, and /Library/LaunchAgents. Check each one for suspicious items and delete everything found.
- Click the Finder icon in your Dock and pick Applications in the sidebar. Look for an unwanted app you don’t recall installing and move it to the Trash.
- Click the gear icon in the Dock to open System Preferences and proceed to Users & Groups. Click the padlock sign and enter your admin credentials to be able to change the settings. Next, go to the Login Items tab, spot the misbehaving application, and hit the “minus” symbol at the bottom to remove it from the list.
- Now select Profiles in the System Preferences screen. Look for the evil configuration profile and click the “minus” symbol to delete it.
- Empty the Trash.
SearchMarquis.com redirect removal from your web browser on Mac
To make the Search Marquis virus vanish for good, you’ll additionally need to make a few tweaks at the browser level. Here is how.
- Remove Search Marquis from Safari
- Open Safari, expand the Safari menu, and click the Preferences entry. Go on to the Advanced tab and put a checkmark next to Show Develop menu in menu bar.
- Expand the Develop menu and select Empty Caches as shown below.
- Click History in the Finder toolbar, select Clear History in the drop-down list and confirm that you’re up to deleting all history.
- Go back to Safari Preferences, open the Privacy tab, and select the option that says Manage Website Data. Click Remove All and then Done to eliminate all data stored by websites.
- Restart Safari.
- Remove Search Marquis virus from Google Chrome
- Open Chrome, click the Customize and control Google Chrome button, select Settings, click Advanced in the sidebar, and choose Reset settings.
- Click the button saying Restore settings to their original defaults and follow further prompts to reset Chrome settings.
- Restart Chrome.
- Remove Search Marquis redirect from Mozilla Firefox
- Launch Firefox, click the Open menu button, go to Help, and pick Troubleshooting Information.
- Click Refresh Firefox to revert to the original settings.
- Restart Firefox.
Avoiding Search Marquis virus isn’t that hard
The fundamental precaution that helps steer clear of Search Marquis and any other threats that use the same style of attack is to be careful with app installations. This culprit always arrives at Macs as a component of a bundle, that is to say, a neat wrapping that conceals unwanted code inside.
If you come across a popup ad on a random site that tells you to install a software update or a free version of an application that normally costs a pretty penny, don’t fall for the trick. Ideally, you should stick to the official App Store where every product goes through extensive security checks and is very unlikely to harm your Mac.