Remove Search Marquis (searchmarquis.com) virus from Chrome/Safari/Firefox on Mac

If you are at your wit’s end trying to stop those hugely obnoxious browser redirects via searchmarquis.com on your Mac, give the following tips a go.

1. What is Search Marquis?
2. Remove Search Marquis virus from your Mac manually
3. Search Marquis removal from web browsers
4. Remove Search Marquis virus from your Mac using a security suite

What is Search Marquis?

Malicious code with a focus on Macs is no longer a component of sensational narrative incessantly criticized by sceptics. It’s here, it’s on the rise, and it has been that way for at least three years. One of the malware outbreaks that turned the tide of the whole “invulnerable Mac” story was the so-called Bing redirect campaign. It drove numerous users nuts with browser takeovers leading to the aforementioned search engine. In fall 2019, this disgusting operation got a boost with the emergence of searchmarquis.com, a web page that suddenly replaces one’s browsing preferences and triggers a complex rerouting process landing the traffic at bing.com. Now in late 2020, this particular species of the notorious redirect virus keeps going strong, demonstrating unprecedented durability against blacklisting and suchlike benign mechanisms.

What kind of a digital adversary is Search Marquis anyway? Strictly speaking, it’s an adware sample that only infiltrates Mac machines and turns the most important customizations in Safari, Google Chrome, and Mozilla Firefox upside down without explicitly asking for permission. Once the shadowy settings overhaul is performed, every search attempt returns searchmarquis.com first, then SearchBaron.com along with a variable sequence of URLs, and finally, the victim ends up on bing.com. Because some of these pages are reflected in the browser status area no longer than momentarily, the victims wrongfully blame the predicament on Bing. In fact, this provider is nothing but a distraction unrelated to the criminals’ plot.

The operators of the Search Marquis redirect scheme hinge on application bundling to deliver their sketchy code to Macs. This chicanery works in the following way: you come across a piece of freeware, possibly a cracked version of some popular pricey app, and decide to install it. Once you get started, the installation client subtly pushes you to take the quick route and keep clicking ‘Next’ without a second thought. Having completed this ostensibly normal setup, though, you’ll discover your default browser bringing you to the wrong page off and on. The catch is in the ‘Express’ option – it doesn’t say what is being actually installed. If you are vigilant enough to deselect it by clicking ‘Custom’, you’ll see one or several extra apps in the same package. The moral of the story is that you should always be vigilant like that.

The Search Marquis virus is extraordinarily stubborn. You’ll realize it once you try to uninstall the underlying bad app from your Mac in the regular way. It simply won’t go away. Why? Because there is a configuration profile that prevents you from reverting to the normal condition of the system. Therefore, before you get to the point of specifying the correct browsing preferences, you have to eliminate this profile otherwise all the efforts will go down the drain. All these tips and tricks are extensively covered in the tutorial below.

Remove Search Marquis virus from your Mac manually

If you are okay with manual troubleshooting, use the following steps to uninstall the Search Marquis rogue app from your Mac. Be advised the persistence mechanisms employed by the infection may prevent this technique from being ultimately effective. One way or another, here’s the workflow:

• Open the Utilities directory under the Go menu in your Mac’s Finder.

• When on the Utilities pane, select Activity Monitor (the Mac equivalent of Task Manager).

• Once the Activity Monitor screen appears, check the list of running processes for an item you don’t recognize. Highlight that entry and click on the Quit Process option (button with the X symbol on it). The system will respond to this action with a confirmation dialog, where you should select Force Quit.

• Now go back to your desktop, expand the Go menu and pick Applications in the drop-down.

• Spot the suspicious entry under Applications, right-click it, and select the Move to Trash option. Your Mac may request your administrator password at this point – enter it if that’s the case.

• Next, go to the Apple menu and choose System Preferences in the drop-down as shown below.

• Proceed to Users & Groups and select Login Items. Your Mac will display the list of apps that are executed automatically at boot time. Find the unwanted entry on that list and click on the “-” (minus) button down at the bottom.

• While on the System Preferences screen, select Profiles. Spot the suspicious configuration profile and click the “-” (minus) button.

• Move on to the Go drop-down menu in the Finder and click the Go to Folder option.

• When the folder search box appears, enter the following path in it: ~/Library/LaunchAgents and click Go.

• Having accessed the LaunchAgents folder, look for suspicious items in it and, if found, send them all to the Trash.

• Follow the same logic to browse to folders named /Library/LaunchAgents (no tilde prepended), /Library/LaunchDaemons, and ~Library/Application Support. Look for potentially unwanted objects and send them to the Trash once spotted.

When done with the manual process of Search Marquis removal, take your time and check if the virus has vanished from your Mac. If it continues to cause browser redirects, move on to the following section of this tutorial.

Search Marquis removal from web browsers

In the circumstances of a complex browser hijack like this, executing a reset makes the most sense despite a few obvious downsides. Customizations such as saved passwords, bookmarked pages etc. will be gone, but so will all the changes made by the potentially unwanted program. The instructions below address the workflow for the web browsers most targeted by the Searchmarquis.com virus.

Clean up Safari

• Go to the Safari menu and select Preferences.

• When on the Safari Preferences screen, select the Privacy tab and hit the Manage Website Data button if you are up to erasing all website data stored on your Mac (this is recommended in the SearchMarquis hijack situation).

• A dialog will appear, asking you to validate your choice. Click the Remove All button if you are sure. Be advised that this will log you out of online services and undo personalized web browser settings such as saved passwords, etc.

• With Safari opened, click Develop in the Finder bar and select Empty Caches.

• Expand the History menu in the Finder area and click Clear History at the bottom of the list.

• Keep the all history option selected (it’s the default one) and click Clear History.

• Restart Safari.

Reset Google Chrome

• Click Customize and control Google Chrome (⁝) in the upper right-hand part of the window and select Settings. Another way is to type chrome://settings in the URL bar and press Enter.

• Move on to the Advanced area under Settings.

• Find the Reset settings subsection and click the Restore settings to their original defaults link within it.

• The browser will display a popup dialog asking if you are sure you want to restore settings to their original defaults. Confirm by clicking Reset settings.

• Restart Chrome.

Reset Mozilla Firefox

• Open Firefox, type about:support in the URL area and press Enter. Alternatively, you can go to Help - Troubleshooting Information

• Click on the Refresh Firefox button and confirm the changes.

• Restart Firefox.

Remove Search Marquis virus from your Mac using a security suite

The most effective way to curb increasingly sneaky and persistent Mac threats is to use trusted security software. The award-winning Intego Mac Premium Bundle X9 is one of the best options across the anti-malware spectrum.

Its VirusBarrier component boasts a high detection rate and an outstanding cleaning capability. Additionally, the product comes packed with online security, optimization, and data backup features. Follow the steps below to use this sure-shot removal method.

1. Download Intego Mac Premium Bundle X9 installer and run it. The setup client’s prompts will walk you through the installation.

Download Search Marquis virus removal tool

2. Open Launchpad from your Dock and select the just-added VirusBarrier app.

3. Click the Full Scan button to have your Mac checked for security issues.

4. The first full scan may take 10 minutes or more, depending on the size of your disk. VirusBarrier will keep you informed about the number of files it has already checked.

5. When the scan is through, the app will display a report that provides a summary of the detected malicious items and the total number of files checked. Click Select All and then Quarantine to move the threats to an isolated environment so that they can no longer harm your system.

6. Click the Quarantine tab in the upper toolbar and examine the files listed there. If you are sure all of them are malicious (which is most likely the case), click Repair All to completely eradicate these items from your Mac.