Home Guides Mac Viruses How to remove Yahoo Search virus from Mac

How to remove Yahoo Search virus from Mac

4 min read
0
35,312
Being repeatedly redirected to Yahoo Search on a Mac computer should be interpreted as a call to action because it could be a sign of a malware attack.
  1. What is Yahoo Search redirect?
  2. Remove Yahoo Search redirect virus from your Mac manually
  3. Yahoo Search redirect removal from web browsers
  4. Remove Yahoo Search redirect from your Mac using a security suite

What is Yahoo Search redirect?

The ability to specify web browsing preferences is an awesome thing everyone takes for granted these days. You select your favorite search engine, enter the homepage address to your liking, type the new tab page URL – and voila, the web surfing becomes so much more seamless. But what if these customizations suddenly slip out of your control for seemingly no reason? The user experience gets a knockdown blow. That’s what happens if the Yahoo Search redirect virus kicks in. This has been a particularly serious problem for Mac users over the past few years, and the campaign is only getting worse. The telltale symptom of this predicament is difficult to overlook: your preferred web browser starts forwarding all your searches to search.yahoo.com instead of whatever service you chose to use by default.

Yahoo Search redirect is an increasingly bothersome Mac threat
Yahoo Search redirect is an increasingly bothersome Mac threat

This perplexing occurrence seems hugely bizarre at first blush. Yahoo Search is indisputably benign, and so there is a bold question mark regarding the involvement of its results pages in such a controversial scheme. The truth is somewhat unexpected. The operators of this Internet cesspool are piggybacking on the good reputation of this search engine to make victims doubt whether they are dealing with a sample of malware or with some kind of a browser glitch that has skewed their web preferences.

The real black hat conspiracy happens before search.yahoo.com is visited. The plagued Mac user’s web browser resolves a series of domains associated with ad network APIs, which allows bad actors to make a quick buck at the expense of other people’s peace of mind. The network of these interstitial domains is changing down the road so that the campaign stays afloat even if its elements get blacklisted or suspended. In essence, this is a classic instance of traffic monetization with a clearly malicious flavor. Instead of exercising fair play to generate unique hits, the malefactors unleash harmful code that messes around with Mac users’ Internet set-ups without permission.

Speaking of which, the Yahoo Search redirect virus is a generic term that can be manifested differently in different scenarios. There is always a potentially unwanted application (PUA) to blame for misconfiguring the browser. Some of the affiliated dodgy apps include Any Search Manager, ChillTab, Safe Finder, SearchMine, Search Pulse, and TapuFind. They all forcibly replace the victim’s preferred search engine with a value that resolves Yahoo Hosted Search pages. To top it off, they establish persistence by installing a configuration profile using the command line tool.

This mixture of characteristics makes the threat a hard-to-defeat adversary, and yet it has its weak links. The following steps will help you stop the irritating redirect activity and eradicate the malicious app that caused this disarray, in the first place. To avoid this type of a quagmire going forward, be slightly paranoid about free app installers – this is the primary contagion that may hide dangerous bundled elements in plain sight.

Remove Yahoo Search redirect virus from your Mac manually

If you are okay with manual troubleshooting, use the following steps to uninstall the Yahoo Search redirect rogue app from your Mac. Be advised the persistence mechanisms employed by the infection may prevent this technique from being ultimately effective. One way or another, here’s the workflow:

• Open the Utilities directory under the Go menu in your Mac’s Finder.Go to Utilities on Mac

• When on the Utilities pane, select Activity Monitor (the Mac equivalent of Task Manager).Open Activity Monitor

• Once the Activity Monitor screen appears, check the list of running processes for an item you don’t recognize. Highlight that entry and click on the Quit Process option (button with the X symbol on it). The system will respond to this action with a confirmation dialog, where you should select Force Quit.Terminate malicious process in Activity Monitor

• Now go back to your desktop, expand the Go menu and pick Applications in the drop-down.Go to Mac Applications

• Spot the suspicious entry under Applications, right-click it, and select the Move to Trash option. Your Mac may request your administrator password at this point – enter it if that’s the case.Remove unwanted application from Mac

• Next, go to the Apple menu and choose System Preferences in the drop-down as shown below.Go to System Preferences

• Proceed to Users & Groups and select Login Items. Your Mac will display the list of apps that are executed automatically at boot time. Find the unwanted entry on that list and click on the “-” (minus) button down at the bottom.Delete app from login items

• While on the System Preferences screen, select Profiles. Spot the suspicious configuration profile and click the “-” (minus) button.Remove evil configuration profile

• Move on to the Go drop-down menu in the Finder and click the Go to Folder option.Go to Folder feature on Mac

• When the folder search box appears, enter the following path in it: ~/Library/LaunchAgents and click Go.Go to ~/Library/LaunchAgents

• Having accessed the LaunchAgents folder, look for suspicious items in it and, if found, send them all to the Trash.Delete unwanted LaunchAgents

• Follow the same logic to browse to folders named /Library/LaunchAgents (no tilde prepended), /Library/LaunchDaemons, and ~Library/Application Support. Look for potentially unwanted objects and send them to the Trash once spotted.

When done with the manual process of Yahoo Search redirect removal, take your time and check if the virus has vanished from your Mac. If it continues to cause browser redirects, move on to the following section of this tutorial.

Yahoo Search redirect removal from web browsers

In the circumstances of a complex browser hijack like this, executing a reset makes the most sense despite a few obvious downsides. Customizations such as saved passwords, bookmarked pages etc. will be gone, but so will all the changes made by the potentially unwanted program. The instructions below address the workflow for the web browsers most targeted by the Yahoo Search redirect virus.

Clean up Safari

• Go to the Safari menu and select Preferences.Safari preferences

• When on the Safari Preferences screen, select the Privacy tab and hit the Manage Website Data button if you are up to erasing all website data stored on your Mac (this is recommended in the SearchMarquis hijack situation).Manage Website Data in Safari

• A dialog will appear, asking you to validate your choice. Click the Remove All button if you are sure. Be advised that this will log you out of online services and undo personalized web browser settings such as saved passwords, etc.Confirm removal of all website data in Safari

• With Safari opened, click Develop in the Finder bar and select Empty Caches.Empty Caches in Safari

• Expand the History menu in the Finder area and click Clear History at the bottom of the list.Clear History in Safari

• Keep the all history option selected (it’s the default one) and click Clear History.Clear all history

• Restart Safari.

Reset Google Chrome

• Click Customize and control Google Chrome (⁝) in the upper right-hand part of the window and select Settings. Another way is to type chrome://settings in the URL bar and press Enter.Go to Settings in Chrome

• Move on to the Advanced area under Settings.Click ‘Advanced’

• Find the Reset settings subsection and click the Restore settings to their original defaults link within it.

• The browser will display a popup dialog asking if you are sure you want to restore settings to their original defaults. Confirm by clicking Reset settings.Confirm resetting Chrome

• Restart Chrome.

Reset Mozilla Firefox

• Open Firefox, type about:support in the URL area and press Enter. Alternatively, you can go to Help - Troubleshooting InformationGo to Troubleshooting Information in Firefox

• Click on the Refresh Firefox button and confirm the changes.Refresh Mozilla Firefox on Mac

• Restart Firefox.

Remove Yahoo Search redirect from your Mac using a security suite

The most effective way to curb increasingly sneaky and persistent Mac threats is to use trusted security software. The award-winning Intego Mac Premium Bundle X9 is one of the best options across the anti-malware spectrum.

Its VirusBarrier component boasts a high detection rate and an outstanding cleaning capability. Additionally, the product comes packed with online security, optimization, and data backup features. Follow the steps below to use this sure-shot removal method.

1. Download Intego Mac Premium Bundle X9 installer and run it. The setup client’s prompts will walk you through the installation.

Download Yahoo Search redirect virus removal tool

Intego Mac Premium Bundle X9 installation

2. Open Launchpad from your Dock and select the just-added VirusBarrier app. Open VirusBarrier from Launchpad

3. Click the Full Scan button to have your Mac checked for security issues. Start a full scan

4. The first full scan may take 10 minutes or more, depending on the size of your disk. VirusBarrier will keep you informed about the number of files it has already checked. Full scan in progress

5. When the scan is through, the app will display a report that provides a summary of the detected malicious items and the total number of files checked. Click Select All and then Quarantine to move the threats to an isolated environment so that they can no longer harm your system. Scan report

6. Click the Quarantine tab in the upper toolbar and examine the files listed there. If you are sure all of them are malicious (which is most likely the case), click Repair All to completely eradicate these items from your Mac. Quarantined items

Rate article

5/5 (3)

Leave a Reply

Your email address will not be published. Required fields are marked *