Do you notice your browser acting weirdly and redirecting you to sketchy search engines and unwanted web pages? If so, your Mac may be infected with a malware called Search Marquis. Below, I’ll tell you everything about this browser hijacker and how to remove Search Marquis from your Mac.
- What is Search Marquis?
- How to know if your Mac is infected with Search Marquis
- How does Search Marquis get on Mac
- How to remove Search Marquis from Mac
What is Search Marquis?
It is pretty uncommon for Macs to be affected by malware and viruses. That’s why it pays to know the most common Mac viruses and how to remove them.
Search Marquis is a browser hijacker pretending to be a useful browser extension that targets Safari, Google Chrome, and other web browsers on Macs.
Once installed, this tool hijacks your browser and modifies your browser settings and preferences without your permission. It changes your search engine and homepage into Search Marquis.
While it appears like a legit search engine, it isn’t an actual search engine. The main goal of this malicious software is to redirect users to several unwanted websites and generate income for its developers through online advertising.
How to know if your Mac is infected with Search Marquis
You’ll first notice that your web browser’s default engine, homepage, and new tab page have been replaced with Search Marquis, and all the search queries are redirected to searchmarquis.com. The bad part is your browser makes it impossible for you to revert to your preferred homepage.
If you attempt to perform an online search with it, you’ll be redirected to Bing.com. But before you reach Bing, it will first lead you to sketchy sites. Some of the domains promoted by Search Marquis include:
It also installs sketchy add-ons and shows you a lot of suspicious pop-up ads, in-text links, and banners. Search Maquis overloads your Mac’s CPU, reduces its system performance, and freezes your browser, giving you a poor browsing experience.
The worst part? It may collect cookies and other personal data from your computer to ad affiliate networks.
How does Search Marquis get on Mac?
The primary way Search Marquis enters your Mac is through a software packaging scheme called bundling. This technique involves sneakily bundling unwanted software with legitimate software.
Knowing that many people skip them, ad affiliate networks bury the details about the bundled software in the accompanying terms and conditions. In turn, users unknowingly consent to the download and allow the affiliate networks to operate legally.
To prevent this, paying attention to the things you install on your device is crucial. Don’t skip the steps, read the terms and conditions, and opt for a custom installation.
How to remove Search Marquis from Mac
If your Mac is infected with Search Marquis, don’t worry. I’ll guide you through different ways to help get rid of Search Marquis on your Mac.
Find and delete malicious files and apps
To begin, hunt for malicious files and apps on your Mac where Search Marquis may be hiding. To do this:
- Select Finder → click Go on the menu bar.
- Select Utilities.
- Open Activity Monitor.
- Look for suspicious or unfamiliar resource-intensive activities in the CPU, Memory, and Battery tabs.
Usually, it hides under an unthreatening name. If something seems questionable, Google about it.
- Once you’ve found the culprit, select the x button at the top left.
- Select Force Quit to confirm.
Note: You have to be careful when deleting files or processes. Deleting the wrong file may damage your system.
The process is similar when reviewing and deleting suspicious apps:
- Head to Finder → select Applications.
Alternatively, press Shift + Cmd + A.
- Look through your apps and see if there are any recent apps that you don’t remember downloading.
- Drag the app to the Trash and empty it.
Remove malicious profiles or login items
In business and company settings, IT admins use profiles to control the behavior of their employees’ devices. These profiles may restrict specific actions and configure their Macs to do different things.
Similarly, browser hijackers and adware may use configuration profiles to prevent users from removing malicious programs from their devices, including changing their browser settings. To check:
- Go to System Preferences → Users & Groups.
Usually, you can’t see this icon.
- If you see a Profiles icon, click it.
- Select any suspicious profile you may want to remove → hit the – button.
Some examples of profile configurations include TechSignalSearch, AdminPrefs, Chrome Settings, and MainSearchPlatform.
- Choose Remove.
Login items are items that are launched during startup. There may be potentially unwanted apps in here that you may want to delete:
- Go to System Preferences → Users & Groups.
- Click the Login items tab.
- Check if any login items shouldn’t be there.
Remove rogue files and leftovers
There may be some leftover and rogue files associated with Search Marquis hiding on your Mac. To find them, open Finder → Go → select Go to Folder. Next, type these in the folder search dialog box one at a time to hunt for any rogue files and leftovers associated with Search Marquis:
- /Library/LaunchAgents: Examine the contents of the LaunchAgents for sketchy-looking items. As noted above, these malicious files do not go with malicious-sounding names. Thus, it is important to search for recently added entities. Several examples of LaunchAgents related to Mac infections include: com.avickUpd.plist, com.updater.mcy.plist, com.pcv.hlpramc.plist, and com.msp.agent.plist.
- ~/Library/Application Support: Search for recently generated suspicious folders. Specifically, look for names that seem unrelated to Apple apps and products you don’t remember installing. Some commonly known malicious folder names include IdeaShared, ProgressSite, and UtilityParze.
- ~/Library/LaunchAgents: This will display LaunchAgents in your current user’s home directory. Search for items related to the virus and drag them to the Trash.
- /Library/LaunchDaemons: This path can help you find the files the malware is using for persistence. Some examples include com.ExpertModuleSearchDaemon.plist, com.applauncher.plist, and com.startup.plist.
Below are some other known malicious files:
- com.Search Marquis
- com.Search Marquis.plist
How to remove Search Marquis from Google Chrome or Safari
After clearing your Mac from any remaining traces of Search Marquis, check your browser for malicious extensions and any altered browser settings.
Search Marquis removal on Mac’s Safari
To check if there are any malicious extensions on your Safari:
- Open Safari → click Preferences on the menu bar.
- Select the General tab.
- If the Homepage field contains a different webpage, change it to the webpage you want to use.
- Go to the Extensions tab and find Search Marquis.
- Click Uninstall to remove the browser extension.
In some cases, there may be a bug that greys out the homepage field in Safari’s Preferences page, preventing any changes from sticking. Here’s a workaround:
- Open Safari → Preferences → General.
- Enter your desired homepage in the Homepage field, but don’t press the Return key. Instead, click any other tabs like Autofill or Tabs. Doing so will cause a prompt to show, asking to confirm the change.
- Go to the General tab to see if you could modify the homepage successfully.
Besides, some malicious programs may install managed preferences to change Safari’s homepage and search engine settings. If doing all the above didn’t help, try this:
- Quit Safari.
- Open Finder → Go → Go to Folder.
- Enter this in the Go Folder search field:
- If there’s a hit, delete the file and reopen Safari.
Search Marquis removal on Mac’s Chrome
The process is slightly similar on Chrome:
- Open Chrome → click Extensions.
Alternatively, click the three-dot icon → More Tools → Extensions.
- Look through suspicious extensions or those that you aren’t comfortable with.
Note: Most Adobe Flash extensions are frequently hacked.
- Click the three-dot icon → Settings → Search Engine.
- Set Google or any other search engine browser you prefer.
Cleanup browser search and homepage data
Finally, it’s crucial to revert the browser to default settings and clear your history.
I. On Safari
To clear your history:
- Open Safari → History. Go to the bottom and select Clear History.
- On the drop-down menu, select All history → choose Clear History.
Next, clear your website data:
- Go to Safari → Preferences.
- Click the Privacy tab → click Manage Website Data.
- Select Remove All → Remove Now to confirm.
To change your default search engine, open Safari → click Preferences → click the Search tab → select your preferred Search Engine.
Next, delete your caches: select the Advanced tab → tick Show Develop menu in menu bar → click Develop in the menu bar → Empty Caches.
II. On Chrome
To clear your history:
- Open Chrome → select History on the menu bar.
- Click Show Full History → select Clear browsing data.
- Select the time range and tick Browsing history, Cookies and other site data and Cached images and files.
- Click Clear data.
You should also change your default search engine that has been altered by Search Marquis. To do this:
- Click the three-dot icon → Settings → On startup.
- See if Bing.com or Search Marquis is selected.
- If yes, remove it by clicking the three-dot icon → Remove.
Use an anti-malware software
Another way to quickly scan for viruses and prevent future attacks and infections is to get anti-malware software. These antivirus programs regularly scan for viruses and offer protection and security for your Mac.
Your browser keeps redirecting to Search Marquis because you have installed a browser hijacker called Search Marquis. It configures your browser settings and preferences, which changes your search engine and homepage to Search Marquis.
Your Mac’s Safari is redirecting to Search Marquis because it has been infected by a redirect virus that gets on your Mac through unsafe free software downloads. This browser hijacker takes over your Safari browser and changes your default search engine and homepage to its fake search engine and homepage.
The easiest and fastest way to remove viruses and malware is by downloading malware removal tools like CleanMyMac X. You can also remove the virus manually by removing unknown profiles, apps, and leftover files on your Mac. You also need to remove unknown extensions, history, and caches, and change your browser’s default homepage
While it’s uncommon for Macs to be affected by viruses, it can still happen. Browser hijackers like Search Marquis make your browsing experience frustrating. It slows down your device’s performance and inundates you with ads and countless redirections.
You typically get Search Marquis bundled with free programs you download from the internet. Aside from the mentioned things, you can download malware protection and cleaning tools for your Mac to protect against future attacks.
Are you using antivirus software for your Mac? If so, what is it? Share in the comments below!