Search Marquis redirect virus removal from Mac

Here is a summary of the Search Marquis Mac browser hijack problem so that you stay alert and learn to remove the virus that’s ruining your day.

With Mac infections steadily growing in quantity and quality, there is no such thing as too much caution when surfing the web and installing new apps. Browser redirect nasties currently occupy a dominant position in the hierarchy of these threats. They are incredibly sneaky, annoying, and difficult to get rid of. While many of these pests are short-lived and are replaced with rebranded counterparts in quick succession, some stick around for years. Search Marquis is one of those prolific strains. Launched in the summer of 2019, it continues to be in full swing in 2021. The main symptom has stayed invariable over time: users are constantly redirected to Bing via searchmarquis.com.

Searchmarquis.com mimics a classic search service

If you visit the rogue site on a healthy Mac, it doesn’t look malicious upon initial look-through. It feels like a commonplace search service that allows you to type a request and get the results. Things are different once malware steps in. Whenever you try to look up a keyword via the URL bar on Safari, Google Chrome, or Mozilla Firefox, the web traffic is tunneled through searchmarquis.com and lands on Bing – even if your default search engine is different. As this conspiracy evolves, it gets enhanced with additional interim sites. A few examples are searchbaron.com, searchsnow.com, searchitnow.info. The latest one is searchlee.com.

Searchmarquis.com and searchbaron.com fuel the same browser hijack scheme

The bewildering thing about this campaign is that Bing, a legitimate service from Microsoft, is the landing page in each redirect instance. What’s the whole point? The most plausible theory is that Search Marquis operators use the popular search provider to distract victims from the shadowy activity going on in the background. The fact that a series of interstitial URLs are resolved during the rerouting footwork remains a secondary experience many victims will simply overlook. Meanwhile, the evil domains are associated with ad network APIs backing a fraudulent traffic monetization game.

When redirected, Search Marquis victims hit Bing

Believe it or not, Search Marquis infiltrates Mac computers because the users allow it to. That’s not an informed decision, though. How so? The answer is all about bundling. This is a software marketing approach that cross-promotes multiple items within the same package as the app the person is knowingly installing. In this scenario, there is a big gap between the express (recommended) and custom installation option. The former installs a multi-element package in one go, and the latter allows you to uncheck whatever you think is redundant. Most people prefer the easy way, only to be ensnared by the likes of Search Marquis.

If you end up on the hook, the way out could be bumpy because this virus sprinkles its components wide across the Mac. Finding and deleting them manually is easier said than done, and yet it’s feasible. Read more to find out how.

Get rid of Search Marquis virus manually

Use the following instructions to remove the malicious app that causes Searchmarquis.com redirects on your Mac.

  1. Click the Go button in the Finder toolbar, select Utilities in the list, and double-click Activity Monitor.
  2. Check the running processes for suspicious entries. Pay special attention to unfamiliar items that gobble up more CPU and memory than others.
  3. Once you find the unwanted process, select it and click the X button in the top left-hand part of the screen. Click Force Quit in the dialog that will appear.Mac Quit process
  4. Open the Go menu in your Finder again and pick Go to Folder. This functionality allows you to navigate to any folder whose path you type in the search box.Mac Go to folder
  5. Type or paste ~/Library/LaunchAgents and press Enter. Check the LaunchAgents folder for dubious-looking items and move them to the Trash.
  6. Use the same shortcut to go to the following folders: /Library/LaunchAgents, /Library/LaunchDaemons, and ~/Library/Application Support. Delete all suspicious files you find in them.
  7. Go to Applications by choosing the relevant entry in your Finder’s Go drop-down menu. Go over the list to pinpoint the malicious app and move it to the Trash once found.Mac Delete application
  8. Now, open System Preferences and go to Users & Groups. Click the Login Items tab, locate the unwanted entry, and remove it by clicking the “minus” sign. Note that you’ll need to click the padlock icon and type your user account password to make changes there.Mac Remove malicious login item
  9. Go to Profiles under System Preferences. If there is no such component in the list, proceed to the next step. If the Profiles icon is there, click it, select the malware-installed profile, and delete it by hitting the “minus” sign.
  10. Empty your Trash.

Fix the SearchMarquis.com redirect issue at the browser level

After uninstalling the malicious app, you aren’t done yet. Since your web browsers are still being affected, you’ll need to take a few extra steps to address the nuisance.

  1. Remove Search Marquis from Safari

    • Open the Safari menu and choose Preferences. Click the Advanced tab and enable the option saying Show Develop menu in menu bar.
    • Once the Develop menu appears in the toolbar at the top of the screen, click it and select Empty Caches.Mac Safari Empty caches
    • Next, go to History, pick Clear History, and use on-screen tips to purge all history data from Safari.Mac Safari Clearing history
    • Open Safari’s Preferences again, select the Privacy tab, click Manage Website Data, use the Remove All button to delete website data.Mac Safari Remove website data
    • Relaunch Safari.

  2. Get rid of Searchmarquis.com redirect on Google Chrome

    • Open Chrome, click the menu button at the top right, and proceed to Settings. Chose Advanced and click Reset settings.
    • Then, click the button that says Restore settings to their original defaults. Confirm the action by clicking Reset settings as shown below.Mac Reset settings Chrome
    • Restart Chrome.

  3. Remove Search Marquis virus from Mozilla Firefox

    • Open Firefox, go to its main menu, select Help, and click Troubleshooting Information.
    • Spot the section that says Give Firefox a tune up and click Refresh Firefox.Refresh Firefox on Mac
    • Relaunch Firefox.

If you have diligently followed all the above steps and succeeded in identifying and removing malicious files, the Search Marquis problem should vanish. To keep such threats from messing around with your Mac down the road, exert caution with app bundles that may hide shady software in plain sight.

Leave a Reply

Your email address will not be published. Required fields are marked *