Search Snow Removal Mac

Mac Virus
by Lidia Howler
September 10, 2020

What is Search Snow?

Search Snow is the name given to a colloquial group of malware that redirects to searchsnow.com and takes over users’ search engines. Search Snow is closely associated with Search Marquis and Search Baron, sometimes redirecting to them instead.   

search snow

The Search Snow virus replaces the default search engine and homepage settings with the searchsnow.com URL

Websites like the three mentioned above are commonly classified as browser hijackers by the antivirus community, which is considered one of the lowest-damaging type of malware. Some dispute if it can even be called malware. Search Snow in particular does not seem to directly lead to malware. Its incursion is much more privacy-based than anything else, and most notably it seems to work as a gateway redirect to other browser hijackers. Another important feature is that the code injected in your browser’s settings makes it impossible for searchsnow.com to be removed through a normal setting without cleanup beforehand, or it will return. 

SUMMARY:

Name Search Snow
Type Browser Hijacker
Detection Tool

 

Search Snow Removal from Mac

  1. Start you mac’s Finder and navigate to ApplicationsUtilitiesTerminal.
  2. Write the following in the Terminal: sudo nano /private/etc/hosts , and hit Enter. Write your Mac’s password if it is required.
  3. You are now in the Hosts file. You need to include these lines in the file:
    0.0.1 searchsnow.net
    127.0.0.1 searchsnow.com
    127.0.0.1 searchsnow.io
    127.0.0.1 searchmarquis.com
    127.0.0.1 searchbaron.com
    Place them between 127.0.0.1 localhost and 255.255.255.255 broadcasthost.
  4. Save the file with Command + O, then exit it with Control + X.
  5. Reboot your mac and see if the changes helped. In theory this should prevent the malware websites from interfering with your system, but there may still be latent changes in your browsers. Next. it’s time to clean them up.

 Search Snow Removal from Chrome

  1. Start Chrome and enter chrome://settings/ in the bar you type websites in.
  2. Go in the Extensions tab and look for extensions resembling Search Snow in name.
  3. If you don’t recognize an extension, the easiest way to spot if it’s shady is to click it for their details and search the internet with them. Remove any extensions you don’t think should be on your browser – at worst you’ll have to reinstall legitimate extensions.
  4. Next, go to Chrome’s settings (the three-dotted line in upper right).
  5. Go down the settings to your search engines and see if anything besides your chosen search engine was forced. If searchsnow.com is there, remove it.

 Search Snow Removal from Safari

  1. Open Safari, then go to Preferences – then the Extensions tab.
  2. Look for Search Snow and anything suspicious-looking in the Extensions menu.
  3. If you can’t determine what is suspicious, the easiest way is to check each extension’s details, then search the internet with those details and see if it’s something shady.
  4. Click on the Uninstall button to remove Search Snow. Additional names in this case can be Search Baron or Search Marquis.

If the above doesn’t work, there is another method to remove Search Snow – the problem with it is that it will require you to look in some folders, and not only look, but we can’t tell you the exact files you need to remove because the malware changes their names. We will give you as close of an approximation as we can.

We suggest you drag and drop each file you suspect in our online malware scanner:

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Full ScanUpload New File
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Loading
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

     

     

    First, you need to enter your System Library. To do that: finder – Take the cursor on the top menu bar – Go – computer – Macintosh HD

    In that folder, try to find anything you believe might be malware in Applications.

    Next, go in your User Library: Finder – Go – hold your option key – Library. Again look for a folder you can associate with Search Snow. Look for files like:

    • msets.plist
    • rlist.plist

    Other sample files used by malware you can look for:

    • amcuninstall
    • com.pcv.amcuuninstall.plist
    • com.pcv.hlpramcn.plist
    • helperamc
    • Inf.Adit

    Type /Library/LaunchAgents in the folder search – Go.

    Example files to look for:

    • com.pcv.hlpramc.plist
    • com.updater.mcy.plist
    • com.avickUpd.plist
    • com.msp.agent.plist

    Navigate the same way to ~/Library/Application Support

    Look for folders like LinkBranchProgressMatchSystemSpecial, and IdeaShared. These are the types of names used by real malware.

    Go to  /Library/LaunchDaemons and look for files like com.pplauncher.plistcom.startup.plist, and com.ExpertModuleSearchDaemon.plist.


    About the author

    blank

    Lidia Howler

    Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

    View all posts

    Leave a Comment