Safe Finder is a rogue search engine created by Linkury ltd to enforce unwanted privacy settings on users’ browsers. As of 2020, Search Finder is the oldest active browser hijacker targeting macOS.
The company itself claims to promote ‘leading monetization innovation’ solutions. It has been active since 2009, first creating a browser hijacker for Windows under the Linkury brand, later migrating towards Mac at around 2014, which is the earliest dated sighting of Safe Finder.
Safe Finder’s results are taken directly from Yahoo Search. This makes the engine not directly malicious, but the nature of the way in which it is enforced on users without their consent casts a shade over any legitimacy of the app. Generally, it is distributed with other extensions that do not directly disclose they will add Search Finder as the homepage and search engine of choice. It is similar in nature and effects to Bing Redirect and Search Marquis.
Some threats reinstall themselves if you don't delete their core files. We recommend downloading ComboCleaner to remove harmful programs for you. This may save you hours and ensure you don't harm your system by deleting the wrong files.
How to get rid of Safe Finder
This is a quick attempt to get rid of Safe Finder. If it doesn’t work, there are multiple steps below you can try.
- Type chrome://settings/ in Chrome -> Extensions
- Look for a Safe Finder extension or something else you can recognize as suspicious.
- Disable the suspected extensions to see if you can get rid of Safe Finder off your homepage and search engine when they are inactive.
- To check if you got rid of it, see if Safe Finder is set as the search engine by writing chrome://settings/ and scrolling down.
- If it’s set as the search engine, change the engine back to Google, then restart your browser.
- If Safe Finder doesn’t come back on restart, 1 of the extensions you disabled was the culprit. Enable them 1 by 1 until you find which one is creating the problem
- Remove it and you successfully got rid of Safe Finder!
Remove Safe Finder from Safari
If you want to remove Safe Finder on Safari, try this instead. It’s the same idea as with Chrome.
- Open Safari -> Preferences -> Extensions.
- Try to find an extension you suspect enforces Safe Finder and uncheck it.
- Change the search engine in Safari -> Preferences -> Search.
- You successfully removed Safe Finder if it doesn’t come back on a browser restart.
Enable and remove extensions until you’re sure which one caused the problem.
How to Remove Safe Finder from Mac
If none of the above works, try the instructions below. They are written in a very specific order, which we urge you to follow to the letter.
- Finder -> Go ->Utilities.
- Double-click Activity Monitor.
- Look for processes whose function you don’t know or take up large amounts of resources. The name can be practically anything.
- Reach the file of a process and upload it to our virus scanner below. It will be scanned with about 60 AV programs.
Use the scanner for all steps below which involve determining if a file is infected.
- If you find something, select it and click on the Stop in the upper left. When a follow-up dialog appears, choose Force Quit.
- Press Command-Shift-G
- Copy-paste /Library/LaunchAgents and click Go.
- Look in LaunchAgents for infected files and check them with the scanner. Check for files added around when Safe Finder appeared.
Example malware names which should help you spot infected files: com.msp.agent.plist, com.updater.mcy.plist com.pcv.hlpramc.plist, , com.avickUpd.plist. If you find an infected file, send them to the Trash.
- Press Command-Shift-G again and this time go to ~/Library/Application Support. Paste it with the ~ symbol.
- The step here is the same as LaungAgents above, but involves infected folders, not files. Look at the dates for folders added when Safe Finder appeared. The names should be similar to: OperativeProgram, ControlFraction, ConsumerOpinion, AnalyzerSkill, FractionData. Trash any malware folders you see.
- Command-Shift-G then enter ~/Library/LaunchAgents.
- Here, do the same as the above points. Avoid deleting anything that you know for sure is an Apple program file.
- Enter /Library/LaunchDaemons.
- The files here help Safe Finder restore itself, so there should definitely be something in here. Example malware files: plist, com.startup.plist, and com.ExpertModuleSearchDaemon.plist. Trash them.
- Finder -> Go -> Applications Look around for apps with the names in any of the prior steps involving files and folders and remove these entries. You may have to use your admin password to remove them.
- Click the Apple icon near Finder -> System Preferences->Users & Groups->Login Items. These are the things your Mac launches when it starts up. Select the minus to turn off anything suspicious. If you see something that you don’t think should be there, click the minus button.
- Back in System Preferences -> Profiles. Only your profile should be here. If you see Safari Settings, Main Search Platform or something that clearly isn’t your chosen names, click the minus sign below it.
- If none of the above helps, or you want to tell us something that was additionally needed to remove Safe Finder, please do so below in the comments. This guide was made by us and it successfully removes Safe Finder, but the creators of this malware frequently change things to make guides obsolete. Refreshing the instructions from time to time may be needed.