fbpx

How to Get Rid of Safe Finder

 

Safe Finder

Safe Finder is a rogue search engine created by Linkury ltd to enforce unwanted privacy settings on users’ browsers. As of 2020, Search Finder is the oldest active browser hijacker targeting macOS.

Safe Finder

Safe Finder is a potentially unwanted application

The company itself claims to promote ‘leading monetization innovation’ solutions. It has been active since 2009, first creating a browser hijacker for Windows under the Linkury brand, later migrating towards Mac at around 2014, which is the earliest dated sighting of Safe Finder.

How to get rid of Safe Finder

Safe Finder

Safe Finder’s results are taken directly from Yahoo Search. This makes the engine not directly malicious, but the nature of the way in which it is enforced on users without their consent casts a shade over any legitimacy of the app. Generally, it is distributed with other extensions that do not directly disclose they will add Search Finder as the homepage and search engine of choice. It is similar in nature and effects to Bing Redirect and Search Marquis.

How to Remove Safe Finder

How to get rid of Safe Finder?

SUMMARY:

Name Safe Finder
Type Browser Hijacker
Detection Tool

 

How to get rid of Safe Finder

This is a quick attempt to get rid of Safe Finder. If it doesn’t work, there are multiple steps below you can try.

For Chrome:

  1. Type chrome://settings/ in Chrome -> Extensions
  2. Look for a Safe Finder extension or something else you can recognize as suspicious.
  3. Disable the suspected extensions to see if you can get rid of Safe Finder off your homepage and search engine when they are inactive.
  4. To check if you got rid of it, see if Safe Finder is set as the search engine by writing chrome://settings/ and scrolling down.
  5. If it’s set as the search engine, change the engine back to Google, then restart your browser.
  6. If Safe Finder doesn’t come back on restart, 1 of the extensions you disabled was the culprit. Enable them 1 by 1 until you find which one is creating the problem
  7. Remove it and you successfully got rid of Safe Finder!

Remove Safe Finder from Safari

If you want to remove Safe Finder on Safari, try this instead. It’s the same idea as with Chrome.

  1. Open Safari -> Preferences -> Extensions.
  2. Try to find an extension you suspect enforces Safe Finder and uncheck it.
  3. Change the search engine in Safari -> Preferences -> Search.
  4. You successfully removed Safe Finder if it doesn’t come back on a browser restart.

 Enable and remove extensions until you’re sure which one caused the problem.

How to Remove Safe Finder from Mac

If none of the above works, try the instructions below. They are written in a very specific order, which we urge you to follow to the letter.

  1. Finder -> Go ->Utilities.
  2. Double-click Activity Monitor.
  3. Look for processes whose function you don’t know or take up large amounts of resources. The name can be practically anything.
  4. Reach the file of a process and upload it to our virus scanner below. It will be scanned with about 60 AV programs.

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Loading
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

     

    Use the scanner for all steps below which involve determining if a file is infected.

    1. If you find something, select it and click on the Stop in the upper left. When a follow-up dialog appears, choose Force Quit.
    2. Press Command-Shift-G
    3. Copy-paste /Library/LaunchAgents and click Go.
    4. Look in LaunchAgents for infected files and check them with the scanner. Check for files added around when Safe Finder appeared.

    Example malware names which should help you spot infected files: com.msp.agent.plist, com.updater.mcy.plist com.pcv.hlpramc.plist, , com.avickUpd.plist. If you find an infected file, send them to the Trash.

    1. Press Command-Shift-G again and this time go to ~/Library/Application Support. Paste it with the ~ symbol.
    2. The step here is the same as LaungAgents above, but involves infected folders, not files. Look at the dates for folders added when Safe Finder appeared. The names should be similar to: OperativeProgram, ControlFraction, ConsumerOpinion, AnalyzerSkill, FractionData. Trash any malware folders you see.
    3. Command-Shift-G then enter ~/Library/LaunchAgents.
    4. Here, do the same as the above points. Avoid deleting anything that you know for sure is an Apple program file.
    5. Enter /Library/LaunchDaemons.
    6. The files here help Safe Finder restore itself, so there should definitely be something in here. Example malware files: plistcom.startup.plist, and com.ExpertModuleSearchDaemon.plist. Trash them.
    7. Finder -> Go -> Applications Look around for apps with the names in any of the prior steps involving files and folders and remove these entries. You may have to use your admin password to remove them.
    8. Click the Apple icon near Finder -> System Preferences->Users & Groups->Login Items. These are the things your Mac launches when it starts up. Select the minus to turn off anything suspicious. If you see something that you don’t think should be there, click the minus button.
    9. Back in System Preferences -> Profiles. Only your profile should be here. If you see Safari Settings, Main Search Platform or something that clearly isn’t your chosen names, click the minus sign below it.
    10. If none of the above helps, or you want to tell us something that was additionally needed to remove Safe Finder, please do so below in the comments. This guide was made by us and it successfully removes Safe Finder, but the creators of this malware frequently change things to make guides obsolete. Refreshing the instructions from time to time may be needed.
    blank

    About the author

    blank

    Violet George

    Violet is an active writer with a passion for all things cyber security. She enjoys helping victims of computer virus infections remove them and successfully deal with the aftermath of the attacks. But most importantly, Violet makes it her priority to spend time educating people on privacy issues and maintaining the safety of their computers. It is her firm belief that by spreading this information, she can empower web users to effectively protect their personal data and their devices from hackers and cybercriminals.

    22 Comments

    • Hi Asadullah Mohammadi,
      can you open the options menu on the program and see if there’s an option that is preventing you to uninstall it.

      • Hi, Rishika. Does the account, you’re currently using have Administrator privileges? You need an Administrator account in order to uninstall programs from the computer. Also, if you can send a screenshot, we might be able to get a better grasp of the situation.

    • Hi, Raven, you can refer to our article named How to Remove Ads On Mac if you are seeking for a Mac adware removal guide.

    • We have created a separate guide for that which is where you should go. The guide’s title is How to Remove Ads On Mac. If you are having problems with your Mac, go ahead and check it out.

    • Were there any IP addresses in your Hosts file below “Localhost” (as described in Step 3 from our guide). Also, it would help us determine where the issue is coming from if you send us a screenshot of your program installs from your Control Panel (Step 2).

    • Your program installs seem to be in order. However, you did not send us a screenshot of your Hosts file. We strongly recommend that you check that since you’re likely to have some unwanted IP addresses there.

    • All of those IP’s below “localhost” seem to be coming from the unwanted software. Therefore, make sure to delete them and save the changes to the Hosts file.

    • Follow the path to the specific file (it is shown in the sample text) and once you get there, scan the file via our scanner.

    • how would i get rid of this it pops up frequently and causes new tabs to open up in chrome with an ad or fake flashplayer like download.

    • I would really appreciate some help with removing Safe Finder from my Safari. I am under a Proxy on Mozilla Firefox right now, but I don’t know how to use your malware scanner you provide. If you need to know, my Mac is updated to the most recent release (Mojave).

      • The first thing to do is complete the steps from the guide. The online scanner on our site is supposed to check separate files for malicious/questionable code. If you are referring to the suggested removal tool, you need to download it and purchase its license to use it. Then again, we still advise you to simply complete all of the steps from the guide and then, if this didn’t work, tell us about it.

    • Not effective at all. The version I got doesn’t show up in extensions, for chrome or safari, does not show the homepage being changed, and holding shift, or not, regardless of clearing data etc it always opens with the safefinder search in the browser, but not in the address bar.

    • It did not help at all, probably because the “homepage” slot is locked and cannot be changes, I also couldn’t find anyway to unlock it, it seems as the malware is locking it, so I can’t edit/change it, tho I was able to complete all the other steps succesfully.

      • If completing the guide isn’t enough to solve the issue, you may need to try the removal tool suggested in it.

    Leave a Comment