Safe Finder
Safe Finder is a rogue search engine created by Linkury ltd to enforce unwanted privacy settings on users’ browsers. As of 2020, Search Finder is the oldest active browser hijacker targeting macOS.
The company itself claims to promote ‘leading monetization innovation’ solutions. It has been active since 2009, first creating a browser hijacker for Windows under the Linkury brand, later migrating towards Mac at around 2014, which is the earliest dated sighting of Safe Finder.
Safe Finder’s results are taken directly from Yahoo Search. This makes the engine not directly malicious, but the nature of the way in which it is enforced on users without their consent casts a shade over any legitimacy of the app. Generally, it is distributed with other extensions that do not directly disclose they will add Search Finder as the homepage and search engine of choice. It is similar in nature and effects to Bing Redirect and Search Marquis.
SUMMARY:
Name | Safe Finder |
Type | Browser Hijacker |
Detection Tool |
How to get rid of Safe Finder
This is a quick attempt to get rid of Safe Finder. If it doesn’t work, there are multiple steps below you can try.
For Chrome:
- Type chrome://settings/ in Chrome -> Extensions
- Look for a Safe Finder extension or something else you can recognize as suspicious.
- Disable the suspected extensions to see if you can get rid of Safe Finder off your homepage and search engine when they are inactive.
- To check if you got rid of it, see if Safe Finder is set as the search engine by writing chrome://settings/ and scrolling down.
- If it’s set as the search engine, change the engine back to Google, then restart your browser.
- If Safe Finder doesn’t come back on restart, 1 of the extensions you disabled was the culprit. Enable them 1 by 1 until you find which one is creating the problem
- Remove it and you successfully got rid of Safe Finder!
Remove Safe Finder from Safari
If you want to remove Safe Finder on Safari, try this instead. It’s the same idea as with Chrome.
- Open Safari -> Preferences -> Extensions.
- Try to find an extension you suspect enforces Safe Finder and uncheck it.
- Change the search engine in Safari -> Preferences -> Search.
- You successfully removed Safe Finder if it doesn’t come back on a browser restart.
Enable and remove extensions until you’re sure which one caused the problem.
How to Remove Safe Finder from Mac
If none of the above works, try the instructions below. They are written in a very specific order, which we urge you to follow to the letter.
- Finder -> Go ->Utilities.
- Double-click Activity Monitor.
- Look for processes whose function you don’t know or take up large amounts of resources. The name can be practically anything.
- Reach the file of a process and upload it to our virus scanner below. It will be scanned with about 60 AV programs.
Use the scanner for all steps below which involve determining if a file is infected.
- If you find something, select it and click on the Stop in the upper left. When a follow-up dialog appears, choose Force Quit.
- Press Command-Shift-G
- Copy-paste /Library/LaunchAgents and click Go.
- Look in LaunchAgents for infected files and check them with the scanner. Check for files added around when Safe Finder appeared.
Example malware names which should help you spot infected files: com.msp.agent.plist, com.updater.mcy.plist com.pcv.hlpramc.plist, , com.avickUpd.plist. If you find an infected file, send them to the Trash.
- Press Command-Shift-G again and this time go to ~/Library/Application Support. Paste it with the ~ symbol.
- The step here is the same as LaungAgents above, but involves infected folders, not files. Look at the dates for folders added when Safe Finder appeared. The names should be similar to: OperativeProgram, ControlFraction, ConsumerOpinion, AnalyzerSkill, FractionData. Trash any malware folders you see.
- Command-Shift-G then enter ~/Library/LaunchAgents.
- Here, do the same as the above points. Avoid deleting anything that you know for sure is an Apple program file.
- Enter /Library/LaunchDaemons.
- The files here help Safe Finder restore itself, so there should definitely be something in here. Example malware files: plist, com.startup.plist, and com.ExpertModuleSearchDaemon.plist. Trash them.
- Finder -> Go -> Applications Look around for apps with the names in any of the prior steps involving files and folders and remove these entries. You may have to use your admin password to remove them.
- Click the Apple icon near Finder -> System Preferences->Users & Groups->Login Items. These are the things your Mac launches when it starts up. Select the minus to turn off anything suspicious. If you see something that you don’t think should be there, click the minus button.
- Back in System Preferences -> Profiles. Only your profile should be here. If you see Safari Settings, Main Search Platform or something that clearly isn’t your chosen names, click the minus sign below it.
- If none of the above helps, or you want to tell us something that was additionally needed to remove Safe Finder, please do so below in the comments. This guide was made by us and it successfully removes Safe Finder, but the creators of this malware frequently change things to make guides obsolete. Refreshing the instructions from time to time may be needed.
Hi Asadullah Mohammadi,
can you open the options menu on the program and see if there’s an option that is preventing you to uninstall it.
Hi marcus,
there are legit. Our team researched these IPs and they turned out to be harmless.
Hi earlred,
this one is ok it’s harmless and you can leave it as it is.
The safe finder program is just not getting uninstalled frim my control panrl
When i click uninstall nothing happens
Hi, Rishika. Does the account, you’re currently using have Administrator privileges? You need an Administrator account in order to uninstall programs from the computer. Also, if you can send a screenshot, we might be able to get a better grasp of the situation.
Hi, Raven, you can refer to our article named How to Remove Ads On Mac if you are seeking for a Mac adware removal guide.
We have created a separate guide for that which is where you should go. The guide’s title is How to Remove Ads On Mac. If you are having problems with your Mac, go ahead and check it out.
Were there any IP addresses in your Hosts file below “Localhost” (as described in Step 3 from our guide). Also, it would help us determine where the issue is coming from if you send us a screenshot of your program installs from your Control Panel (Step 2).
Your program installs seem to be in order. However, you did not send us a screenshot of your Hosts file. We strongly recommend that you check that since you’re likely to have some unwanted IP addresses there.
All of those IP’s below “localhost” seem to be coming from the unwanted software. Therefore, make sure to delete them and save the changes to the Hosts file.
Thank you almost all problems solved but Ludashi is stil present
We are glad that most of your problems have been dealt with. If you can send us a screenshot of what Lidashi is or explain to us what the exact issue is, we might be able to help you with that too.
great article with straight forward steps, thanks!!!
We are glad that our guide has helped you resolve your problem!
Follow the path to the specific file (it is shown in the sample text) and once you get there, scan the file via our scanner.
how would i get rid of this it pops up frequently and causes new tabs to open up in chrome with an ad or fake flashplayer like download.
What steps from the guide did you complete?
I would really appreciate some help with removing Safe Finder from my Safari. I am under a Proxy on Mozilla Firefox right now, but I don’t know how to use your malware scanner you provide. If you need to know, my Mac is updated to the most recent release (Mojave).
The first thing to do is complete the steps from the guide. The online scanner on our site is supposed to check separate files for malicious/questionable code. If you are referring to the suggested removal tool, you need to download it and purchase its license to use it. Then again, we still advise you to simply complete all of the steps from the guide and then, if this didn’t work, tell us about it.
Not effective at all. The version I got doesn’t show up in extensions, for chrome or safari, does not show the homepage being changed, and holding shift, or not, regardless of clearing data etc it always opens with the safefinder search in the browser, but not in the address bar.
It did not help at all, probably because the “homepage” slot is locked and cannot be changes, I also couldn’t find anyway to unlock it, it seems as the malware is locking it, so I can’t edit/change it, tho I was able to complete all the other steps succesfully.
If completing the guide isn’t enough to solve the issue, you may need to try the removal tool suggested in it.