May. 21st, 2021

fivemack: (Default)
I have spent a few hours over the last two days trying to remove SearchBaron malware from Kirsten's Mac.

The final step, and one that I had to figure out rather than following Web tutorials, was to note that SearchBaron contrives, for each page you visit after searching with it, to add a custom Chrome search engine with that page's URL as the keyword. Which means that, if you click in the search bar from such a page, you end up at SearchBaron rather than Google.

'Reset settings' in Chrome does not delete the custom search engines, nor is there obviously a UI element for deleting them all at once.

If you scroll down to the bottom of the (obviously very long if the machine has been infected for any length of time) list you can click delete repeatedly rather than having to reposition the mouse after deleting each one manually.

There is a Chrome extension that prevents pages from setting custom search engines, which I've installed on that Mac.

Can anyone reading this think of a better (more google-juice) place I could put this writeup; I tried adding a comment on the macsecurity.net post about SearchBaron but their comment engine isn't working.

Mac malware removal has an especially bad case of malicious search-engine optimisation around it, which would be challenging to compete with.

March 2024

S M T W T F S
     12
3456789
10111213141516
17181920212223
24 252627282930
31      

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Aug. 15th, 2025 06:50 am
Powered by Dreamwidth Studios