Remove Search Baron virus from Mac (2022 Guide)

remove search baron virus from mac easily

Search Baron virus annoys Mac Chrome and Safari users daily

Contents

Search Baron virus annoys Mac Chrome and Safari users daily
- Intermediate redirects for monetization purposes
- The hijacker initiates tracking activities on user’s computer
Rise in Mac threats: common distribution vectors
Remove Search Baron from Mac easily

Search Baron virus is a persistent Mac browser hijacker that initiates intermediate redirects to searchbaron.com and related domains before landing the user on Bing search results. This potentially unwanted program mainly targets to hijack Google Chrome and Safari browsers. Cybersecurity experts name several apps triggering these redirects, latest ones being Spaces.app, ScreenCapture.app, ScreenSaver.app and others. The redirect chain starts when the user enters a search query into URL bar. The hijacker then causes series of intermediate visits to known malicious domains or pages hosted on Amazon Web Services. It is believed that cybercriminals are using high-reputation cloud networks to bypass antivirus detection and blacklisting.

Users infected with Searchbaron.com redirect virus typically notice an unknown URL popping-up in the address bar after entering a search query via Chrome or Safari URL bar. However, the program associated with this infection can hardly be noticed on Mac without professional antivirus because these rogue programs typically are named as legitimate Mac tools. After being installed, these unwanted apps will ask for access to control Safari.app or another web browser (such as Chrome). Allowing control will provide access to documents and data in the browser and permit actions within that app.

Follow easy instructions to get rid of this annoying Mac browser hijacker.

Intermediate redirects for monetization purposes

The primary aim of this browser hijacker is to generate revenue for its developers using victim’s computer. To put it simply, the hijacker’s developers make it cause a redirect chain to a list of domains before landing the user on a legitimate-looking Bing search results page. However, these intermediate domains is the actual concern – including domains like searchnewworld.com, searchroute-1560352588.us-west-2.elb.amazonaws.com, hut.brdtxhea.xyz, mybrowser-search.com and others. Unfortunately, regular user might not notice what’s happening in the URL bar as these redirects take only part of a second to occur; in fact, it can be hard to notice and require tools for redirect path tracking.

Although this browser hijacker doesn’t meet the characteristics of a real computer virus, its annoying activities has earned it this title from Mac users. Therefore, we may refer to it this way throughout the article.

The hijacker initiates tracking activities on user’s computer

During its stay on victim’s Mac, Search Baron virus monitors user’s activity online. For example, it can gather your browsing history, search queries entered, operating system version, geolocation, or even more sensitive details such as IP address. While the full list of collected information is unknown and might change, we’d like to remind you that keeping such spyware-type program on a computer is not a good idea. In the worst scenario, spyware-type programs might steal sensitive information such as your email, login credentials and other valuable data.

Collected information can be transferred or sold to third-parties or used to display targeted advertisements. In fact, showing deceptive ads is also one of SearchBaron.com hijacker’s capabilities. It is well-known for displaying fake “Your Computer is Low on Memory” pop-ups. These pop-ups have nothing to do with actual computer status, and clicking ‘Close’ on them can redirect you to webpages promoting hardly trustworthy Mac repair tools.

The hijacker asks to access control of your browser, then displays deceptive pop-ups about Mac’s low memory status.

If you have noticed suspicious activity on your computer, including a flow of pop-ups and browser redirects, you should remove Search Baron virus from Mac as soon as possible. You can try to do it manually using in-detail manual removal guide down below, or run a system scan with robust Mac antivirus INTEGO. This software scores 100% detection rate in OS X specific malware tests, as described in its review.

AUTOMATIC REMOVAL

See Full Review

Remove Search Baron virus using INTEGO ANTIVIRUS for Mac (includes scanning for iOS devices). The one-of-a-kind security suite provides VirusBarrier X9 real-time protection against Mac and Windows-based malware, removes existing threats and scans for malware in popular e-mail clients. Includes NetBarrier X9, an intelligent firewall for home, work and public connections.

Name	Search Baron browser hijacker, SearchBaron.com redirect
Type	Browser Hijacker, Browser redirect virus, Mac virus
IP	151.139.128.10, 13.32.255.71, 204.11.56.48
Associated domains	SearchMarquis.com, SearchLee.com, searchnewworld.com, searchroute-1560352588.us-west-2.elb.amazonaws.com, hut.brdtxhea.xyz, mybrowser-search.com
Activity	Causes a redirect chain when user attempts to use web search, visits questionable domains, displays ads, deteriorates web browsing experience, causes Bing redirects
Distribution	Hides in freeware bundles, fake software update ads, deceptive pop-ups, torrents and similar
Removal	Get rid of Search Baron using manual instructions below or scan with INTEGO, Mac-specific antivirus scoring 100% in detection tests.

GET INTEGO ANTIVIRUS FOR MAC

It is important to mention that Mac computers are no longer resistant to infections in 2021. To be precise, this operating system is prone to various adware and browser-hijacking app infections. Examples of highly widespread annoyances include Searchlee.com redirect, ExtendedLibrary, Adload, UpdaterSync, iPhone Calendar virus, YOUR IPHONE HAS BEEN COMPROMISED scam and others. For this reason, using a good antivirus with real-time protection is a highly recommended option to avoid installation of such threats.

Rise in Mac threats: common distribution vectors

When it comes to distribution of apps causing Search Baron redirects, the primary tactic is to include them in various software bundles. Bundling is a marketing technique used to push users additional applications alongside popular tools, such as download agents, games, video editing software and similar. The problem is that installers of such programs are kind of deceptive as they hardly ever inform the user about the bundled extras in a straightforward way. Often times, the user oversees the checkboxes meant to disable installation of ‘recommended third-party programs’, if any provided. This happens because these suggestions are presented in fine print (most of the time).

Another way to distribute such programs is hide them among fake software update installers. These can be encountered while surfing on hardly trustworthy web domains. That said, we recommend you to avoid installing suggested updates from random websites; if you suspect that you’re using an outdated version of specific software, check suggested updates via App Store or head to the program’s official developer’s website.

Remove Search Baron from Mac easily

If you’re here to find out how to remove Search Baron from Chrome or Safari on Mac, you’ve come to the right place. Here, you can find a manual uninstall guide prepared by our experts. Make sure you complete each step as explained. The manual guide below explains how to remove core components of unwanted spyware/malware related to searchbaron.com redirects.

However, we would like to point out that programs pushing these intrusive redirects often change names, and without automatic malware removal program, it can be tricky to identify the culprit. Therefore, you will have to use your own judgement on which components to remove from your Mac.

If you decide to save some time and opt for quick and easy Search Baron removal using Mac antivirus, we strongly recommend using INTEGO. It is an award-winning product with excellent detection rate.

OUR GEEKS RECOMMEND

Keep your Mac virus-free with INTEGO, an exceptional antivirus with an option to scan other iOS devices. The VirusBarrier X9 offers 24/7 real-time protection against Mac and Windows malware, includes intelligent firewall (NetBarrier X9) for protecting your incoming/outgoing connections at home, work or public hotspots and more.

INSTALL INTEGO

INTEGO antivirus is one of the leading security products for Mac that includes VirusBarrier X9 and NetBarrier X9 features allowing detection of viruses, ransomware, adware, browser hijackers, Trojans, backdoors and other threats and blocks suspicious network connections. If any detections are found, the software will eliminate them. Learn more about the software's features in its full review.

GeeksAdvice.com editors select recommended products based on their effectiveness. We may earn a commission from affiliate links, at no additional cost to you. Learn more.

Search Baron virus Removal Tutorial

Use the following guidelines to get rid of Search Baron virus on Mac. You will need to eliminate suspicious components from several system folders, move unwanted applications to Trash, delete shady profiles and login items created by the potentially unwanted program. Once you complete these steps, follow the instructions how to clean each affected web browser individually.

Eliminate components of unwanted program from Mac system folders

Click Go in the Mac's Finder toolbar and select Utilities.
Here, double-click Activity Monitor app.
In Activity Monitor, you will need to identify suspicious and resource-consuming apps, select them and click the X (Stop) button in the upper left corner of the window. Our suggestion is to search for Mac Security Plus, Spaces, BeAware, ScreenCapture or ScreenSaver apps and similar ones.
After clicking the Stop button for an app, you will see a prompt asking do you really want to quit this process. Click Force Quit to continue.
Now, click the Go button in Mac's Finder toolbar and select Go to Folder...
Here, enter /Library/LaunchAgents and click Go.
Look through the opened folder for suspicious components that possibly belong to the Search Baron virus. Our recommendation is to look for unrecognized and recently added files. Then, move them to Trash/Bin.
However, malware names hardly ever signal that they are somehow malicious, so you might want to check some questionable names online. For instance, examples of Mac malware related files include com.DataSearch.plist, com.ExpertModuleSearchP.plist, com.pcv.hlpramc.plist, com.updater.mcy.plist, com.avickUpd.plist, com.msp.agent.plist and similar.
Using the Go to Folder feature, navigate to a location called ~/Library/Application Support. You can simply copy and paste this path to the go to Folder window and click Go.
Here, identify suspicious folders and move them to Trash. Again, you need to use your common sense and look for recently added programs that aren't related to Mac OS or apps you installed willingly. Examples of unwanted folders include SystemSpecial, IdeaShared, ProgressMatch and DataSearch.
Use Go to Folder feature once more to navigate to ~/Library/LaunchAgents.
Here, identify suspicious components and move them to Trash.
Now, navigate to /Library/LaunchDaemons and eliminate strange or suspicious-looking components possibly related to Search Baron virus. Known examples of Mac-related malware store com.pplauncher.plist, com.ExpertModuleSearchDaemon.plist, com.DataSearchP.plist, com.startup.plist and similarly named files here.

Move unwanted applications to Trash

Click on Finder.
Go to Applications folder.
Look for suspicious applications you can't remember installing. Right-click them and select Move to Trash.
After moving all suspicious apps to Trash, right-click the Trash bin in Mac's Dock and select Empty Trash.

Remove unwanted startup applications on Mac

Click on the Apple logo in the upper left corner and open System Preferences.
In System Preferences, go to Users & Groups.
Open Login items tab and look for suspicious applications that start during the Mac startup. Select unwanted app and click on minus (-) button to remove it from the list.

Delete malicious configuration profiles

Go back by clicking < or close the window and reopen System Preferences via Mac toolbar. Go to Profiles.
In Profiles, inspect entries on the left pane. Look for suspicious configuration profiles hijacking your browsers' settings and click the minus (-) button to remove them. Examples of known malicious profiles include Chrome Settings, AdminPrefs, Safari Settings, MainSearchPlatform, TechSignalSearch, TechLetterSearch and similar. In example below, the profile includes a suspicious link, although it can contain a function to force browser changes when user tries to revert them.

Safari Chrome Firefox

Remove Search Baron virus from Safari

Uninstall suspicious Safari extensions

Open Safari and click on Safari button in the top left corner. Select Preferences in the menu that appears on the screen.
Now, go to Extensions tab. Look at the left to see all installed extensions, click on suspicious ones and hit that Uninstall button as shown in the picture. Confirm your choice by clicking Uninstall again. Repeat until you get rid of all unwanted extensions.

Change Safari Homepage and default search engine

In Preferences, open the General tab. Here, check what URL is set as your homepage. Delete it and type in whatever URL you want to set as your Safari Start Page.
Next, go to the Search tab. Here, choose what Search engine you want to set as default.
Next, click on Manage websites... then Remove all... and then Done.

Remove push notifications on Safari

Some suspicious websites can try to corrupt your Safari by asking to enable push notifications. If you have accidentally agreed, your browser will be flooded with various intrusive advertisements and pop-ups. You can get rid of them by following this quick guide:

Open Safari and click on Safari button in the top-left corner of the screen to select Preferences;
Go to Websites tab and navigate to Notifications on the left side toolbar.

Reset Safari

Click on Safari > Clear History...
Then choose to clear All history and hit Clear History button to confirm.
Go to Safari > Preferences and then open Privacy tab.
Click Manage Website Data... then Remove All. To finish, click Done.
Finally, clear Safari cache. In Safari Menu, click Develop > Clear Cache.

Safari Chrome Firefox

Remove Search Baron virus from Google Chrome

Remove suspicious Chrome extensions

Open Chrome and type chrome://extensions into address bar and press Enter.
Here, look for suspicious extensions, and Remove them.
Don't forget to confirm by pressing Remove in the confirmation pop-up.

Change Start Page settings

In Chrome address bar, type chrome://settings and press Enter.
Scroll down to the On startup section. Check for suspicious extensions controlling these settings, and Disable them.
Additionally, you can set browser to Open a specific page or set of pages via these settings. Simply choose this option, click Add a new page, enter your preferred URL (f.e. www.google.com) and press Add.

Change default search settings

In Chrome URL bar, type chrome://settings/searchEngines and press Enter. Make sure you type searchEngines, not searchengines. Additionally, you can go to chrome://settings and find Manage search engines option.
First, look at the list of search engines and find the one you want to set as default. Click the three dots next to it and select Make Default.
Finally, look through the list and eliminate suspicious entries. Right-click the three dots and select Remove from the list.

Remove push notifications from Chrome

If you want to get rid of the annoying ads and so-called push-notifications viruses, you must identify their components and clean your browser. You can easily remove ads from Chrome by following these steps:

In Google Chrome, press on Menu (upward arrow) in the top-right corner of the window.
Select Settings.
Go to Privacy and Security > Site Settings.
Open Notifications.
Here, go to the Allow list and identify suspicious URLs. You can either Block or Remove by pressing on the three vertical dots on the right side of the URL. However, we suggest the Block option, so the site won't ask you to enable the notifications if you ever visit it again.

Reset Google Chrome browser

The final option is to reset Google Chrome. Type chrome://settings in the URL bar, press Enter and then scroll down until you see Advanced option. Click it and scroll to the bottom of the settings.
Click Restore settings to their original defaults.
Click Restore settings to confirm.

Safari Chrome Firefox

Remove Search Baron virus from Mozilla Firefox

Remove unwanted add-ons from Firefox

Open Firefox and type about:addons in the URL bar. Press Enter.
Now, click on Extensions (in the left section).
Click Remove next to every suspicious browser add-on that you can't remember installing.

Change Firefox Homepage

In Firefox address bar, type about:preferences and hit Enter.
Look at the left and click the Home tab.
Here, delete the suspicious URL and type or paste in the URL of a website you'd like to set as your homepage.

Alter preferences in Firefox

Type about:config in Firefox address bar and hit Enter.
Click I accept the risk! to continue.
Here, type in the URL which has taken over your browser without your knowledge. Right-click each value that includes it and choose Reset.

Remove annoying push notifications from Firefox

Suspicious sites that ask to enable push notifications gain access to Mozilla's settings and can deliver intrusive advertisements when browsing the Internet. Therefore, you should remove access to your browser by following these simple steps:

In Mozilla Firefox, click on Menu (the three horizontal bars) on the top-right corner of the window, then choose Options.
Click on Privacy and Security, then scroll down to Permissions section.
Here, find Notifications and click Settings button next to it.
Identify all unknown URLs and choose to Block them. Click Save Changes afterward.

Reset Mozilla Firefox

In Firefox, type about:support in the address bar and press Enter.
Click on Refresh Firefox...
Click Refresh Firefox again to confirm.

Disclaimer. This site includes affiliate links. We may earn a small commission by recommending certain products, at no additional cost for you. We only choose quality software and services to recommend.

Norbert Webb

Norbert Webb is the head of Geek’s Advice team. He is the chief editor of the website who controls the quality of content published. The man also loves reading cybersecurity news, testing new software and sharing his insights on them. Norbert says that following his passion for information technology was one of the best decisions he has ever made. “I don’t feel like working while I’m doing something I love.” However, the geek has other interests, such as snowboarding and traveling.