Severity scale:  

Remove CreativeSearch (Removal Guide) - Free Instructions

removal by Ugnius Kiguolis - - | Type: Adware

CreativeSearch – Mac virus that might inject other malicious apps on your system

CreativeSearchCreativeSearch is a potentially unwanted program that closely resembles malware

CreativeSearch is a potentiality unwanted application that changes web browser settings of Google Chrome, Mozilla Firefox, Safari, or another web browser and starts delivering unwanted advertisements. This app typically targets Mac users, although it does not mean that Windows PC cannot be affected as well, as the it is typically spread via software bundle packages and Fake Flash Player update prompts.

Once installed, the CreativeSearch virus changes the search engine to Safe Finder or another customized search tool and appends a new homepage as well. As a result, users have to search the web via a hijacked browser, which changes what type of websites they visit, as search results are always filled with sponsored links. While CreativeSearch hijacks web browsers, it also possesses some adware[1] qualities, as it delivers intrusive ads and tracks users' web browsing activities for marketing purposes.

Name CreativeSearch
Type Browser hijacker, adware, Mac virus
Family This potentially unwanted application belongs to Adload malware family
Infiltration  These type of potentially unwanted apps spread via deceptive methods, such as software bundle packages acquired from third-party websites or fake Flash Player update prompts
Danger level Medium to high. Since this application uses a built-in script to install apps without permission in the background, it can install malware such as CrescentCore or Shlayer Trojan, resulting in further infections
Risks  Due to infection, users might be directed to spoofing, scam, or other malicious websites where they would be prompted to install other potentially unwanted or malicious applications, disclose their sensitive data such as credit card details, suffer from financial losses and even be affected by identity theft/fraud
Elimination  To get rid of CreativeSearch, as well as its secondary payloads, you should scan your Mac with powerful security software, such as SpyHunter 5Combo Cleaner or Malwarebytes
Optimization In case your machine is still running slow after malware termination, you should employ tools like Reimage Reimage Cleaner Intego to fix such issues for you 

CreativeSearch is a potentially malicious application that belongs to the Adload malware campaign and is a new addition to such threats like StudyGeneral, MainReady, DataQuest, and many others. This PUP family is relatively aggressive and can be considered as malware in some cases, as it makes use of AppleScript function in order to install apps without permission. Therefore, it is not uncommon for users infected with the CreativeSearch virus to see the activity of unknown software on their computers.

Just like malware, CreativeSearch is usually distributed via deceptive ways, and usually gets installed on macOS after users download freeware from insecure third-party websites or when they get tricked by fake Adobe Flash Player update prompt. These fake alerts can be encountered on a variety of websites, although those who are already infected with adware are more likely to land on a fake update or another scam message page.

However, this is not the only symptom of CreativeSearch infection exhibits – you can also encounter the following:

  • Unknown extensions or add-ons installed on the web browser;
  • Redirects deliver deceptive and malicious advertisements;
  • All visited websites are filled with pop-ups, deals, offers, promotions, coupons, and other intrusive ads;
  • Homepage and new tab address is set to Safe Finder or another rogue search engine;
  • Hundreds of unknown files reside on various parts of the machine;
  • Browser extension termination becomes impossible;
  • Unknown profiles established on the computer, etc.

Besides showing typical symptoms of the browser, search, and computer hijacking, CreativeSearch removal can also be hindered due to its persistence mechanisms. For example, the virus might establish new profiles or add entries to LaunchAgents, Application Support, and other folders.

Besides, a browser extension is typically installed with elevated privileges, which could result in “Managed by your organization” prompt. Here's the description of the CreativeSearch or another malicious add-on installed on the web browser:

CreativeSearch 1.0

Permissions for “CreativeSearch”:

Webpage contents
Can read sensitive information from webpages, including passwords, phone numbers, and credit cards on all webpages

Browsing history
Can see when you visit all webpages

As you can see, the presence of potentially unwanted apps like CreativeSearch can result in the sensitive data leak, which is highly likely to be delivered to cybercriminals. If sold on the dark web, such information might cause monetary losses or even identity theft/fraud.

CreativeSearch virusCreativeSearch is a malicious app that is typically spread via fake Flash Player update prompts

Unfortunately, dragging the suspicious app to Trash can hardly help you remove CreativeSearch and other malicious apps from your system. For this purpose, we advise using reputable anti-malware software and performing a full system scan. This way, all the malicious and hidden components will be deleted automatically.

Besides, due to the hijacker's ability to download and install applications without permissions, users might also be infected with other Mac viruses that could cause significant damages, such as monetary losses, identity theft, sensitive data leak to cybercriminals, and much more.

Many users also noticed that their web browsers, as well as the computer, started to operate slowly after the CreativeSearch virus infection. This issue can also be fixed by uninstalling all the malicious apps. However, if issues continue, we recommend scanning your Mac device with Reimage Reimage Cleaner Intego. Additionally, if you are unable to terminate browser extensions, you should reset web browsers as explained below.

Potentially unwanted programs use deception to access your Mac

Macs are generally considered much safer machines than Windows PCs, as the former have built-in defenses such as Xprotect. However, according to security researchers, Mac malware outpaced Windows malware in 2019 by volume,[2] so users should not believe that Macs are immune to infections – especially adware.

Possibly the biggest problem to Macs is fake Flash Player updates. While the plugin is outdated, full of security vulnerabilities[3], and has been almost fully replaced by HTML 5 and similar technologies, it is so embedded in users' minds as the only way to play multimedia online, that they still believe that it is much-needed software. Of course, cybercriminals are here to abuse this fact, and they often use social engineering for that.

Phishing messages are often placed on various malicious websites, and well-known attributes like the Flash logo are often used. Once users access this site, they can see a prompt asking them to download and install the latest version of Flash, allegedly to view the content of the website. However, what they usually download is adware or even malware, and, by accepting its installation, users allow the malicious app to take over the computer. Thus, never download the alleged updates via the pop-up messages on suspicious websites.

Additionally, you should not download apps from third-party sources in the first place. By default, Mac will ask you to enter your username and password – this a security measure to prevent unauthorized installation. However, if credentials are provided, malware can populate its files and settings without interruptions. Therefore, download apps from App Store or similar legitimate sources only.

Ways to eliminate CreativeSearch from your machine

While we do not recommend manual CreativeSearch removal, you can still try performing it if you wish so. However, dragging the app to Trash will not suffice, as it has multiple malicious entries within the system. First of all, you should check for malicious profiles by clicking on Preferences and then selecting Users&Groups > Profiles. Once there, delete all the profiles that you do not recognize.

CreativeSearch profileTo eliminate CreativeSearch, get rid of the established profile and other components

After that, you should locate and delete the following files on your system to get rid of CreativeSearch virus:

~/Library/Application Support/com.CreativeSearch/CreativeSearch
~/Library/Application Support/com.CreativeSearchDaemon/CreativeSearch

However, we highly suggest you instead remove CreativeSearch with the help of reputable anti-malware software, as it can automatically eliminate all the malicious files for you. Besides, due to PUP functionality, it is advisable to check for other malicious programs that may have been installed on your system. Finally, if you still see unwanted extensions on your web browser, reset it as per instructions below.

You may remove virus damage with a help of Reimage Reimage Cleaner Intego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove CreativeSearch, follow these steps:

Erase CreativeSearch from Windows systems

  1. Click Start Control Panel Programs and Features (if you are Windows XP user, click on Add/Remove Programs). Click 'Start -> Control Panel -> Programs and Features' (if you are 'Windows XP' user, click on 'Add/Remove Programs').
  2. If you are Windows 10 / Windows 8 user, then right-click in the lower left corner of the screen. Once Quick Access Menu shows up, select Control Panel and Uninstall a Program. If you are 'Windows 10 / Windows 8' user, then right-click in the lower left corner of the screen. Once 'Quick Access Menu' shows up, select 'Control Panel' and 'Uninstall a Program'.
  3. Uninstall CreativeSearch and related programs
    Here, look for CreativeSearch or any other recently installed suspicious programs.
  4. Uninstall them and click OK to save these changes. Right click on each of suspicious entries and select 'Uninstall'
  5. Remove CreativeSearch from Windows shortcuts
    Right click on the shortcut of Mozilla Firefox and select Properties. Right click on browsers' icon and select 'Properties'
  6. Go to Shortcut tab and look at the Target field. Delete malicious URL that is related to your virus. Select 'Shortcut' tab and delete '' or other suspicious URL

Repeat steps that are given above with all browsers' shortcuts, including Internet Explorer and Google Chrome. Make sure you check all locations of these shortcuts, including Desktop, Start Menu and taskbar.

Eliminate CreativeSearch from Mac OS X system

To get rid of CreativeSearch on macOS, follow these instructions:

If your macOS is displaying some infection symptoms, proceed with the following guide:

Remove CreativeSearch from Applications folder:

  1. From the menu bar, select Go > Applications.
  2. In the Applications folder, look for CreativeSearch-related entries.
  3. Click on the app and drag it to Trash (or right-click and pick Move to Trash)Uninstall from Mac 1

To fully remove CreativeSearch, you need to access Application Support, LaunchAgents, and LaunchDaemons folders and delete relevant files:

  1. Select Go > Go to Folder.
  2. Enter /Library/Application Support and click Go or press Enter.
  3. In the Application Support folder, look for any dubious entries related to CreativeSearch and then delete them.
  4. Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the CreativeSearch-related entries.Uninstall from Mac 2

Delete CreativeSearch from Mozilla Firefox (FF)

  1. Remove dangerous extensions
    Open Mozilla Firefox, click on the menu icon (top right corner) and select Add-ons Extensions. Click on menu icon and select 'Add-ons'
  2. Here, select CreativeSearch and other questionable plugins. Click Remove to delete these entries. Select 'Extensions' and look for malicious entries. Click 'Remove' to get rid of each of them
  3. Change your homepage if it was altered by virus:
    Click on the menu (top right corner), choose Options General.
  4. Here, delete malicious URL and enter preferable website or click Restore to default.
  5. Click OK to save these changes. When in 'General' tab, delete malicious URL from 'Home Page' section or click on 'Restore to Default' button. Click 'OK' to save changes
  6. Reset Mozilla Firefox
    Click on the Firefox menu on the top left and click on the question mark. Here, choose Troubleshooting Information. Click on menu icon and then on '?'. Select 'Troubleshooting Information'
  7. Now you will see Reset Firefox to its default state message with Reset Firefox button. Click this button for several times and complete CreativeSearch removal. Click on 'Reset Firefox' button for a couple of times

Uninstall CreativeSearch from Google Chrome

Reset Google Chrome if you cannot uninstall some extensions in a regular way:

  1. Delete malicious plugins
    Open Google Chrome, click on the menu icon (top right corner) and select Tools Extensions. Click on menu icon. Select 'Tools' and 'Extensions'
  2. Here, select CreativeSearch and other malicious plugins and select trash icon to delete these entries. Look for malicious entries and delete each of them by clicking on the Trash bin icon
  3. Change your homepage and default search engine if it was altered by your virus
    Click on menu icon and choose Settings.
  4. Here, look for the Open a specific page or set of pages under On startup option and click on Set pages. After clicking on menu and 'Settings', select 'Set pages'
  5. Now you should see another window. Here, delete malicious search sites and enter the one that you want to use as your homepage. Click 'X' to remove malicious URLs
  6. Click on menu icon again and choose Settings Manage Search engines under the Search section. When in 'Settings', select 'Manage search engines...'
  7. When in Search Engines..., remove malicious search sites. You should leave only Google or your preferred domain name. Click 'X' to remove malicious URLs
  8. Reset Google Chrome
    Click on menu icon on the top right of your Google Chrome and select Settings.
  9. Scroll down to the end of the page and click on Reset browser settings. When in 'Settings', scroll down to 'Reset browser settings' button and click on it
  10. Click Reset to confirm this action and complete CreativeSearch removal. Click on 'Reset' button to complete your removal

Erase CreativeSearch from Safari

  1. Remove dangerous extensions
    Open Safari web browser and click on Safari in menu at the top left of the screen. Once you do this, select Preferences. Click on 'Safari' and select 'Preferences'
  2. Here, select Extensions and look for CreativeSearch or other suspicious entries. Click on the Uninstall button to get rid each of them. Go to 'Extensions' and uninstall malicious add-ons
  3. Change your homepage if it was altered by virus:
    Open your Safari web browser and click on Safari in menu section. Here, select Preferences as it was displayed previously and select General.
  4. Here, look at the Homepage field. If it was altered by CreativeSearch, remove unwanted link and enter the one that you want to use for your searches. Remember to include the "http://" before typing in the address of the page. When in 'General', delete malicious URL and enter your desired domain name
  5. Reset Safari
    Open Safari browser and click on Safari in menu section at the top left of the screen. Here, select Reset Safari.... Click on 'Safari' and select 'Reset Safari...'
  6. Now you will see a detailed dialog window filled with reset options. All of those options are usually checked, but you can specify which of them you want to reset. Click the Reset button to complete CreativeSearch removal process. Select all options and click on 'Reset' button

Choose a proper web browser and improve your safety with a VPN tool

Online spying has got momentum in recent years and people are getting more and more interested in how to protect their privacy online. One of the basic means to add a layer of security – choose the most private and secure web browser. Although web browsers can't grant a full privacy protection and security, some of them are much better at sandboxing, HTTPS upgrading, active content blocking, tracking blocking, phishing protection, and similar privacy-oriented features. However, if you want true anonymity, we suggest you employ a powerful Private Internet Access VPN – it can encrypt all the traffic that comes and goes out of your computer, preventing tracking completely.


Recover files after data-affecting malware attacks

While much of the data can be accidentally deleted due to various reasons, malware is one of the main culprits that can cause loss of pictures, documents, videos, and other important files. More serious malware infections lead to significant data loss when your documents, system files, and images get encrypted. In particular, ransomware is is a type of malware that focuses on such functions, so your files become useless without an ability to access them.

Even though there is little to no possibility to recover after file-locking threats, some applications have features for data recovery in the system. In some cases, Data Recovery Pro can also help to recover at least some portion of your data after data-locking virus infection or general cyber infection. 


About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Ugnius Kiguolis
About the company Esolutions


Your opinion regarding CreativeSearch