CreativeSearch – Mac virus that might inject other malicious apps on your system
CreativeSearch is a potentially unwanted program that closely resembles malware
CreativeSearch is a potentiality unwanted application that changes web browser settings of Google Chrome, Mozilla Firefox, Safari, or another web browser and starts delivering unwanted advertisements. This app typically targets Mac users, although it does not mean that Windows PC cannot be affected as well, as the it is typically spread via software bundle packages and Fake Flash Player update prompts.
Once installed, the CreativeSearch virus changes the search engine to Safe Finder or another customized search tool and appends a new homepage as well. As a result, users have to search the web via a hijacked browser, which changes what type of websites they visit, as search results are always filled with sponsored links. While CreativeSearch hijacks web browsers, it also possesses some adware qualities, as it delivers intrusive ads and tracks users' web browsing activities for marketing purposes.
|Type||Browser hijacker, adware, Mac virus|
|Family||This potentially unwanted application belongs to Adload malware family|
|Infiltration||These type of potentially unwanted apps spread via deceptive methods, such as software bundle packages acquired from third-party websites or fake Flash Player update prompts|
|Danger level||Medium to high. Since this application uses a built-in script to install apps without permission in the background, it can install malware such as CrescentCore or Shlayer Trojan, resulting in further infections|
|Risks||Due to infection, users might be directed to spoofing, scam, or other malicious websites where they would be prompted to install other potentially unwanted or malicious applications, disclose their sensitive data such as credit card details, suffer from financial losses and even be affected by identity theft/fraud|
|Elimination||To get rid of CreativeSearch, as well as its secondary payloads, you should scan your Mac with powerful security software, such as SpyHunter 5Combo Cleaner or Malwarebytes|
|Optimization||In case your machine is still running slow after malware termination, you should employ tools like Reimage Reimage Cleaner Intego to fix such issues for you|
CreativeSearch is a potentially malicious application that belongs to the Adload malware campaign and is a new addition to such threats like StudyGeneral, MainReady, DataQuest, and many others. This PUP family is relatively aggressive and can be considered as malware in some cases, as it makes use of AppleScript function in order to install apps without permission. Therefore, it is not uncommon for users infected with the CreativeSearch virus to see the activity of unknown software on their computers.
Just like malware, CreativeSearch is usually distributed via deceptive ways, and usually gets installed on macOS after users download freeware from insecure third-party websites or when they get tricked by fake Adobe Flash Player update prompt. These fake alerts can be encountered on a variety of websites, although those who are already infected with adware are more likely to land on a fake update or another scam message page.
However, this is not the only symptom of CreativeSearch infection exhibits – you can also encounter the following:
- Unknown extensions or add-ons installed on the web browser;
- Redirects deliver deceptive and malicious advertisements;
- All visited websites are filled with pop-ups, deals, offers, promotions, coupons, and other intrusive ads;
- Homepage and new tab address is set to Safe Finder or another rogue search engine;
- Hundreds of unknown files reside on various parts of the machine;
- Browser extension termination becomes impossible;
- Unknown profiles established on the computer, etc.
Besides showing typical symptoms of the browser, search, and computer hijacking, CreativeSearch removal can also be hindered due to its persistence mechanisms. For example, the virus might establish new profiles or add entries to LaunchAgents, Application Support, and other folders.
Besides, a browser extension is typically installed with elevated privileges, which could result in “Managed by your organization” prompt. Here's the description of the CreativeSearch or another malicious add-on installed on the web browser:
Permissions for “CreativeSearch”:
Can read sensitive information from webpages, including passwords, phone numbers, and credit cards on all webpages
Can see when you visit all webpages
As you can see, the presence of potentially unwanted apps like CreativeSearch can result in the sensitive data leak, which is highly likely to be delivered to cybercriminals. If sold on the dark web, such information might cause monetary losses or even identity theft/fraud.
CreativeSearch is a malicious app that is typically spread via fake Flash Player update prompts
Unfortunately, dragging the suspicious app to Trash can hardly help you remove CreativeSearch and other malicious apps from your system. For this purpose, we advise using reputable anti-malware software and performing a full system scan. This way, all the malicious and hidden components will be deleted automatically.
Besides, due to the hijacker's ability to download and install applications without permissions, users might also be infected with other Mac viruses that could cause significant damages, such as monetary losses, identity theft, sensitive data leak to cybercriminals, and much more.
Many users also noticed that their web browsers, as well as the computer, started to operate slowly after the CreativeSearch virus infection. This issue can also be fixed by uninstalling all the malicious apps. However, if issues continue, we recommend scanning your Mac device with Reimage Reimage Cleaner Intego. Additionally, if you are unable to terminate browser extensions, you should reset web browsers as explained below.
Potentially unwanted programs use deception to access your Mac
Macs are generally considered much safer machines than Windows PCs, as the former have built-in defenses such as Xprotect. However, according to security researchers, Mac malware outpaced Windows malware in 2019 by volume, so users should not believe that Macs are immune to infections – especially adware.
Possibly the biggest problem to Macs is fake Flash Player updates. While the plugin is outdated, full of security vulnerabilities, and has been almost fully replaced by HTML 5 and similar technologies, it is so embedded in users' minds as the only way to play multimedia online, that they still believe that it is much-needed software. Of course, cybercriminals are here to abuse this fact, and they often use social engineering for that.
Phishing messages are often placed on various malicious websites, and well-known attributes like the Flash logo are often used. Once users access this site, they can see a prompt asking them to download and install the latest version of Flash, allegedly to view the content of the website. However, what they usually download is adware or even malware, and, by accepting its installation, users allow the malicious app to take over the computer. Thus, never download the alleged updates via the pop-up messages on suspicious websites.
Additionally, you should not download apps from third-party sources in the first place. By default, Mac will ask you to enter your username and password – this a security measure to prevent unauthorized installation. However, if credentials are provided, malware can populate its files and settings without interruptions. Therefore, download apps from App Store or similar legitimate sources only.
Ways to eliminate CreativeSearch from your machine
While we do not recommend manual CreativeSearch removal, you can still try performing it if you wish so. However, dragging the app to Trash will not suffice, as it has multiple malicious entries within the system. First of all, you should check for malicious profiles by clicking on Preferences and then selecting Users&Groups > Profiles. Once there, delete all the profiles that you do not recognize.
To eliminate CreativeSearch, get rid of the established profile and other components
After that, you should locate and delete the following files on your system to get rid of CreativeSearch virus:
However, we highly suggest you instead remove CreativeSearch with the help of reputable anti-malware software, as it can automatically eliminate all the malicious files for you. Besides, due to PUP functionality, it is advisable to check for other malicious programs that may have been installed on your system. Finally, if you still see unwanted extensions on your web browser, reset it as per instructions below.
You may remove virus damage with a help of Reimage Reimage Cleaner Intego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.
To remove CreativeSearch, follow these steps:
Erase CreativeSearch from Windows systems
- Click Start → Control Panel → Programs and Features (if you are Windows XP user, click on Add/Remove Programs).
- If you are Windows 10 / Windows 8 user, then right-click in the lower left corner of the screen. Once Quick Access Menu shows up, select Control Panel and Uninstall a Program.
- Uninstall CreativeSearch and related programs
Here, look for CreativeSearch or any other recently installed suspicious programs.
- Uninstall them and click OK to save these changes.
- Remove CreativeSearch from Windows shortcuts
Right click on the shortcut of Mozilla Firefox and select Properties.
- Go to Shortcut tab and look at the Target field. Delete malicious URL that is related to your virus.
Repeat steps that are given above with all browsers' shortcuts, including Internet Explorer and Google Chrome. Make sure you check all locations of these shortcuts, including Desktop, Start Menu and taskbar.
Eliminate CreativeSearch from Mac OS X system
To get rid of CreativeSearch on macOS, follow these instructions:
If your macOS is displaying some infection symptoms, proceed with the following guide:
Remove CreativeSearch from Applications folder:
- From the menu bar, select Go > Applications.
- In the Applications folder, look for CreativeSearch-related entries.
- Click on the app and drag it to Trash (or right-click and pick Move to Trash)
To fully remove CreativeSearch, you need to access Application Support, LaunchAgents, and LaunchDaemons folders and delete relevant files:
- Select Go > Go to Folder.
- Enter /Library/Application Support and click Go or press Enter.
- In the Application Support folder, look for any dubious entries related to CreativeSearch and then delete them.
- Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the CreativeSearch-related entries.
Delete CreativeSearch from Mozilla Firefox (FF)
Remove dangerous extensions
Open Mozilla Firefox, click on the menu icon (top right corner) and select Add-ons → Extensions.
- Here, select CreativeSearch and other questionable plugins. Click Remove to delete these entries.
Change your homepage if it was altered by virus:
Click on the menu (top right corner), choose Options → General.
- Here, delete malicious URL and enter preferable website or click Restore to default.
- Click OK to save these changes.
Reset Mozilla Firefox
Click on the Firefox menu on the top left and click on the question mark. Here, choose Troubleshooting Information.
- Now you will see Reset Firefox to its default state message with Reset Firefox button. Click this button for several times and complete CreativeSearch removal.
Uninstall CreativeSearch from Google Chrome
Reset Google Chrome if you cannot uninstall some extensions in a regular way:
Delete malicious plugins
Open Google Chrome, click on the menu icon (top right corner) and select Tools → Extensions.
- Here, select CreativeSearch and other malicious plugins and select trash icon to delete these entries.
Change your homepage and default search engine if it was altered by your virus
Click on menu icon and choose Settings.
- Here, look for the Open a specific page or set of pages under On startup option and click on Set pages.
- Now you should see another window. Here, delete malicious search sites and enter the one that you want to use as your homepage.
- Click on menu icon again and choose Settings → Manage Search engines under the Search section.
- When in Search Engines..., remove malicious search sites. You should leave only Google or your preferred domain name.
Reset Google Chrome
Click on menu icon on the top right of your Google Chrome and select Settings.
- Scroll down to the end of the page and click on Reset browser settings.
- Click Reset to confirm this action and complete CreativeSearch removal.
Erase CreativeSearch from Safari
- Remove dangerous extensions
Open Safari web browser and click on Safari in menu at the top left of the screen. Once you do this, select Preferences.
- Here, select Extensions and look for CreativeSearch or other suspicious entries. Click on the Uninstall button to get rid each of them.
Change your homepage if it was altered by virus:
Open your Safari web browser and click on Safari in menu section. Here, select Preferences as it was displayed previously and select General.
- Here, look at the Homepage field. If it was altered by CreativeSearch, remove unwanted link and enter the one that you want to use for your searches. Remember to include the "http://" before typing in the address of the page.
Open Safari browser and click on Safari in menu section at the top left of the screen. Here, select Reset Safari....
- Now you will see a detailed dialog window filled with reset options. All of those options are usually checked, but you can specify which of them you want to reset. Click the Reset button to complete CreativeSearch removal process.
Choose a proper web browser and improve your safety with a VPN tool
Online spying has got momentum in recent years and people are getting more and more interested in how to protect their privacy online. One of the basic means to add a layer of security – choose the most private and secure web browser. Although web browsers can't grant a full privacy protection and security, some of them are much better at sandboxing, HTTPS upgrading, active content blocking, tracking blocking, phishing protection, and similar privacy-oriented features. However, if you want true anonymity, we suggest you employ a powerful Private Internet Access VPN – it can encrypt all the traffic that comes and goes out of your computer, preventing tracking completely.
Recover files after data-affecting malware attacks
While much of the data can be accidentally deleted due to various reasons, malware is one of the main culprits that can cause loss of pictures, documents, videos, and other important files. More serious malware infections lead to significant data loss when your documents, system files, and images get encrypted. In particular, ransomware is is a type of malware that focuses on such functions, so your files become useless without an ability to access them.
Even though there is little to no possibility to recover after file-locking threats, some applications have features for data recovery in the system. In some cases, Data Recovery Pro can also help to recover at least some portion of your data after data-locking virus infection or general cyber infection.