InfoMajorSearch Mac virus (Free Instructions)
InfoMajorSearch Mac virus Removal Guide
What is InfoMajorSearch Mac virus?
InfoMajorSearch is a Mac virus that steals sensitive data and shows intrusive ads
InfoMajorSearch is a malicious application you might fund on your Mac one day. If you are wondering where it is coming from, you have likely installed it along with other software from the internet (usually illegal/pirated applications) or after being tricked by a fake Flash Player update prompt.
The primary goal of InfoMajorSearch is to benefit from ad revenue, which it reaches using various malicious ways: it changes browser settings, inserts ads when users browse the web, spies on their online activities, steals passwords, etc.
While Adload family members, to which the app belongs, are commonly categorized as adware, browser changes also warrant the branding of a browser hijacker.[1] Generally, the application possesses a lot of malicious traits related to its distribution, operation, and persistence, hence most security vendors categorize it as malware.
Name | InfoMajorSearch |
Type | Mac virus, adware, browser hijacker |
Malware family | Adload |
Distribution | Installed via fake Flash Player updates or cracked application installers |
Symptoms | An extension installed on the browser with elevated permissions, along with an application of the same name; new profiles and login items set up on the account; malicious ads shown during web browsing activities; search and browsing settings altered to Safe Finder or another search provider |
Risks | Installation of other malware, personal data disclosure to cybercriminals, financial losses |
Removal | The easiest way to eliminate unwarned and malicious software on Macs is by performing a full system scan with SpyHunter 5Combo Cleaner security software. Alternatively, you can attempt to terminate the infection manually |
System optimization | After malware removal, you should scan your system with FortectIntego to remove leftover files and clean your browsers |
Adload malware in detail
Adload has been around since at least 2017 and is one of the most common strains that target Macs. Hundreds of variants have been released by unknown individuals behind the strain, with the most recent examples being NetDivision, AuraLookup, and LatestFeed. All versions use a distinctive magnifying glass icon on a teal, blue, green, or, most recently, gray background.
Distribution
InfoMajorSearch is distributed in very typical ways of Mac malware – fake Flash Player updates or illegal software installers. Flash has been already terminated by Adobe almost two years ago, so all prompts to install or update it are fake – all modern browsers have the built-in technology for multimedia content, such as HTML5.[2]
When it comes to illegal software downloads, we recommend staying away from them in the first place. Since torrents and similar sites are poorly protected, they serve as a perfect place for crooks to spread malware and populate scams.
Operation
Once installed, Adload variants would immediately change the system in various ways. It establishes persistence and then ensures that users are exposed to as much commercial content as possible, which can guarantee steady income from ad revenue. There are several ways how the virus achieves this:
- Installs a browser extension that changes the homepage and new tab function (sets it to Safe Finder or other);
- Redirects all results to an alternative provider, such as Yahoo;
- Inserts ads and sponsored links at the top of users' searches;
- Inserts ads into websites they don't originate from;
- Shows phishing messages and exposes users to scams, etc.
Besides, the installed extension is capable of harvesting various personal user data, including passwords and credit card details. Thus, we recommend not integrating with ads or entering any personal info before the infection is terminated.
Persistence
While most people install the InfoMajorSearch virus inadvertently, they are the ones who give permission for it to do so by entering their Apple ID credentials when asked. Thanks to this authorization, malware manages to root deep into the system – it uses the built-in AppleScript for that.
With the help of the said script, the virus makes various system changes by implementing new profiles, login items, PLIST files, and more. Because of these persistence mechanisms, Apple's built-in defenses, such as Xproptect or Gatekeeper,[3] fail to automatically identify and remove the infection.
Removal explained
As already explained, the persistence of the virus might make the removal rather difficult. For example, the installed extension might be grayed out, which would make it impossible to uninstall in a regular way. Luckily, tools such as SpyHunter 5Combo Cleaner or Malwarebytes can help you bypass these issues and get rid of the virus quickly and easily.
Simply install the security application and perform a full system scan immediately. If you would rather eliminate the infection yourself, you can do it by following the guide below. Note that, regardless of which removal method you choose, you should still clean your browsers from various trackers.
Remove the main app and its files
To begin the removal process, you should first make sure that malware's background processes could not interfere. For that, you need to shut them down via the Activity Monitor:
- Open Applications folder
- Select Utilities
- Double-click Activity Monitor
- Here, look for suspicious processes related to adware and use the Force Quit command to shut them down
- Go back to the Applications folder
- Find UpgradedPlatform in the list and move it to Trash.
Persistence mechanisms, such as Login items or new Profiles, might prevent the app's elimination. Thus, if the above step was impossible, try removing these elements first:
- Go to Preferences and pick Accounts
- Click Login items and delete everything suspicious
- Next, pick System Preferences > Users & Groups
- Find Profiles and remove unwanted profiles from the list.
Finally, get rid of the leftover files:
- Select Go > Go to Folder.
- Enter /Library/Application Support and click Go or press Enter.
- In the Application Support folder, look for any dubious entries and then delete them.
- Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and delete all the related .plist files.
Clean your browser
Typically, Adload versions install a browser extension with elevated permissions by dropping malicious files on the system. If you managed to delete them successfully, as explained in the previous section, you should be able to remove the extension without too much trouble.
Safari
- Click Safari > Preferences…
- In the new window, pick Extensions.
- Select the unwanted extension and select Uninstall.
Google Chrome
- Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
- In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to the unwanted program by clicking Remove.
The next step is to ensure that all trackers are deleted from the device. Adware and malware insert cookies and other tracking elements on your machine locally. If not removed, they might remain on the system for years, so it is vital to clean browser caches from time to time. The easiest way to clean your browsers and the system from leftover files is by employing the FortectIntego maintenance utility. Alternatively, you can do it manually too:
Safari
- Click Safari > Clear History…
- From the drop-down menu under Clear, pick all history.
- Confirm with Clear History.
Google Chrome
- Click on Menu and pick Settings.
- Under Privacy and security, select Clear browsing data.
- Select Browsing history, Cookies and other site data, as well as Cached images and files.
- Click Clear data.
If you were unable to remove malicious components within your web browser, you could simply reset it as we explain below. Your bookmarks and other preferences will not be lost as long as you remember your login name and password. Proceed with the following steps to reset your browser:
Safari
- Click Safari > Preferences…
- Go to the Advanced tab.
- Tick the Show Develop menu in the menu bar.
- From the menu bar, click Develop, and then select Empty Caches.
Google Chrome
- Click on Menu and select Settings.
- In the Settings, scroll down and click Advanced.
- Scroll down and locate Reset and clean up section.
- Now click Restore settings to their original defaults.
- Confirm with Reset settings.
Getting rid of InfoMajorSearch Mac virus. Follow these steps
Remove from Microsoft Edge
Delete unwanted extensions from MS Edge:
- Select Menu (three horizontal dots at the top-right of the browser window) and pick Extensions.
- From the list, pick the extension and click on the Gear icon.
- Click on Uninstall at the bottom.
Clear cookies and other browser data:
- Click on the Menu (three horizontal dots at the top-right of the browser window) and select Privacy & security.
- Under Clear browsing data, pick Choose what to clear.
- Select everything (apart from passwords, although you might want to include Media licenses as well, if applicable) and click on Clear.
Restore new tab and homepage settings:
- Click the menu icon and choose Settings.
- Then find On startup section.
- Click Disable if you found any suspicious domain.
Reset MS Edge if the above steps did not work:
- Press on Ctrl + Shift + Esc to open Task Manager.
- Click on More details arrow at the bottom of the window.
- Select Details tab.
- Now scroll down and locate every entry with Microsoft Edge name in it. Right-click on each of them and select End Task to stop MS Edge from running.
If this solution failed to help you, you need to use an advanced Edge reset method. Note that you need to backup your data before proceeding.
- Find the following folder on your computer: C:\\Users\\%username%\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
- Press Ctrl + A on your keyboard to select all folders.
- Right-click on them and pick Delete
- Now right-click on the Start button and pick Windows PowerShell (Admin).
- When the new window opens, copy and paste the following command, and then press Enter:
Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\\AppXManifest.xml” -Verbose
Instructions for Chromium-based Edge
Delete extensions from MS Edge (Chromium):
- Open Edge and click select Settings > Extensions.
- Delete unwanted extensions by clicking Remove.
Clear cache and site data:
- Click on Menu and go to Settings.
- Select Privacy, search and services.
- Under Clear browsing data, pick Choose what to clear.
- Under Time range, pick All time.
- Select Clear now.
Reset Chromium-based MS Edge:
- Click on Menu and select Settings.
- On the left side, pick Reset settings.
- Select Restore settings to their default values.
- Confirm with Reset.
Remove from Mozilla Firefox (FF)
Remove dangerous extensions:
- Open Mozilla Firefox browser and click on the Menu (three horizontal lines at the top-right of the window).
- Select Add-ons.
- In here, select unwanted plugin and click Remove.
Reset the homepage:
- Click three horizontal lines at the top right corner to open the menu.
- Choose Options.
- Under Home options, enter your preferred site that will open every time you newly open the Mozilla Firefox.
Clear cookies and site data:
- Click Menu and pick Settings.
- Go to Privacy & Security section.
- Scroll down to locate Cookies and Site Data.
- Click on Clear Data…
- Select Cookies and Site Data, as well as Cached Web Content and press Clear.
Reset Mozilla Firefox
If clearing the browser as explained above did not help, reset Mozilla Firefox:
- Open Mozilla Firefox browser and click the Menu.
- Go to Help and then choose Troubleshooting Information.
- Under Give Firefox a tune up section, click on Refresh Firefox…
- Once the pop-up shows up, confirm the action by pressing on Refresh Firefox.
How to prevent from getting adware
Choose a proper web browser and improve your safety with a VPN tool
Online spying has got momentum in recent years and people are getting more and more interested in how to protect their privacy online. One of the basic means to add a layer of security – choose the most private and secure web browser. Although web browsers can't grant full privacy protection and security, some of them are much better at sandboxing, HTTPS upgrading, active content blocking, tracking blocking, phishing protection, and similar privacy-oriented features. However, if you want true anonymity, we suggest you employ a powerful Private Internet Access VPN – it can encrypt all the traffic that comes and goes out of your computer, preventing tracking completely.
Lost your files? Use data recovery software
While some files located on any computer are replaceable or useless, others can be extremely valuable. Family photos, work documents, school projects – these are types of files that we don't want to lose. Unfortunately, there are many ways how unexpected data loss can occur: power cuts, Blue Screen of Death errors, hardware failures, crypto-malware attack, or even accidental deletion.
To ensure that all the files remain intact, you should prepare regular data backups. You can choose cloud-based or physical copies you could restore from later in case of a disaster. If your backups were lost as well or you never bothered to prepare any, Data Recovery Pro can be your only hope to retrieve your invaluable files.
- ^ Browser hijacking. Wikipedia. The free encyclopedia.
- ^ Carrie Marshall. HTML5: what is it?. TechRadar. The source for tech buying advice.
- ^ Phil Stokes. How AdLoad macOS Malware Continues to Adapt & Evade. SentinelOne. Security research blog.