Skip to content
  • Active
  • Severity: Medium
  • Mac Viruses
  • Mac
  • Verified · Jun 2020

How to remove SearchMainInfo

A step-by-step removal guide for affected devices. Follow the verified procedure below — most readers complete it in under 10 minutes.

Julie Splinters · Anti-malware specialist

SearchMainInfo – adware designed for macOS that also changes web browser settings and reads personal information

SearchMainInfo Mac virus

SearchMainInfo is a potentially unwanted application that is typically downloaded via fake Flash Player update prompts or software bundle packages downloaded from insecure torrent websites. In other words, users do not download this adware on their Mac computers on purpose, but it rather is installed behind their backs. The virus belongs to a well-known Adload malware family that includes such apps like MainReady, AgileHelp, IdeaShared, and many others, and targets macOS users exclusively. SearchMainInfo abuses the built-in AppleScript in order to acquire elevated permissions on the system, which would allow the app to read sensitive information and install other malware without permission.

Name SearchMainInfo
Type Mac virus, adware, Trojan
Malware family Adload
Targeted systems macOS, Mac OS X
Distribution All applications delivered by this campaign use unfair distribution practices that are more common to malware. Users can get infected after downloading software cracks and similar unsafe software from torrent/warez websites or after being tricked by a fake Flash Player update prompt
Symptoms
  • SearchMainInfo extension installed on Google Chrome, Safari, or another web browser
  • Homepage and new tab address is set to searchpulse.net or another suspicious URL
  • Unknown applications installed without permission
  • Difficulty when trying to eliminate the extension and other malicious apps
  • Search results are filled with sponsored links and ads
  • Redirects lead to ad-filled, phishing, scam, or malware-laden sites
Dangers Infection of malware such as CrescentCore, sensitive information disclosure to unknown parties/cybercriminals, financial losses, identity theft
Elimination The best way to get rid of malicious applications is by employing a powerful security application such as SpyHunterCombo Cleaner. Nonetheless, we also provide manual removal steps below
System optimization Adware and malware can oftentimes significantly reduce the performance of the infected computer. In case issues arise post-infection, we also recommend resetting the installed web browsers and perform a full system scan with FortectIntego

SearchMainInfo gains access to users' computers without permission, hence not everyone can immediately notice it installed. Visually, the PUA appends a browser extension to Safari, Google Chrome, or Mozilla Firefox, which can read such data like passwords collected via the web browser. Additionally, the developers of the SearchMainInfo virus also monetize on ads by setting the homepage to home.searchpulse.net (in some cases, Yahoo or Safe Finder is used as well) and redirect all searches via akamaihd.net. 

As a result, users see pop-ups, in-text links, banners, deals, offers, coupons, and other commercial content on a regular basis. Besides, homepage modification ensures that all the search results are modified, i.e., filled with sponsored links that direct users to random websites. In some cases, however, SearchMainInfo redirects or ads might lead to scam, malware-laden, phishing, spoofing, or another type of malicious websites.

However, web browser modifications and intrusive advertisements are just one of many problems that SearchMainInfo hijack might bring. Since the app abuses built-in scripts, it can grant itself elevated permissions, which would allow it to perform actions without asking for user approval first. Such changes are also often used to prevent SearchMainInfo removal, as multiple malicious .plist files are dropped on the system.

SearchMainInfo adware

The best way to remove SearchMainInfo is by scanning the machine with powerful anti-malware software. This way, you will be able to eliminate the malicious entries automatically and won't have to dig through files and folders. Besides, while many users claim that Macs don't need extra protection, security experts advise the complete opposite.[1] Zero-day exploits (software vulnerabilities that have not been patched by Apple yet and exploited in the wild) are prime examples that every macOS needs third-party protection. 

Note that security software is the most efficient way of protecting your computer from viruses. SearchMainInfo can be detected by multiple security vendors as follows:[2]

  • Gen:Variant.Adware.MAC.Rload.5
  • A Variant Of OSX/TrojanDownloader.Adload
  • Trojan-Downloader.OSX.Adload
  • Not-a-virus:HEUR:AdWare.OSX.Cimpli.k
  • Mughthesec (PUA)
  • Adware.Mac.Loader.17

If you want to get rid of SearchMainInfo manually, we provide the instructions for that as well. In such a case, you are highly recommended resetting all the installed web browsers and scanning the machine with FortectIntego for the best results.

Mac malware is a serious thereat: learn to avoid unwanted apps that clutter your system and reduce its security

Adware, potentially unwanted programs such as scareware, as well as malware, are increasing threats to Mac systems. Kaspersky security researchers discovered that one in ten Macs are infected with Shlayer Trojan,[3], and Malwarebytes experts concluded that Mac malware is being developed at a more rapid pace than Windows malware.

As mentioned above, Adload apps are usually delivered via fake updates. The trick is usually used by malware or scareware developers to make users believe that something is missing from their computers (Adobe Flash) or that the computer is infected with viruses. Flash Player is an obsolete component currently, as many modern browsers use different technology to display multimedia content. Unfortunately, many are not aware of that and still believe that Flash is needed for certain websites to be displayed. 

These claims are nothing but a hoax, and you should never download anything that is offered to like that via the web browser, as you can infect your machine with very nasty malware. Flash Player is being shut down by Adobe at the end of 2020, and no more security updates will be available – just another reason to get rid of this useless plugin.

Additionally, we strongly advise you to stay away from third-party sources that allow you to download pirated software or software cracks. Both of these can be dangerous, so you should always stick to Apple Store or other reputable sites when looking for new apps to install. If you choose third-party sources for your downloads, make sure you always read the installation instructions properly and pick Advanced/Custom settings when prompted.

SearchMainInfo spread via fake Flash updates

Get rid of SearchMainInfo and other malicious apps

As mentioned above, it is best to avoid computer infections in the first place, so you would not have to deal with SearchMainInfo removal and its consequences. Nonetheless, if you believe that you are infected, we recommend you take this matter very seriously, as you can end up suffering from financial losses or even identity theft.

To remove SearchMainInfo, you can employ reputable anti-malware software and perform a full system scan – we suggest using SpyHunterCombo Cleaner or MalwarebytesMalwarebytes. This way, you will be able to eliminate all the unwanted and leftover components automatically. Nonetheless, if you do not wish to install other apps on your Mac, you can also uninstall the SearchMainInfo virus manually as well. For that, you should access the following locations and delete all the malicious files:

  • System Preferences > Accounts> Login Items
  • System Preferences > Users&Groups > Profiles
  • ~/Library/LaunchAgents
  • ~/Library/Application Support
  • ~/Library/LaunchDaemons

To ensure that the elimination of the extension is also successful, you should reset all the installed web browsers, as we explain below.

Delete from macOS

Remove the unwanted application:

  1. From the menu bar, select Go > Applications.
  2. In the Applications folder, look for any suspicious entries, then drag them to Trash (or right-click and pick Move to Trash).Uninstall from Mac

Delete leftover files and folders:

  1. Select Go > Go to Folder.
  2. Enter /Library/Application Support and remove any suspicious folders related to the unwanted program.
  3. Repeat the same check in the /Library/LaunchAgents and /Library/LaunchDaemons folders, deleting any suspicious entries.Delete leftover files from Mac
  4. Finally, empty the Trash to permanently remove the leftovers.

Remove from Mozilla Firefox (FF)

Remove dangerous extensions:

  1. Open Mozilla Firefox browser and click on the Menu (three horizontal lines at the top-right of the window).
  2. Select Add-ons.
  3. In here, select the unwanted extension and click Remove.Remove extensions from Firefox

Reset the homepage:

  1. Click three horizontal lines at the top right corner to open the menu.
  2. Choose Settings.
  3. Under Home, set your preferred homepage and new tab settings.

Clear cookies and site data:

  1. Click Menu and pick Settings.
  2. Go to Privacy & Security section.
  3. Scroll down to locate Cookies and Site Data.
  4. Click on Clear Data...
  5. Select Cookies and Site Data and Temporary cached files and pages, then click Clear.Clear cookies and site data from Firefox

Reset Mozilla Firefox

If clearing the browser as explained above did not help, reset Mozilla Firefox:

  1. Open Mozilla Firefox browser and click the Menu.
  2. Go to Help and then choose Troubleshooting Information.Reset Firefox 1
  3. Under Give Firefox a tune up section, click on Refresh Firefox...
  4. Once the pop-up shows up, confirm the action by pressing on Refresh Firefox.Reset Firefox 2

Remove from Google Chrome

Delete malicious extensions from Google Chrome:

  1. Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
  2. In the newly opened window, you will see all the installed extensions. Uninstall all suspicious extensions related to the unwanted program by clicking Remove.Remove extensions from Chrome

Clear cache and web data from Chrome:

  1. Click on Menu and pick Settings.
  2. Under Privacy and security, select Clear browsing data.
  3. Select Browsing history, Cookies and other site data, as well as Cached images and files.
  4. Click Clear data.Clear cache and web data from Chrome

Change your homepage:

  1. Click menu and choose Settings.
  2. Look for a suspicious site in the On startup section.
  3. Click on Open a specific or set of pages and click on three dots to find the Remove option.

Reset Google Chrome:

If the previous methods did not help you, reset Google Chrome to eliminate all the unwanted components:

  1. Click on Menu and select Settings.
  2. In the Settings, scroll down and click Advanced.
  3. Scroll down and locate Reset and clean up section.
  4. Now click Restore settings to their original defaults.
  5. Confirm with Reset settings.Reset Chrome 2

Delete from Safari

Remove dangerous extensions:

  1. Open Safari, click Safari in the menu at the top-left of the screen, and select Preferences.
  2. Go to the Extensions tab, look for any suspicious entries, and click Uninstall to remove them.Remove extensions from Safari

Clear history and website data:

  1. Click Safari in the menu and pick Clear History.
  2. Set Clear to all history and confirm with Clear History.Clear history from Safari

Reset Safari:

  1. Click Safari in the menu and select Preferences > Advanced.
  2. Enable Show Develop menu in menu bar.
  3. From the menu bar, click Develop and select Empty Caches.Reset Safari

Be the first to comment

Spyware news
Privacy preferences

We use cookies to improve your experience and analyze traffic. Some cookies enable embedded content like videos and social posts. Choose what you allow — you can change this anytime.