Skip to content
  • Active
  • Severity: Medium
  • Browser Hijackers
  • Windows
  • Verified · Oct 2021

How to remove SearchPartyd Mac virus

A step-by-step removal guide for affected devices. Follow the verified procedure below — most readers complete it in under 10 minutes.

Olivia Morelli · Ransomware analyst

SearchPartyd is a Mac virus that injects advertisements into search results and visited websites

SearchPartyd Mac

SearchPartyd is a component of a potentially unwanted application that targets Macs. To be more precise, the app is likely to be installed as an extension on Safari, Google Chrome, Mozilla Firefox, or another web browser, although its components can be seen spread on various places within the system.

In this particular case, we are talking about a browser hijacker. These apps are usually installed inadvertently because they use software bundles, deceptive advertisements, and other unfair tactics for distribution. For this reason, many users might find PUAs on their systems seemingly out of nowhere, all while believing that they never installed them.

Once the SearchPartyd virus enters the system, it changes several parameters on the web browser and imports several components that would keep it running for as long as possible. Initially, users would not notice significant changes until they perform a search using the browser.

Instead of generating results via google.com or another provider, there's immediately a redirect through search.initialunit.com, which later leads to the landing page search.yahoo.com. The engine is also used to generate the results in the first place. While Yahoo is a legitimate provider, browser hijackers commonly use it to reroute users and insert ads into their searches.

Additionally, potentially unwanted applications are also known to be used to track user data for marketing purposes. This is why it is uncommon for such apps to share or sell information with third parties. Luckily, it is relatively rare that PUAs would gather personal info such as credit card details. It goes without saying the SearchPartyd could pose a risk to your privacy, and you should not ignore that.

Below, you will find some information about how to correctly remove the unwanted app and all its components and clean your web browsers to prevent third parties from tracking you in the future.

Name SearchPartyd
Type Browser hijacker, potentially unwanted application, Mac virus
Distribution Software bundle packages, deceptive ads, fake updates
Symptoms Unknown extension or application is installed on the system; homepage and new tab address are set to something else; a customized search engine is appended to the homepage; search results are filled with sponsored links and ads
Risks Installation of other potentially unwanted programs, privacy risks, financial losses
Removal You can uninstall potentially unwanted programs by following the manual guide below or by scanning the computer with powerful SpyHunterCombo Cleaner anti-malware
Optional steps After you terminate the infection with all its associated components, we recommend you also scan your machine with FortectIntego for best results

Browser hijackers are very common and, even they are considered minor infections, they should never be ignored. Macs have also been more susceptible to adware and other PUA infections; in fact, cybercriminals are known to be targeting this OS much more often than Windows in the past years, especially when it comes to adware.[1]

We have previously discussed unwanted applications like ConnectedPlatformNearbyme, or ActiveFormat. The degree of the infection varies based on how the PUA was acquired and whether or not there is other malware installed on the system. Luckily, the removal of Mac viruses can be really easy in most cases, as long as the correct methods are used.

Software bundle packages – one of the main reasons for Mac infections

Many users claim that they have found SearchPartyd or other suspicious software on their systems without installing it themselves. However, this is not entirely true, as most Mac malware spreads by users installing it, even if they did not intend to in the first place. In other words, people are tricked into installing something that could be harmful to their computers.

One of the most common browsers hijacker distribution methods is software bundling. This technique has been employed by legitimate software providers as well, although its implementation differs on the fundamental level. For example, a legitimate bundle would show you precisely what you are being offered and give you a clear indication of where to decline that offer. On the contrary, when dealing with deceptive bundles, you might find those optional components are hidden under pre-ticked boxes, Recommended settings, fine print, and other unfair practices.

Therefore, you should always be very careful when downloading apps from third-party websites and always keep in mind that the installers might be loaded with additional apps. Just one missed tick might sometimes result in infection. This is especially true if the software is being downloaded from high-risk sources that distribute illegal applications (torrents).

SearchPartyd virus

Security experts[2] also warn users about other methods that could be used for PUA distribution, which include:

  • Deceptive ads: Advertisement space can be bought by malicious actors – this is also more common on high-risk websites. You might be told that your system is infected with viruses or that your visits to porn sites resulted in a data leak. All these claims are fake and should be ignored. Ad-blockers can be used to remove these.
  • Fake updates: if you have been asked to update your browser or Flash Player[3] on a random website, ignore these prompts as they are all fake.
  • Spoofing sites: sometimes, crooks create copies of original software download sites but instead misspell the name of the said software within the URL. For example, instead of the word “Google,” crooks could use “Goggle,” which, at first sight, might look like an official site.

What is SearchPartyd daemon and how to remove it

When directing the browser hijacker, it turned out that SearchPartyd is a daemon that runs on Mac at any given time. They are tiny processes that run in the background and provide certain functionality; in this case, the element is run to support the browser hijacker functions, such as ad injection or browser redirects to dangerous websites.

Therefore, in order to remove SearchPartyd properly, you'd have to shut it down via the Activity Monitor first, of the process might not succeed. Keep in mind that manual elimination might not always be successful and very confusing to novice computer users. Likewise, it might also take a long time to complete.

If you want to skip the steps below and instead would simply want to get rid of the infection quickly, we strongly recommend you run a scan with SpyHunterCombo Cleaner or MalwarebytesMalwarebytes security software. It would shut the virus down automatically and then terminate all its components automatically.

1. Get rid of the unwanted application

The SearchPartyd virus might be installed as an application on your system. Note that the name might not correlate at all, and the app causing computer issues could be named as something completely different. This is why, if you have no clue which app could be the culprit, we recommend avoiding manual removal and using security software instead. Otherwise, proceed with the following:

  • Open Applications folder
  • Select Utilities
  • Double-click Activity Monitor
  • Here, look for suspicious processes related to adware and use the Force Quit command to shut them down
  • Go back to the Applications folder
  • Find ExtendedService in the list and move it to Trash.

2. Delete imported Login items and Profiles

When Mac is infected, several malicious components are dropped on the device. This might sometimes prevent users from removing them, as well as removing the main malicious app. Thus, you need to find these entries and eliminate them.

  • Go to Preferences and select Accounts
  • Click Login items and delete everything suspicious
  • Next, pick System Preferences > Users & Groups
  • Find Profiles and remove unwanted profiles from the list.

3. Remove the leftover components

There could also be several components scattered across the system. Once again, security software could find them automatically and remove them for you. Otherwise, you have to find them yourself as follows:

  • Select Go > Go to Folder.
  • Enter /Library/Application Support and click Go or press Enter.
  • In the Application Support folder, look for any suspicious entries and then delete them.
  • Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and delete all the related .plist and other types of files.

4. Clean your browser

You should not forget that you need to clean your web browser properly. Browsers store various caches and other web data, which could be a part of the unwanted app. For example, cookies can be used to track users for as long as several years if they are not removed from the browser.

Similarly to malware removal, you can also clean your browsers automatically with the FortectIntego maintenance utility. Otherwise, proceed with the following:

Remove unwanted extensions from Safari:

  1. Click Safari > Preferences…
  2. In the new window, pick Extensions.
  3. Select the unwanted extension and select Uninstall.Remove extensions from Safari

Clear cookies and other website data from Safari:

  1. Click Safari > Clear History…
  2. From the drop-down menu under Clear, pick all history.
  3. Confirm with Clear History.Clear cookies and website data from Safari

Reset Safari if the above-mentioned steps did not help you:

  1. Click Safari > Preferences…
  2. Go to the Advanced tab.
  3. Tick the Show Develop menu in the menu bar.
  4. From the menu bar, click Develop, and then select Empty Caches.Reset Safari

Note: if you are using Google Chrome or Mozilla Firefox, please find the instructions for these browsers below.

Remove from Mozilla Firefox (FF)

Remove dangerous extensions:

  1. Open Mozilla Firefox browser and click on the Menu (three horizontal lines at the top-right of the window).
  2. Select Add-ons.
  3. In here, select the unwanted extension and click Remove.Remove extensions from Firefox

Reset the homepage:

  1. Click three horizontal lines at the top right corner to open the menu.
  2. Choose Settings.
  3. Under Home, set your preferred homepage and new tab settings.

Clear cookies and site data:

  1. Click Menu and pick Settings.
  2. Go to Privacy & Security section.
  3. Scroll down to locate Cookies and Site Data.
  4. Click on Clear Data...
  5. Select Cookies and Site Data and Temporary cached files and pages, then click Clear.Clear cookies and site data from Firefox

Reset Mozilla Firefox

If clearing the browser as explained above did not help, reset Mozilla Firefox:

  1. Open Mozilla Firefox browser and click the Menu.
  2. Go to Help and then choose Troubleshooting Information.Reset Firefox 1
  3. Under Give Firefox a tune up section, click on Refresh Firefox...
  4. Once the pop-up shows up, confirm the action by pressing on Refresh Firefox.Reset Firefox 2

Remove from Google Chrome

Delete malicious extensions from Google Chrome:

  1. Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
  2. In the newly opened window, you will see all the installed extensions. Uninstall all suspicious extensions related to the unwanted program by clicking Remove.Remove extensions from Chrome

Clear cache and web data from Chrome:

  1. Click on Menu and pick Settings.
  2. Under Privacy and security, select Clear browsing data.
  3. Select Browsing history, Cookies and other site data, as well as Cached images and files.
  4. Click Clear data.Clear cache and web data from Chrome

Change your homepage:

  1. Click menu and choose Settings.
  2. Look for a suspicious site in the On startup section.
  3. Click on Open a specific or set of pages and click on three dots to find the Remove option.

Reset Google Chrome:

If the previous methods did not help you, reset Google Chrome to eliminate all the unwanted components:

  1. Click on Menu and select Settings.
  2. In the Settings, scroll down and click Advanced.
  3. Scroll down and locate Reset and clean up section.
  4. Now click Restore settings to their original defaults.
  5. Confirm with Reset settings.Reset Chrome 2
 

Be the first to comment

Spyware news
Privacy preferences

We use cookies to improve your experience and analyze traffic. Some cookies enable embedded content like videos and social posts. Choose what you allow — you can change this anytime.