Computer Virus Attack

How to Remove ArchimedesLookup Browser Hijacker From Mac

When you notice that your browser is behaving in a weird manner, such as random redirects or too many ads on your browser, then your system is probably infected by malware. It could be an adware, spyware, browser hijacker, PUP, or all of the above.

And this is not surprising. Most adware are also categorized as both browser hijacker and PUP because of how they behave. There is no definite border between these categories as most attackers are experimenting on which type of malware would be easier to slip into the system and more difficult to crack.

The best way to find out what adware/hijacker is present on your system is by checking what URL you get redirected to when you browse or perform a search. Another option is to check which extensions have been recently installed on your browser. If you keep getting redirected to Safe Finder and you see an ArchimedesLookup add-on on your browser, then your computer is infected by the ArchimedesLookup browser hijacker.

What is ArchimedesLookup?

ArchimedesLookup is an adware program that targets Mac users using deceptive distribution methods, such as fake Flash Player update pop-ups and app bundle packages. This malware is also categorized as a browser hijacker because it mainly affects the browser of the affected Mac.

Once the malware has infiltrated the system, it installs a browser add-on for Safari, Mozilla Firefox, Google Chrome, or other web browser. It also modifies the homepage and new tab URL to the URL of the website hosting its ads.

What Does ArchimedesLookup Do?

ArchimedesLookup is related to a popular Adload adware campaign, along with MainReady, CreativeSearch, SearchWebSvc, ProductEvent, DataQuest, and AgileHelp browser hijackers. This group of adware is known for redirecting their victims to Safe Finder, which is a fake search engine. This is also set as the default search engine of the browser, without the knowledge and permission of the user. Other users, however, reported getting redirected to subdomains, which hints that this malware is part of a wider network of malicious applications.

Aside from annoying redirects, victims of the ArchimedesLookup browser hijacker also suffer from intrusive advertisements, including coupons, deals, pop-ups, and promos, as well as an increased number of online scams.

What makes ArchimedesLookup more dangerous is what it does behind the scenes. ArchimedesLookup collects your browser data in the background, including sensitive information like banking details and passwords. This is because the ArchimedesLookup browser extension has been installed with elevated permissions, which means that it can read and change the settings on your browser. In fact the first thing it does is alter your default search engine, homepage URL, and new tab page.

This is what the extension description of ArchimedesLookup looks like:

Permissions for “ArchimedesLookup”

Webpage contents
Can read sensitive information from webpages, including passwords, phone numbers, and credit cards on: all webpages

Browsing History
Can see when you visit: all webpages

The data gathered by ArchimedesLookup is generally used to deliver more personalized and targeted advertisements to the user. When you think about it, the ads that you see on your browser are usually related to the websites you previously visited or the products you clicked on before. This is because ArchimedesLookup is looking at your search queries and browsing history to find out your interests.

There is also a huge possibility that the data gathered ArchimedesLookup will be sold to third parties, such as marketing agencies and other hackers interested in this type of data.

So if you noticed unusual changes in your browser settings, you need to investigate as soon as possible to prevent more damages done by the ArchimedesLookup malware.

ArchimedesLookup Removal Instructions

If you believe that your computer has been infected by the ArchimedesLookup browser hijacker, you need to get rid of it immediately from your Mac.

Here is out step-by-step guide on how to remove ArchimedesLookup browser hijacker:

Step 1: Delete Unknown Profiles.

Profiles allow Mac users to control the actions and behavior of macOS. Any profile created by an admin cannot be changed by an ordinary user. Malware, such as ArchimedesLookup, usually creates new profiles to prevent the user from uninstalling the malicious application or reverting the changes done to the system.

So the first step in deleting ArchimedesLookup is to remove any profiles created by the malware. To do this:

  1. Click the Apple menu, then choose System Preferences.
  2. Click on Profiles.
  3. In the Profile window, look for newly created or unknown profiles.
  4. Highlight the profile by clicking on it, then click the delete (-) button at the bottom of the window.
  5. Repeat the steps above until you’ve deleted all suspicious profiles.

Step 2: Uninstall ArchimedesLookup From macOS.

The next step is to remove the ArchimedesLookup PUP from your Mac. The name of the PUP might be different from ArchimedesLookup to prevent you from associating it with the malware. So aside from ArchimedesLookup, you also need to look for other malicious applications that suddenly got installed on your Mac without your permission.

To uninstall ArchimedesLookup, follow the steps below:

  1. Open Finder from the Dock.
  2. Click Applications from the left panel. This should display all the apps installed on your Mac.
  3. Look for ArchimedesLookup or any suspicious app, then drag the icon to the Trash.
  4. You can also right-click on the icon and choose Move to Trash.
  5. Once you have removed all the apps that need to be uninstalled, right-click on the Trash icon, then click Empty Trash.

Step 3: Delete ArchimedesLookup Daemons And Agents.

To prevent ArchimedesLookup from re-infecting your Mac, you need to make sure that all files associated with the malware have been deleted. To do this:

  1. From the Finder menu, click Go > Go to Folder.
  2. In the search field, copy the following folder paths one by one, then look for ArchimedesLookup files in each of these folders:
    • /Library/LaunchAgents
    • ~/Library/LaunchAgents
    • /Library/Application Support
    • /Library/LaunchDaemons
  3. Here are some of the specific files you need to watch out for:
    • ~/Library/Application Support/com.ArchimedesLookup/ArchimedesLookup
    • ~/Library/Application Support/com.ArchimedesLookupDaemon/ArchimedesLookup
    • ~/Library/LaunchAgents/com.ArchimedesLookup.plist
    • ~/Library/LaunchDaemons/com.ArchimedesLookupDaemon.plist
  4. Once you find these suspicious files, right-click on them, then choose Move to Trash. Or you can simply drag them to the Trash.
  5. Don’t forget to empty the Trash after.

Step 4: Scan Your Mac For Leftover Files.

To make sure you’ve deleted all the infected files on your computer, you need to run your antivirus program to scan for any leftover files. You can also use Mac repair app to delete junk files that might cause other problems for your Mac.

Step 5: Remove ArchimedesLookup From Your Browser.

The last step is to revert all the changes done by ArchimedesLookup on your browser. You can follow the instructions below according to the browser affected by the malware:

How to Remove ArchimedesLookup from Google Chrome

To completely remove ArchimedesLookup from your computer, you need to reverse all of the changes on Google Chrome, uninstall suspicious extensions, plug-ins, and add-ons that were added without your permission.

Follow the instructions below to remove ArchimedesLookup from Google Chrome:

1. Delete malicious plugins.

Launch the Google Chrome app, then click on the menu icon at the upper-right corner. Choose More Tools > Extensions. Look for ArchimedesLookup and other malicious extensions. Highlight these extensions you want to uninstall, then click Remove to delete them.Google Chrome Extensions

2. Revert changes to your homepage and default search engine.

Click on Chrome's menu icon and select Settings. Click On Startup, then tick off Open a specific page or set of pages. You can either set up a new page or use existing pages as your homepage.Google Chrome Settings

Go back to Google Chrome's menu icon and choose Settings > Search engine, then click Manage search engines. You'll see a list of default search engines that are available for Chrome. Delete any search engine that you think is suspicious. Click the three-dot menu beside the search engine and click Remove from list.Remove from list

3. Reset Google Chrome.

Click on the menu icon located at the top right of your browser, and choose Settings. Scroll down to the bottom of the page, then click on Restore settings to their original defaults under Reset and clean up. Click on the Reset Settings button to confirm the action.Google Chrome Reset and Clean up

This step will reset your startup page, new tab, search engines, pinned tabs, and extensions. However, your bookmarks, browser history, and saved passwords will be saved.

How to Delete ArchimedesLookup from Mozilla Firefox

Just like other browsers, malware tries to change the settings of Mozilla Firefox. You need to undo these changes to remove all traces of ArchimedesLookup. Follow the steps below to completely delete ArchimedesLookup from Firefox:

1. Uninstall dangerous or unfamiliar extensions.

Check Firefox for any unfamiliar extensions that you don't remember installing. There is a huge chance that these extensions were installed by the malware. To do this, launch Mozilla Firefox, click on the menu icon at the top-right corner, then select Add-ons > Extensions.

In the Extensions window, choose ArchimedesLookup and other suspicious plugins. Click the three-dot menu beside the extension, then choose Remove to delete these extensions.Firefox Extensions window

2. Change your homepage back to default if it was affected by malware.

Firefox Options - General

Click on the Firefox menu at the upper-right corner of the browser, then choose Options > General. Delete the malicious homepage and type in your preferred URL. Or you can click Restore to change to the default homepage. Click OK to save the new settings.

3. Reset Mozilla Firefox.

Go to the Firefox menu, then click on the question mark (Help). Choose Troubleshooting Information. Hit the Refresh Firefox button to give your browser a fresh start.Reset Mozilla Firefox

Once you’ve completed the steps above, ArchimedesLookup will be completely gone from your Mozilla Firefox browser.

How to Get Rid of ArchimedesLookup from Internet Explorer

To ensure that the malware that hacked your browser is completely gone and that all unauthorized changes are reversed on Internet Explorer, follow the steps provided below:

1. Get rid of dangerous add-ons.

When malware hijacks your browser, one of the obvious signs is when you see add-ons or toolbars that suddenly appear on Internet Explorer without your knowledge. To uninstall these add-ons, launch Internet Explorer, click on the gear icon at the top-right corner of the browser to open the menu, then choose Manage Add-ons.Manage Add-ons

When you see the Manage Add-ons window, look for (name of malware) and other suspicious plugins/add-ons. You can disable these plugins/add-ons by clicking Disable.Disable Add-on

2. Reverse any changes to your homepage caused by the malware.

If you suddenly have a different start page or your default search engine has been changed, you can change it back through the Internet Explorer's settings. To do this, click on the gear icon at the upper-right corner of the browser, then choose Internet Options.Internet Options

Under the General tab, delete the homepage URL and enter your preferred homepage. Click Apply to save the new settings.Internet-Options

3. Reset Internet Explorer.

From the Internet Explorer menu (gear icon at the top), choose Internet Options. Click on the Advanced tab, then select Reset.Reset Internet Explorer

In the Reset window, tick off Delete personal settings and click the Reset button once again to confirm the action.

How to Uninstall ArchimedesLookup on Microsoft Edge

If you suspect your computer to have been infected by malware and you think that your Microsoft Edge browser has been affected, the best thing to do is to reset your browser.

There are two ways to reset your Microsoft Edge settings to completely remove all the traces of malware on your computer. Refer to the instructions below for more information.

Method 1: Resetting via Edge Settings

  1. Open the Microsoft Edge app and click More or the three-dot menu located at the upper-right corner of the screen.
  2. Click Settings to reveal more options.Resetting via Edge Settings
  3. In the Settings window, click Restore settings to their default values under Reset settings. Click the Reset button to confirm. This action will reset your browser’s startup page, the new tab page, default search engine, and pinned tabs. Your extensions will also be disabled and all temporary data like cookies will be deleted.Reset settings
  4. Afterwards, right-click on the Start menu or the Windows logo, then select Task Manager.
  5. Click on the Processes tab and search for Microsoft Edge.Task Manager
  6. Right-click on the Microsoft Edge process and select Go to details. If you don't see the Go to details option, click More details instead.Task-Manager
  7. Under the Details tab, look for all the entries with Microsoft Edge in their name. Right-click on each of these entries and choose End Task to quit those processes.End Task
  8. Once you have quit all those processes, open Microsoft Edge once again and you'll notice that all the previous settings have been reset.

Method 2: Resetting via Command

Another way to reset Microsoft Edge is by using commands. This is an advanced method that is extremely useful if your Microsoft Edge app keeps crashing or won't open at all. Make sure to back up your important data before using this method.

Here are the steps to do this:

  1. Navigate to this folder on your computer: C:\Users\%username%\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.Resetting via Command
  2. Select everything inside the folder, right-click on the highlighted files, then click Delete from the options.MicrosoftEdge Folder
  3. Search for Windows PowerShell using the search box beside the Start menu.
  4. Right-click on the Windows PowerShell entry, then choose Run as administrator.Windows PowerShell
  5. In the Windows PowerShell window, type in this command:

Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register $($_.InstallLocation)\AppXManifest.xml -Verbose}Administrator Windows PowerShell

  1. Press Enter to execute the command.
  2. Once the reset process has been completed, ArchimedesLookup should be completely deleted from your Microsoft Edge browser.

How to Get Rid of ArchimedesLookup from Safari

The computer’s browser is one of the major targets of malware — changing settings, adding new extensions, and changing the default search engine. So if you suspect your Safari to be infected with ArchimedesLookup, these are the steps you can take:

1. Delete suspicious extensions

Launch the Safari web browser and click on Safari from the top menu. Click Preferences from the drop-down menu.Safari Extensions

Click on the Extensions tab at the top, then view the list of currently installed extensions on the left menu. Look for ArchimedesLookup or other extensions you don’t remember installing. Click the Uninstall button to remove the extension. Do this for all your suspected malicious extensions.

2. Revert changes to your homepage

Open Safari, then click Safari > Preferences. Click on General. Check out the Homepage field and see if this has been edited. If your homepage was changed by ArchimedesLookup, delete the URL and type in the homepage you want to use. Make sure to include the http:// before the address of the webpage.

3. Reset Safari

Safari - Preferences

Open the Safari app and click on Safari from the menu at the upper-left of the screen. Click on Reset Safari. A dialog window will open where you can choose which elements you want to reset. Next, click the Reset button to complete the action.

Give us some love and rate our post!
[Total: 0 Average: 0]
Notify of
Inline Feedbacks
View all comments