What is the Search Marquis Virus on Mac?

Browser Hijack
TRY AVARMOR

Click to download Outbyte AVarmor, a progressive anti-malware software, optimized for Windows 10 and 11. Enhance your PC's security with our special offer. For details, refer to About Outbyte AVarmor and Uninstall Instructions. Review our End User License Agreement (EULA) and Privacy Policy for more information.

Whenever you open your browser and try to make a query, you usually just type in what you’re searching for in the address bar and the browser automatically searches it for you. Most browsers use Google as their default search engine. In fact, Google has a 92.06% search engine market share worldwide as of May 2020, followed by Bing with 2.62% and Yahoo with 1.79%. https://gs.statcounter.com/search-engine-market-share

So when you notice that your queries are showing you results that look different from your default search engine, which is most likely Google, then you probably have malware on your computer. Adware is known for changing the browser’s default search engine to drive more traffic to its clients or affiliates. This is how adware and browser redirects usually operate.

Recently, several Mac users reported being infected by the Search Marquis virus. This nasty piece of malware redirects the user’s query to the searchmarquis.com search engine before directing it to Bing for the search results. Although this type of adware may not be as dangerous as other malware, you should still get rid of it as soon as it is detected because it might expose your personal data to risks.

If your Mac has the Search Marquis virus, getting rid of it is a lot easier than you think. It might look complicated at first, because of all the components you need to remove completely from your Mac, but the process is made simpler by following our Search Marquis removal instructions below.

What is the Search Marquis Virus on Mac?

Search Marquis is a browser hijacker adware that automatically redirects the affected user to Bing and makes this their default search engine without the user’s knowledge and approval. When users try to make a search, the traffic is redirected to Searchmarquis.com, the address of a fake search engine, claiming to generate unique results and improve the overall browsing experience. This might seem like a regular search engine, such as Yahoo or Google, but it is actually a fake search engine promoted via rogue download and installation set-ups.

Basically, these set-ups modify browser settings to benefit the adware’s paying clients. Furthermore, fake search engines like Search Marquis are designed to collect various information relating to user’s browsing activities, then sell the collected data to third parties or use them for advertising purposes. The Search Marquis virus operates identically to the searchitnow.info virus.

Malicious download and installation setups generally target web browsers, such as Google Chrome, Mozilla Firefox, and Safari. The malicious software promotes the searchmarquis.com search engine and assigns it as the default for that affected browser. The homepage and new browser tab page are also changed to searchmarquis.com. Most of the time, you’ll also notice a new extension added to the browser, all for the purpose of driving more traffic to the destination URL.

Aside from these changes, the Search Marquis virus on Mac also installs helper objects or third party browser applications to prevent users from undoing the modifications done by the virus to the browser settings. These helper apps make sure that the user is forced to visit searchmarquis.com every time the affected browser is launched, a new tab is opened, or the user enters a search query into the address bar.

Unfortunately, this is not the only danger brought by fake search engines. The Search Marquis virus on Mac and its helper objects work together to collect IP addresses, geolocation data, browsing history, search queries, and other information from the infected device. The developers behind this adware share the gathered details with other parties, including cyber criminals, who misuse the collected data to generate revenue.

If you look closely, you’ll find that searchmarquis.com does not generate any unique search results, contrary to its claims. Instead, the search results are gathered by Bing, it simply redirects the traffic to bing.com.But before opening bing.com, the Search Marquis virus routes the users through phony websites, such as Searchnewworld.com, Searchbaron.com, and Searchroute-1560352588.us-west-2.elb.amazonaws.com.

Aside from Searchmarquis.com, there are other fake search engines on the web, such as:

These fake search engines claim to enhance browsing experience, but in fact, they are useless and offer no unique results.

Why Does Your Mac Have the Search Marquis Virus?

Most fake search engines, such as the Search Marquis virus on Mac, infiltrates the victim’s computer through malicious downloads. When you download free apps and install them on your computer, like a free YouTube downloader or a free video converter, you’re probably downloading the adware on your computer as well. If you don’t go through and inspect the installation process thoroughly, the adware will be sneakily installed on your device via the quick install option.

The Search Marquis malware can also slip into your computer when you visit malicious websites where it is hosted. In some cases, just visiting these websites is enough to trigger the download of the adware without your knowledge. You’ll only notice that there is something wrong when you experience the weird redirects.

Users can also be infected by the Search Marquis virus when they click the links or download the attachment on phishing emails that are meant to distribute the malware. Phishing emails should be easy to recognize, but there are sophisticated phishing campaigns that are difficult to guard against.

But even though most security software categorize the Search Marquis virus as moderately dangerous, it is important to get rid of it from your device to avoid complications in the future. If you believe your device has been infected by this malware, you can follow our Search Marquis removal instructions below.

How to Remove the Search Marquis Virus From Mac

The Search Marquis may not be as insidious as other malware, such as Trojans, ransomware, and spyware, but you should not underestimate its threat level as well. Browser redirects can be dangerous when you don’t know where it’s leading you to. It might redirect you to a website that steals all your information or hosts a more malicious type of malware.

To remove the Search Marquis virus, you need to take out all the components of this adware, including the hidden ones. If any of them gets left behind, the virus can use it to regenerate itself and infect your computer once again.

To get rid of Search Marquis, follow the removal steps below:

Step 1: Quit Your Browser.

If you’re using Safari, click Safari from the top menu, then choose Quit Safari. The same steps apply for other browsers you might be using, such as Chrome or Firefox. If you have trouble closing your browser, you might need to do a force-quit by following the steps here:

  1. Click the Apple menu, then choose Force Quit.
  2. Alternatively, you can press Command + Option + Escape to open the Force Quit dialog.
  3. Look for the browser on the list of running apps, then select it.
  4. Click the Force Quit button and confirm your action.

Your browser should now be completely closed.

Step 2: Quit All the Malware Processes.

The next step is to ensure that all processes related to malware are not running. Otherwise, you won’t be able to successfully remove it from your computer and you’ll end up with an error. To quit all Search Marquis processes, do the following:

  1. Open Activity Monitor by going to Finder > Go > Applications > Utilities.
  2. In the Activity Monitor window, look at all the processes and search for those related to the Search Marquis virus. You can usually tell by the name of the process whether it has something to do with the Search Marquis virus.
  3. Highlight the suspicious process, then click the i button at the top. This would give you more information about the process highlighted.
  4. Click on the Quit button to kill that process.
  5. Do the steps above for all suspicious processes in Activity Monitor.

Step 3: Uninstall the Search Marquis PUP.

If the adware came with a potentially unwanted program (PUP), you also need to uninstall it from your Mac. You can do this by going to Finder > Go > Applications, then dragging the Search Marquis app icon to the Trash. Make sure to empty the Trash to remove all traces of the virus.

Step 4: Delete All Leftover Files.

You need to scour your folders to find all the components of the Search Marquis virus on your Mac and delete them completely. You need to examine the contents of specific folders where malware often drops its files.

Press the Command + Shift + G buttons on your keyboard and type in the following address: /Library/LaunchAgents. Look for any malicious files inside this folder, such a

  • com.pcv.hlpramc.plist
  • com.updater.mcy.plist
  • com.avickUpd.plist
  • com.msp.agent.plist

If you see any of these files, drag them to the Trash. Go back to the folder search dialog, then type in the following address: ~/Library/Application Support. Same with what you did earlier, look for suspicious files, such as:

  • UtilityParze
  • ProgressSite
  • IdeaShared

Next, go to the /Library/LaunchDaemons folder and look for the following files:

  • com.pplauncher.plist
  • com.startup.plist
  • com.ExpertModuleSearchDaemon.plist

Delete these files when you encounter them inside the folder. The last folder you should check is the ~/Library/LaunchAgents folder for files that might be related to the Search Marquis virus.

Step 5: Remove Search Marquis From Your Browser.

Once you have deleted all the components of the Search Marquis virus and killed all processes, you can now safely undo all the changes the malware has done to your browser. This means uninstalling any weird extensions, changing the default search engine, and reverting the new tab page and homepage. You can follow the instructions below, depending on the browser you are using:

Safari

  1. Launch the Safari browser and click the Safari menu. Choose Preferences from the drop-down menu.
  2. In the Preferences window, click on the Advanced tab.
  3. Tick off Show Develop menu in menu bar.
  4. When Develop has been added to the menu bar, click to expand it, then choose Empty Caches.
  5. Next, choose History from the Safari menu and click on Clear History in the dropdown options.
  6. Choose all history from the dropdown menu, then click on the Clear History button.
  7. Go back to the Safari Preferences and click on the Privacy tab.
  8. Click Manage Website Data > Remove All button.
  9. Go back to the Safari menu and click on the Extensions tab and uninstall the Search Marquis extension.
  10. Restart Safari.

Google Chrome

  1. Launch the Chrome browser.
  2. Click the menu (⁝) icon located at the top-right corner of the window, choose More Tools > Extensions.
  3. Find the suspicious extension and click the Trash icon.
  4. Go back to the menu and select Settings from the drop-down.
  5. In the Settings menu, select Advanced.
  6. Scroll down to the Reset settings section.
  7. Confirm the reset when the dialog pops up.
  8. Once completed, relaunch the Google Chrome browser.

Mozilla Firefox

  1. Launch Firefox and click on the Mozilla menu located in the top right corner.
  2. Click on Add-ons > Extensions, then uninstall the Search Marquis extension.
  3. Go to Help – Troubleshooting Information.
  4. Alternatively, you can type in about:support in the address bar and press Enter.
  5. In the Troubleshooting Information screen, click on Refresh Firefox.
  6. Confirm the action and restart Firefox.

Summary

The Search Marquis virus may not be as threatening as other malware, but it is still dangerous in its own right. Aside from redirecting your queries through dodgy websites, this adware also collects your information for advertising and money-generating purposes. If you suspect your device to be infected with this malware, you need to remove it completely from your Mac using the Search Marquis removal instructions above.

Give us some love and rate our post!
[Total: 0 Average: 0]
Subscribe
Notify of
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments