Solved Having trouble getting rid of Search Baron

Infected operating system
macOS Monterey Version 12.0.1
Infected device issues
When using Google Chrome, any search made in the URL bar redirects to searchbaron , which then either redirects to Bing or Ask, or gets stopped by Safebrowse.io. Safari was initially affected, but not anymore.
Browsers affected by infection
  1. Chrome
Browser Settings: Homepage and Default Search Engine
"Google Chrome is your default browser"
"Search engine used in the address bar: Google"
"Search engine: Google (Default) | Shortcut: google.com"
Browser extensions
None.

aidanhoover

New Member
Thread author
Feb 26, 2023
5
(copy/pasting from my reddit post. I just made an account here, let me know if I'm doing anything wrong.)

I believe I recently installed some malware on my MacBook. I was trying to download a program and I got redirected to some other software download. I idiotically downloaded it and got all the way through the installation process before realizing that I had downloaded the wrong thing. I think this was the culprit.

Two weeks later, a Chrome search got redirected to a website called "Search Marquis". I checked Safari and Firefox, and both of them did the same thing. I eventually got some Antivirus free trial. It detected and removed some Malware.

Now, the Search Marquis thing is gone, but instead I'm getting bounced from Google to "searchbaron" dotcom to Bing. Safari is no longer affected, though (somewhere along this process I uninstalled Firefox, so I can't speak to that).

Any search about this Hijacker will give you the same list of steps: get rid of your Chrome extensions, check Chrome's search engine settings, reset your Chrome settings, check your Macbook's log-in items, check the LaunchAgents folder and the LaunchDaemons folder and the Application Support folder and check the Activity Monitor... I've tried this all five times over. It doesn't work.

I did some deep scans with Avast. It found some more malware and I removed it. Then I tried Malwarebytes, because that's what everyone tells you to try. Again, it found some more malware and I removed it. Now it's coming up dry. I uninstalled Chrome, reinstalled... Before logging in, it worked fine. Then I logged in, and it's sending me to Search Baron again. I cleared a whole bunch of crap from my Google account - cookies, settings, history, passwords, etc. Then I signed out... Still got the Search Baron. I'm kind of at my wit's end here. Any guidance would be much appreciated. Thank you.
 
  • Like
Reactions: Dave Russo

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Hello,

STEP 1. Let's check if there are any malicious profiles installed on your Mac:

  1. Go to System Preferences.
  2. Click Profiles.
  3. If this list will include the item “AdminPrefs“ or any other item that you don't recognize. Select this and click the remove “–” button in the lower-left corner.
If there isn’t a Profiles icon, you don’t have any profiles installed, which is normal.


STEP 2. Let's reinstall Chrome.

In many cases, changes to Chrome may have been made that are non-trivial to fix. In such a case, it will be easier to completely remove Chrome and all data, then reinstall. To do this, delete all of the following items:

Code:
/Applications/Chrome.app
/Library/Application Support/Google/
/Library/Google/
~/Library/Application Support/Google/
~/Library/Google/
~/Library/Preferences/com.google.Chrome.plist


Be aware that this will delete all data for all Google apps you have installed, such as Chrome bookmarks. Export any data you want to keep beforehand.

If you're not sure how to find these folders, choose Go to Folder from the Go menu in the Finder, then paste one of those paths into the window that opens. Be sure to delete the correct item, as deleting the wrong item could cause data loss or even damage to your system or other apps.

After deleting all these files, restart the computer. Then re-download Chrome and reinstall. You will need to import any exported bookmarks or other data, and may need to reinstall any other Google apps that you use.


Let me know if these steps fixed your issues.
 
  • Like
Reactions: Trident

aidanhoover

New Member
Thread author
Feb 26, 2023
5
Hello,

STEP 1. Let's check if there are any malicious profiles installed on your Mac:

  1. Go to System Preferences.
  2. Click Profiles.
  3. If this list will include the item “AdminPrefs“ or any other item that you don't recognize. Select this and click the remove “–” button in the lower-left corner.
If there isn’t a Profiles icon, you don’t have any profiles installed, which is normal.


STEP 2. Let's reinstall Chrome.

In many cases, changes to Chrome may have been made that are non-trivial to fix. In such a case, it will be easier to completely remove Chrome and all data, then reinstall. To do this, delete all of the following items:

Code:
/Applications/Chrome.app
/Library/Application Support/Google/
/Library/Google/
~/Library/Application Support/Google/
~/Library/Google/
~/Library/Preferences/com.google.Chrome.plist


Be aware that this will delete all data for all Google apps you have installed, such as Chrome bookmarks. Export any data you want to keep beforehand.

If you're not sure how to find these folders, choose Go to Folder from the Go menu in the Finder, then paste one of those paths into the window that opens. Be sure to delete the correct item, as deleting the wrong item could cause data loss or even damage to your system or other apps.

After deleting all these files, restart the computer. Then re-download Chrome and reinstall. You will need to import any exported bookmarks or other data, and may need to reinstall any other Google apps that you use.


Let me know if these steps fixed your issues.
Thanks for the response. There is no Profiles icon. As I said, I tried uninstalling and re-installing Chrome.
 

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Thanks for the response. There is no Profiles icon. As I said, I tried uninstalling and re-installing Chrome.
You've deleted the below folders and restarted before reinstalling Chrome, right? And

Code:
/Applications/Chrome.app
/Library/Application Support/Google/
/Library/Google/
~/Library/Application Support/Google/
~/Library/Google/
~/Library/Preferences/com.google.Chrome.plist
 
  • Like
Reactions: Trident

aidanhoover

New Member
Thread author
Feb 26, 2023
5
You've deleted the below folders and restarted before reinstalling Chrome, right? And

Code:
/Applications/Chrome.app
/Library/Application Support/Google/
/Library/Google/
~/Library/Application Support/Google/
~/Library/Google/
~/Library/Preferences/com.google.Chrome.plist
I just tried it again after following all those steps. It's the same deal - works fine until I log into Google and sync my account data.
 
  • Like
Reactions: Jack

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
I just tried it again after following all those steps. It's the same deal - works fine until I log into Google and sync my account data.
When Chrome Sync is turned on, most browser settings – including any unwanted extensions or search hooks – are stored in the Google Cloud, so that your Chrome browsing experience is consistent on all devices you log in to your Google account with.

To fix this, you will need to reset Chrome Sync. Here’s how:

  1. Open Google Chrome
  2. Click your Profile in the top right corner of your browser screen (next to the three dots)
    A small window will open in the top right corner
  3. Click Sync is On
    A new browser window will open to allow you to change your Google account settings
  4. Click Turn Off at the top
    A small confirmation window will appear in the middle of your browser window
  5. Click Turn Off again to confirm that you wish to stop syncing to the Google cloud
    The confirmation window will close, returning you to the Google account settings screen.
    This will also sign you out of Google.
  6. Next, open https://chrome.google.com/sync
    A Google login screen will be shown in your browser window.
  7. Enter your Google username and password
    The "Data from Chrome sync" screen will be displayed to show basic information on what information is being synchronized to the cloud
  8. Scroll to the bottom and click Reset Sync
    A window will be displayed to let you know that synchronization to Google’s cloud will now be stopped.
  9. Now run a Scan with Malwarebytes and remove any detections found during the scan.
Afterward, you can turn Sync back on in Chrome.

  1. Open Google Chrome
  2. Click your Profile in the top right corner of your browser screen (next to the three dots)
  3. Click Turn on Sync
    A confirmation window will be displayed in the center of your browser screen
  4. Click Yes I’m In.
    That’s all there is to it, unless you're having other issues with Chrome. Please see below for further adjustments if needed.
REMINDER: If you use Chrome to log in to any Google service from any other computer, please follow these steps before turning on Chrome sync on those computers as well.
Failure to do this will cause issues or problems to continually reoccur.
 

aidanhoover

New Member
Thread author
Feb 26, 2023
5
When Chrome Sync is turned on, most browser settings – including any unwanted extensions or search hooks – are stored in the Google Cloud, so that your Chrome browsing experience is consistent on all devices you log in to your Google account with.

To fix this, you will need to reset Chrome Sync. Here’s how:

  1. Open Google Chrome
  2. Click your Profile in the top right corner of your browser screen (next to the three dots)
    A small window will open in the top right corner
  3. Click Sync is On
    A new browser window will open to allow you to change your Google account settings
  4. Click Turn Off at the top
    A small confirmation window will appear in the middle of your browser window
  5. Click Turn Off again to confirm that you wish to stop syncing to the Google cloud
    The confirmation window will close, returning you to the Google account settings screen.
    This will also sign you out of Google.
  6. Next, open Account settings: Your browser is not supported.
    A Google login screen will be shown in your browser window.
  7. Enter your Google username and password
    The "Data from Chrome sync" screen will be displayed to show basic information on what information is being synchronized to the cloud
  8. Scroll to the bottom and click Reset Sync
    A window will be displayed to let you know that synchronization to Google’s cloud will now be stopped.
  9. Now run a Scan with Malwarebytes and remove any detections found during the scan.
Afterward, you can turn Sync back on in Chrome.

  1. Open Google Chrome
  2. Click your Profile in the top right corner of your browser screen (next to the three dots)
  3. Click Turn on Sync
    A confirmation window will be displayed in the center of your browser screen
  4. Click Yes I’m In.
    That’s all there is to it, unless you're having other issues with Chrome. Please see below for further adjustments if needed.
REMINDER: If you use Chrome to log in to any Google service from any other computer, please follow these steps before turning on Chrome sync on those computers as well.
Failure to do this will cause issues or problems to continually reoccur.
OK, that has done the trick! I tried it once and it didn't work, so I tried it again, quit the Chrome app, did a deep scan with a different antivirus program. It did find some stuff that Malwarebytes missed, so I got rid of it, restarted my computer, repeated the whole process again for good measure, and it seems like I'm good. Thank you very much!
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top