I can’t find the malware even though there was a profile

Infected operating system
MacOS Catalina
Infected device issues
Safari and google searches gets redirected to in.search.yahoo.com
Browsers affected by infection
  1. Safari
  2. Chrome
Browser Settings: Homepage and Default Search Engine
I set the homepage to google search in both chrome and safari
Browser extensions
There are no browser extension on safari

Kuheli

New Member
Thread author
Apr 29, 2020
3
Hi!
I removed a profile from the system preference as suggested here. But my browser keeps redirecting all my safari and chrome searches to in.search.yahoo.com (safe finder). I can’t seem to find any malware in the finder > application. I really don’t know what more to do? Is there any way you can help me fix this?
The extension was installed on chrome called QueensResultSearch. I think that’s the main malware but after deleting the extension and the profile, the problem is still there.
 

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Hey @Kuheli,

Can you also check if any QueensResultSearch files are located in the below folders? If they are, you can delete them.

  1. Click the desktop to make sure you’re in the Finder, choose “Go” then click on “Go to Folder“.
    Go to Folder mac
  2. Type or copy/paste each of the below paths into the window that opens, then click Go.
    • /Library/LaunchAgents
    • ~/Library/LaunchAgents
    • /Library/Application Support
    • /Library/LaunchDaemons
      Type the commands in the Go to Folder window
  3. Look out for QueensResultSearch and delete them. Look out for any suspicious files that could be behind all the drama – anything you don’t remember downloading or that doesn’t sound like a genuine program.


Next, please run a scan with Malwarebytes.

  • Please download Malwarebytes for Mac Free Edition.
  • Double-click Malwarebytes-Mac-4.x.x.x.pkg and follow the prompts to install the program.
  • When your Malwarebytes installation completes, the program opens to the Welcome to Malwarebytes screen.
  • Click on the Get started button.
  • Click Scan to start a Threat Scan.
  • When the scan is finished click Quarantine to remove the found threats.
  • Reboot the computer if prompted to complete the removal process.

Let me know the results after you've performed these steps.
 

Kuheli

New Member
Thread author
Apr 29, 2020
3
Hey @Kuheli,

Can you also check if any QueensResultSearch files are located in the below folders? If they are, you can delete them.

  1. Click the desktop to make sure you’re in the Finder, choose “Go” then click on “Go to Folder“.
    Go to Folder mac
  2. Type or copy/paste each of the below paths into the window that opens, then click Go.
    • /Library/LaunchAgents
    • ~/Library/LaunchAgents
    • /Library/Application Support
    • /Library/LaunchDaemons
      Type the commands in the Go to Folder window
  3. Look out for QueensResultSearch and delete them. Look out for any suspicious files that could be behind all the drama – anything you don’t remember downloading or that doesn’t sound like a genuine program.


Next, please run a scan with Malwarebytes.

  • Please download Malwarebytes for Mac Free Edition.
  • Double-click Malwarebytes-Mac-4.x.x.x.pkg and follow the prompts to install the program.
  • When your Malwarebytes installation completes, the program opens to the Welcome to Malwarebytes screen.
  • Click on the Get started button.
  • Click Scan to start a Threat Scan.
  • When the scan is finished click Quarantine to remove the found threats.
  • Reboot the computer if prompted to complete the removal process.

Let me know the results after you've performed these steps.

Thank you for replying so fast.

I followed all the steps you mentioned and have removed everything but now I can’t access any websites. I am getting the prompt “Safari can’t open the page ‘https://....’ because safari can’t establish a secure connection to the server ’www. ...’”
 

Kuheli

New Member
Thread author
Apr 29, 2020
3
Thank you for replying so fast.

I followed all the steps you mentioned and have removed everything but now I can’t access any websites. I am getting the prompt “Safari can’t open the page ‘https://....’ because safari can’t establish a secure connection to the server ’www. ...’”
It also says that the pages can’t be open because “The error is: ‘FetchEvent.respondWith received an error: TypeError: An SSL error has occurred and a secure connection to the server cannot be made.” (WebKitServiceWorker:0)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top