Solved SearchMine

Infected operating system
macOS Catalina 10.15
Infected device issues
SearchMine is the default page on every new tab I open (even though I've verified that Chrome is my default browser).
Browsers affected by infection
  1. Chrome
Browser Settings: Homepage and Default Search Engine
google.com is my homepage and Google Chrome is my default search engine.
Browser extensions
Extensions: 1PasswordX, Delivery Trust for Gmail, Google Docs Offline, Google Hangouts, Google Docs, Google Sheets and Google Slides

rmblood

New Member
Thread author
Oct 14, 2019
5
I've spent several hours this morning trying to remove SearchMine from Chrome on my MacBook Air. I've followed every instruction I can find on the internet for removing it and still it persists. Can anyone help me remove this? Malwarebytes apparently does not pick it up on the scans. Help!
 

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Hello @rmblood,
Can you copy chrome://policy into the URL bar and click Enter, then check if there are policies loaded in Chrome.
 
  • Like
Reactions: upnorth

rmblood

New Member
Thread author
Oct 14, 2019
5
There are four policies. I've attached a screenshot of them.
 

Attachments

  • Screen Shot 2019-10-14 at 11.42.01 AM.png
    Screen Shot 2019-10-14 at 11.42.01 AM.png
    73.2 KB · Views: 787

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Ok, let's reset the Chrome Policies:
  1. Open a new Terminal window. (Finder > Go > Utilities > Terminal)
  2. Enter the following commands, pressing enter after each line:
    Code:
    defaults write com.google.Chrome HomepageIsNewTabPage -bool false
    defaults write com.google.Chrome NewTabPageLocation -string "https://www.google.com/"
    defaults write com.google.Chrome HomepageLocation -string "https://www.google.com/"
    defaults delete com.google.Chrome DefaultSearchProviderSearchURL
    defaults delete com.google.Chrome DefaultSearchProviderNewTabURL
    defaults delete com.google.Chrome DefaultSearchProviderName
  3. After running these commands, quit Chrome if you haven't already done so, then launch it again and check chrome://policy to see if the same keys are still present (you may need to click the "Reload policies" button for changes to show up). If they're gone, you should be able to change your search engine and home page back to your preferred defaults in Chrome's settings.
 

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
I did that. There are still threads but they show google.com. I've attached a screenshot.
Yes, this is what the code should do. If you want to change your search engine and homepage back to your preferred defaults in, you can now do this in the Chrome's settings.
Is your browser still redirected to searchmine?
 

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
It isn't redirected. Thank you, thank you, thank you! You made my day!
No problem, I'm happy that I could help! : )
I would recommend that you install an ad blocker for your browser. This is what I use: uBlock Origin - it's free, it blocks all ads and should block malicious advertisements which are the cause of this type of infection.
 

astockwellllllll

New Member
Oct 30, 2019
2
Ok, let's reset the Chrome Policies:
  1. Open a new Terminal window. (Finder > Go > Utilities > Terminal)
  2. Enter the following commands, pressing enter after each line:
    Code:
    defaults write com.google.Chrome HomepageIsNewTabPage -bool false
    defaults write com.google.Chrome NewTabPageLocation -string "https://www.google.com/"
    defaults write com.google.Chrome HomepageLocation -string "https://www.google.com/"
    defaults delete com.google.Chrome DefaultSearchProviderSearchURL
    defaults delete com.google.Chrome DefaultSearchProviderNewTabURL
    defaults delete com.google.Chrome DefaultSearchProviderName
  3. After running these commands, quit Chrome if you haven't already done so, then launch it again and check chrome://policy to see if the same keys are still present (you may need to click the "Reload policies" button for changes to show up). If they're gone, you should be able to change your search engine and home page back to your preferred defaults in Chrome's settings.
Hey there!

I've had similar issues (which brought me here) and when I run these, I get through the first three ok, but once i get to the last 3 it all falls apart. It says that the "Domain (com.google.Chrome) not found. Defaults have not been changed."

It doesn't matter what user I try it on, new or existing. Any ideas?
 
  • Applause
Reactions: [correlate]

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Hey there!

I've had similar issues (which brought me here) and when I run these, I get through the first three ok, but once i get to the last 3 it all falls apart. It says that the "Domain (com.google.Chrome) not found. Defaults have not been changed."

It doesn't matter what user I try it on, new or existing. Any ideas?
Can you please restart your computer, then reset your browser settings.

  1. On your computer, open Chrome.
  2. At the top right, click More (the 3 vertical dots)
    and then
    Settings.
  3. At the bottom, click Advanced. Under "Reset Settings," click Restore settings to their original defaults
    and then
    Reset Settings.

Check if you're browser is still being redirected to SearchMine.
 

astockwellllllll

New Member
Oct 30, 2019
2
Can you please restart your computer, then reset your browser settings.

  1. On your computer, open Chrome.
  2. At the top right, click More (the 3 vertical dots)
    and then
    Settings.
  3. At the bottom, click Advanced. Under "Reset Settings," click Restore settings to their original defaults
    and then
    Reset Settings.

Check if you're browser is still being redirected to SearchMine.
Thanks! We have tried, and have the same issue still

I've actually gone so far as completely uninstalling Chrome and all Google folders Library and the ~/Library folders. It shows on multiple users on the computer, still
 

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Can you double-check if this folder was removed: ~/Library/Preferences/com.google.Chrome.plist - in recent versions of macOS this file is invisible.


In many cases, changes to Chrome may not be fixed with a simple browser reset. In such a case, it will be easier to completely remove Chrome and all data, then reinstall. To do this, click the Finder icon, from the menu bar. Choose Go, and click Go to Folder, then paste one of the below paths into the window that opens.

You will need to delete all of the below items, but before doing this be aware that this will delete all data for all Google apps you have installed, such as your bookmarks, so you will need to export them before doing this.

/Applications/Chrome.app
/Library/Application Support/Google/
/Library/Google/
~/Library/Application Support/Google/
~/Library/Google/
~/Library/Preferences/com.google.Chrome.plist
<<<< The "~" indicates that it's the current user's Library which is often invisible in recent versions of macOS. To get to it you must hold down the Option (sometimes labeled Alt) key down and select Library from the Finder's Go menu.

After deleting all of the above files, restart your device. You can now download and re-install Google Chrome on your device. You will need to import any exported bookmarks or other data, and may need to reinstall any other Google apps that you use.


Let me know if these steps fixed your issues.
 
  • Like
Reactions: Venustus

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top