How to remove Any Search malware from your Mac
Any Search malware is a browser hijack that, once your Mac is infected, displays the Any Search homepage whenever you launch Safari, Chrome, or Firefox. It looks like an innocuous search page, and in fact forwards all searches to Yahoo, but it also intercepts traffic and uses that to display adverts. It manages to bypass Apple’s built-in security measures by being bundled with what look like legitimate downloads, such as Adobe Flash Player.
What is Any Search Manager virus?
Any Search Manager is a browser extension, which appears after updating Flash Player and changes your default start page in the browser. It behaves like a browser hijacker, which means it takes control over your browser and prevents you from visiting pages you want.
The first warning sign that you may have caught Any Search virus is when you’re being redirected to search.anysearch.net or other pages containing “search.anysearch” in their URLs.
Why does the browser redirect you to Any Search Manager?
If you have downloaded some free apps lately, Any Search may be distributed with any of them. Any Search malware spreads along with the Safe Finder extension. The latter one is also malicious.
When you give permission to the seemingly legitimate download to be installed, the bundled hijacker gets permission too. That’s why you should always be certain of what you’re downloading and double-check the website you’ve downloaded it from before you give permission for anything to be installed. Fortunately, it’s not too difficult to remove.
How to remove Any Search from your Mac
Check your Mac for unauthorized profiles
- Go to the Apple menu and click on System Preferences
- Look for a pane called Profiles. If it’s there, it will be next to Accessibility
- If it’s there, click on it and look to see if there is a profile called AdminPrefs
- If it’s there, unlock System Preferences by clicking the padlock and entering your login details, if necessary
- Click on the AdminPrefs profile and click the ‘-‘ button at the bottom left of the window
Check your Startup items
Malware like the Any Search Manager virus sometimes inserts itself in your startup items so it launches every time you boot your Mac.
- Go to System Preferences again and click the Users & Groups pane.
- Unlock it using the padlock, then click on your user name in the left-hand pane.
- Choose the Login items tab in the main window.
- Look for anything that seems suspicious.
- If you find anything, click on it then click the ‘-‘ button at the bottom of the window to remove it.
Alternatively, there is an easier way to remove login items, using CleanMyMac X, which scans your Mac for startup processes and allows you to remove them with one click. CleanMyMac also allows you to quickly and easily remove browser extensions, uninstall apps, and reclaim tens of gigabytes of disk space.
Get CleanMyMac here. It's a free version that allows you to remove a few login items completely for free.
Remove Launch Agents and Daemons
- In the Finder, click on the Go menu and choose Go to Folder.
- Scan the list of
.plistfiles and look for anything with a name you don’t recognize.
- If you find one, click on it and preview the file, looking for the name of a vendor you recognize.
- If you don’t find one, drag the file to the Trash.
- Repeat steps 1-5 for
- Once you’ve dragged all the files you want to remove to the Trash, empty it and restart your Mac.
How to remove Any Search from browsers
How to remove Any Search from Safari
Reset the default page in browser
- Once your Mac has restarted, launch Safari
- Click on the Safari menu and then choose Preferences
- Click on the Search tab and choose the search engine you want to use
- Select the General tab and set the Homepage to your preferred home page and the options above it to your preference from the menu options
How to remove Any Search from Chrome
- Launch Chrome.
- Click the Settings menu icon (three horizontal lines) on the left of the window or type
chrome://settings/into the address bar.
- Click On start-up and check the button next to “Open a specific page or set of pages”.
- Click on the More icon (three vertical dots).
- Choose Edit and type or paste the URL you want as your start-up page into the text box.
- Click Save.
- Click on the Settings icon again.
- Choose Search Engine.
- Click Manage search engines and press the More button next to the Any Search engine, then select Remove from list.
- Click on the dropdown menu next to the “Search engine used in the address bar” and choose the search engine you want to use. Alternatively, click Manage search engines and either add one from the bigger list (by clicking on the More icon and choosing Make Default) or press Add and type in the URL of another search engine.
How to remove Any Search from Firefox
- Launch Firefox.
- Press the settings button (three horizontal lines) on the right-hand side of the toolbar, or type
about:preferencesinto the address bar.
- Click the Home category and next to “Homepage and new windows” click on the dropdown menu and choose either Firefox Home or Custom URL. If you choose the Custom URL type the URL you want to open into the text box.
- Click the Search category and in the main window, scroll down to “One-Click Search Engines”. Click on Any Search and press Remove.
- Scroll back up and click on the menu under the Default Search engine and choose the one you want.
Remove suspicious browser extensions
The final steps for removal [Important]
So far we've cleaned the browser part — what's left is it to root out AnySearch from your system parts associated with Chrome and other browsers. First, we will need to check if AnySearch has seized your Chrome settings.
Please open Chrome, paste this string into the URL field, and press Return:
You will see something like this:
See the Level and Policy value columns. What's written there?
"Recommended" means AnySearch has gained control over your Chrome settings — need to uninstall Chrome.
"Mandatory" means the malware is sitting deeper and is tied to your user account
— go to step 2 below.
For additional check:
Go to Applications/Terminal
Open Terminal, paste the following command, and press Return:
defaults read com.google.Chrome
Now, look through the results. If you see anything related to Anysearch there, you can simply uninstall Chrome and reinstall it anew. The best way to uninstall Chrome along with all leftovers is CleanMyMac X's Uninstaller tool.
If that is not the case, please open Finder, go up to the Go menu in the menubar -> Go to Folder, and paste this directory:
/Library/Managed Preferences/[your username]
You should enter [your username] as shown in System Preferences/Users & Groups
Open the folder. Now look for a “com.google.Chrome” file there.
If you have found it in any of these locations, please open the file in any editor and check if you can find any Anysearch-related information there. Then, manually remove the info from the file and restart your computer.
The same logic applies to Firefox and Safari browsers.
Protect your Mac
Once you’ve removed Any Search manager, it’s a good idea to check for more malware. CleanMyMac X's Malware Removal tool scans your Mac for adware, viruses, spyware, and cryptocurrency miners and lists anything it finds in its main window. It then offers you the opportunity to remove them with one click or review its findings and choose what to remove. It’s a good idea to run the scan regularly to keep your Mac protected.
Download the app's free version here.
To avoid getting malware like Any Search, be vigilant when installing apps on your Mac. Don’t skip installation options and choose custom installation to deselect optional software download, if you aren’t sure the software that comes bundled is safe.
Any Search Manager is a nasty piece of malware that can be quite alarming when you first encounter it. However, it’s not too difficult to remove, so long as you’re diligent and follow the steps above. If you couldn't delete it and the virus shows up again, please contact us at firstname.lastname@example.org for further instructions.
Hope this article was useful. Stay tuned for more.