< The MacPaw How-tos

How to remove Any Search malware from your Mac


Any Search malware is a browser hijack that, once your Mac is infected, displays the Any Search homepage whenever you launch Safari, Chrome, or Firefox. It looks like an innocuous search page, and in fact forwards all searches to Yahoo, but it also intercepts traffic and uses that to display adverts. It manages to bypass Apple’s built-in security measures by being bundled with what look like legitimate downloads, such as Adobe Flash Player.

How do I know if my Mac is infected?

When you launch a web browser like Safari, Chrome, or Firefox you will not see your regular homepage. Instead you’ll see the Any Search page. You will then need to uninstall Any Search from your Mac, using the steps below.

How did I get infected?

When you give permission to the seemingly legitimate download to be installed, the bundled hijacker gets permission too. That’s why you should always be certain of what you’re downloading and double-check the website you’ve downloaded it from, before you give permission for anything to be installed. Fortunately, it’s not too difficult to remove.


How to remove Any Search from your Mac

1. Go to the Apple menu and click on System Preferences

2. Look for a pane called Profiles. If it’s there, it will be next to Accessibility

3. If it’s there, click on it and look to see if there is a profile called AdminPrefs

4. If it’s there, unlock System Preferences by clicking the padlock and entering your login details, if necessary

5. Click on the AdminPrefs profile and click the ‘-‘ button at the bottom left of the window

Check your Startup items

Malware like the Any Search Manager virus sometimes inserts itself in your startup items so it launches every time you boot your Mac.

1. Go to System Preferences again and click the Users & Groups pane

2. Unlock it using the padlock, then click on your user name in the left hand pane

3. Choose the Login items tab in the main window

4. Look for anything that seems suspicious

5. If you find anything, click on it then click the ‘-‘ button at the bottom of the window to remove it

Alternatively, there is an easier way to remove login items, using CleanMyMac, which scans your Mac for startup processes and allows you to remove them with one click. CleanMyMac also allows you to quickly and easily remove browser extensions, uninstall apps, and reclaim tens of gigabytes of disk space.

Get CleanMyMac here. It's a free version that allows to remove a few login items completely for free


Remove Launch Agents and Daemons

1. In the Finder, click on the Go menu and choose Go to Folder

2. Type ‘/Library/LaunchDaemons’

3. Scan the list of .plist files and look for anything with a name you don’t recognize

4. If you find one, click on it and preview the file, looking for the name of a vendor you recognize

5. If you don’t find one, drag the file to the Trash

6. Repeat steps 1-5 for /Library/LaunchAgents  and ~/Library/LaunchAgents

7. Once you’ve dragged all the files you want to remove to the Trash, empty it and restart your Mac

Reset the default page in browser


How to remove Any Search from Safari

1. Once your Mac has restarted, launch Safari

2. Click on the Safari menu and then choose Preferences

3. Click on the Search tab and choose the search engine you want to use

4. Select the General tab and set the Homepage to your preferred home page and the options above it to your preference from the menu options

How to remove Any Search from Chrome

1. Launch Chrome

2. Click the Settings menu icon (three horizontal lines) on the left of the window, or type “chrome://settings/“ into the address bar

3. Click “On start-up” and check the button next to “Open a specific page or set of pages”

4. Click on the “more” icon (three vertical dots)

5. Choose “edit” and type or paste the URL you want as your start-up page into the text box

6. Click Save

7. Click on the Settings icon again

8. Choose Search Engine

9. Click “manage search engines” and press the “more” button next to the Any Search engine, then select “Remove from list”


10. Click on the dropdown menu next to “Search engine used in the address bar” and choose the search engine you want to us. Alternatively, click “Manage search engines” and either add one from the bigger list (by clicking on the “more” icon and choosing “Make Default”) or press “Add” and type in the URL of another search engine

How to remove AnySearch from Firefox

1. Launch Firefox

2. Press the settings button (three horizontal lines) on the right hand side of the toolbar, or type “about:preferences” into the address bar

3. Click the Home category and next to “Homepage and new windows” click on the dropdown menu and choose either “Firefox Home” or “Custom URL”. If you choose “Custom URL” type the URL you want to open into the text box.

4. Click the Search category and in the main window, scroll down to “One-Click Search Engines”. Click on Any Search and press Remove.

5. Scroll back up and click on the menu under Default Search engine and choose the one you want


Remove suspicious browser extensions


The final steps for removal [Important]

So far we've cleaned the browser part — what's left is it to root out AnySearch from your system parts associated with Chrome and other browsers. First, we will need to check if AnySearch has seized your Chrome settings.

STEP 1

Please open Chrome, paste this string into the URL field and press Return:

chrome://policy/

You will see something like this:


See the Level and Policy value columns. What's written there?

"Recommended" means AnySearch has gained control over your Chrome settings — need to uninstall Chrome.

"Mandatory" means the malware is sitting deeper and is tied to your user account
— go to the step 2 below.

For additional check:

Go to Applications/Terminal
Open Terminal, paste the following command and press Return:

defaults read com.google.Chrome

Now look through the results. If you see anything related to Anysearch there, you can simply uninstall Chrome and reinstall it anew. The best way to uninstall Chrome along with all leftovers is CleanMyMac's Uninstaller tool. GET IT HERE

STEP 2.

If that is not the case, please open Finder, go up to the Go menu in the menubar -> Go to Folder, and paste this directory:

/Library/Managed Preferences/[your username]

You should enter [your username] as shown in System Preferences/Users & Groups

Open the folder. Now look for a “com.google.Chrome” file there. 

If you have found it in any of these locations, please open the file in any editor and check if you can find any Anysearch-related information there. Then, manually remove the info from the file and restart your computer.

The same logic applies to Firefox and Safari browsers. 

Protect your Mac

Once you’ve removed Any Search manager, it’s a good idea to check for more malware. CleanMyMac’s malware removal tool scans your Mac for adware, viruses, spyware and cryptocurrency miners and lists anything it finds in its main window. It then offers you the opportunity to remove them with one click or review its findings and choose what to remove. It’s a good idea to run the scan regularly to keep your Mac protected.

Download the app's free version here.

Any Search manager is a nasty piece of malware that can be quite alarming when you first encounter it. However, it’s not too difficult to remove, so long as you’re diligent and follow the steps above. If you couldn't delete it and the virus shows up again, please contact us at support@macpaw.com for further instructions.

Hope this article was useful. Stay tuned for more.



Share it! Knowledge is power:
MacPaw uses cookies to personalize your experience on our website. By continuing to use this site, you agree to our cookie policy. Click here to learn more.