< The MacPaw How-tos

Conduit Malware on Mac: Remove Conduit virus from Chrome


Remove Conduit malware from Mac

Disguised as a browser plugin, Conduit - also known as Conduit Search - is believed to have been created by ClientConnect Ltd. It claims to improve a Mac users internet browsing experience by generating improved search engine results.

However, what it really wants to do is collect user data and send it to cyber criminals. Conduit is capable of collecting keystrokes and passwords, IP addresses, geo-location data, and monitoring browser activity.

What is conduit virus

What is Conduit malware on Mac?

Conduit - which is also said to go by the names Trovi and VSearch - is another from of malicious malware known as a browser hijacker. It takes over your browser, changing the default search engine to search.conduit.com. It installs itself as a browser plugin, then can be used to steal data and cause other cyber infections to take hold in your Mac.

conduit search malware

It is not picky about which browser it takes over - Conduit has been around several years and is capable of hijacking Safari, Chrome and Firefox. It will send you unwanted adverts and popups, redirect you to unexpected web pages when you click on websites you visit often, especially those that are in your Bookmarks. Conduit can modify browser security settings, make your Mac run more slowly and will continue to collect and transmit data back to its control servers until you’ve managed to eliminate the infection.

The longer your Mac is infected with this virus, the greater chance you have of accidentally downloading other viruses and more dangerous types of malware. Removing this virus is worth doing as soon as you realise your browser is behaving oddly.

Remove Conduit from Chrome Mac MacBook

How to remove Conduit malware?

Browser hijackers - although annoying - are one of the easier types of malware to remove. They are also easier to spot, as everyone soon knows when their browser has been taken over, default search engine changed and other settings have been altered without your consent. Unfortunately, it isn’t as easy to know what else the malware has let into your computer.

Adware is a gateway virus, opening a backdoor for other computer viruses, including spyware, malware and other threats. Malicious software is bundled into links, adverts and other downloadable payloads; which makes this minor irritation more of a risk to your Mac than most people would assume.

To make your Mac safe, here is how you can remove it manually:

How to delete conduit search on Mac

#1: Uninstall from Safari

  1. Go to Safari > Preferences
  2. Click on Extensions
  3. Pick the Extension that you don't recognize to delete
  4. Click Uninstall
  5. Confirm that you want to Uninstall the extension

#2: Remove from Chrome

  1. Open Chrome
  2. Go to the Menu in your browser
  3. Click on More Tools > Extensions
  4. Pick the Extension that you don't recognize to delete
  5. Click Remove
  6. Confirm that you want to Remove the extension

#3: Remove from Firefox

  1. Open FirefoxGo to the Menu in your browser
  2. Click on the Add-ons manager tab
  3. Select the Extension you want to remove
  4. Click Remove
  5. Confirm that you want to delete

Some Mac articles recommend using CleanMyMac X to delete extensions. To its advantage, the app interface is very clear and you can remove all the browser add-ons in one go. Here is a screenshot from my Mac:

How to remove Conduit from Safari

Conduit virus how to delete

Deleting Conduit leftovers from the system

Now that you’ve removed the extension from your browser, you need to search through your Mac for other traces of this virus. Click on Finder, then press Go > Go to Folder... in the upper menu. 

Conduit (Trovi, VSearch) virus

Here are a handful of the folders that need to be checked:

/Applications/
/Library/Application Support/SIMBL/Plugins/
/Library/Internet Plug-Ins/
/Library/Internet Plug-Ins/
/Library/Application Support/SIMBL/
/Library/LaunchAgents/
/Library/ScriptingAdditions/

Once these are free from infection, it is worth resetting your browser and making sure the settings have restored your default search engine.

If all of that sounds like too much work, there is a quicker way. It is a smart move to scan for other potential risks and viruses, as it is difficult to know what else might have been set loose in your Mac thanks to the Conduit malware infection.

Remove Conduit Trovi, VSearch

Easier way: Delete Conduit with a dedicated tool

The app mentioned above, CleanMyMac X is a powerful Mac cleaning device. It scans and removes many known types of malware and hidden agents that are specific to the macOS. Its virus database is regularly updated, so if a new disguise of the Conduit virus arrives, the app will likely include a remedy.

To remove Conduit Search quickly and easily, take the following steps:

  1. Download CleanMyMac X (free edition of the application)
  2. Click on the Malware Removal tab
  3. It will scan for Conduit and any other infections, spyware, adware and malware
  4. CleanMyMac X will show you what your Mac is infected with
  5. Click Remove and they will vanish for good

Conduit Trovi, VSearch how to delete


Conduit can hide and illegally gain control of any web browser on a Mac. It can record everything you type, everywhere you go. Removing it means you can reclaim your browser and default search engine. There are, thankfully, a few quick and easy ways to do that, whether you want to remove it manually or using a tool to speed the process up.


These might also interest you:



Share it! Knowledge is power:
MacPaw uses cookies to personalize your experience on our website. By continuing to use this site, you agree to our cookie policy. Click here to learn more.