What is Search Marquis
The alteration of the browser home page is often the first visible symptom of the named malware Search Marquis: in detail, it is a browser hijacker, that is, a malicious program capable of altering browser settings, such as the main page and the search engine, in an arbitrary way.
This malware hijacks the user to a particular search engine - searchmarquis.com, in fact - which adds often invasive sponsored content, pop-up windows and unexpected banners to Bing search reonts (search engine instead of completely legitimate). Furthermore, the searches carried out starting from the “modified” engine are sorted on some websites of dubious origin, able to trace the activity carried out on the Internet.
Unfortunately, Search Marquis does not present itself as a single piece of software, but as a series of components scattered here and there for the operating system: “strange” processes, auto-starting elements, browser settings and much more.
For this reason, in the following bars of this guide, I will explain how to eradicate this threat using a specific anti-malware, able to find the threat and eliminate it almost completely; finally, I will also show you how to bring things back to normal within the browser.
How to delete Search Marquis from Mac
Now that you are well aware of the potential risks associated with Search Marquis, it is time to get to the heart of this guide and explain, in practice, how to get rid of this annoying and unwanted "guest".
Preliminary scan
Although it is apparently harmless malware, Search Marquis sneaks into rather hidden parts of the Mac, often disguising its components with names that are hardly attributable to the nature of the threat itself.
For this reason, in order to avoid manual interventions that could damage the operating system (thus forcing you to reinstall it), I recommend that you run an anti-malware scan using a special software, which could be Malwarebytes Anti-Malware.
If you have never heard of it, this is a great program that can eliminate malware and adware (like Search Marquis) very easily, within a couple of clicks. Basically, the program is free and can be used to scan on deme; There is also a paid version, which costs € 39,99 / year, which includes the real-time protection module and other additional features (which, however, in this context, you do not need).
To download the free version of Malwarebytes Anti-Malware for Mac, connect to the program's home page and click on the button Free download.
When the download is complete, open the package .pkg obtained, click on the button Continue three consecutive times, then on Agree and Install e, when necessary, enter the Mac admin password in the appropriate field; then finish everything by clicking on the buttons Install software, Close and Move.
If all went well, the program should open automatically; if this does not happen, you can start it manually using the icon that in the meantime has been added to Launchpad (l'icona della grid which resides in Dock).
In any case, once you have reached the Malwarebytes Anti-Malware home screen, click on the button Start now, award your bottone Select placed in the box Personal computer and refuse the purchase of the Premium license by clicking on the item Maybe later and Start now: following this operation, one will be activated Premium trial license lasting 14 days, after which the program will continue to be used in "steard" mode.
Now, grant the software full disk access, following the instructions given to you: click on the button Open Preferences to view the Security and Privacy section of the System Preferences, press the symbol of locked padlock present at the bottom left e, when prompted, enter the Mac admin password and by Submit.
Now, click on the item Full disk access resident in the left sidebar, put the check mark in the box next to the item Malwarebytes protection and close System Preferences, to return to the Malwarebytes configuration screen again. To finish configuring the program, click on the button NEXT twice in a row and then on Done.
If everything went smoothly, you should now see the main program screen: to start the computer analysis, click on the button Scan resident in the center of the window and wait for the procedure to be completed. Depending on the size of the files and the disk, the procedure may take up to tens of minutes.
Once the scan is complete, you will be automatically taken to the reonts page: to proceed with the cleaning of the Search Marquis files, which should be marked as PuP, Spywer or Browser Hijacker, put the check mark next to all the items reported by the program and click on the button Confirm / Delete, in order to move the files to quarantine, or to get rid of them permanently.
If you are asked, restart your Mac by pressing the appropriate button e, at the next access, perform a new scan, to make sure that the Search Marquis files have been permanently deleted.
If you wish, you can deactivate the Premium features before the free trial expires, so that Malwarebytes does not monitor macOS in real time and does not perform other operations, independently, on the operating system; to do this, click on thegear located at the top left, select the tab My Account located on the screen that appears and click on the buttons Deactivate premium trial and disable.
If, on the other he, Malwarebytes does not satisfy you, you can try to control your Mac with CleanMyMac X, an all-in-one Mac security and cleaning solution that lets you eliminate malware, free up disk space, free up RAM, and speed up your Mac at 360 degrees. You can download it for free. More info here.
How to remove Search Marquis from Safari
After you have deleted the “heart” of Search Marquis thanks to the anti-malware scan, you just have to delete its traces from the browser as well. So, to get started, start Safari by clicking on the icon compass annexed to Dock, click on the menu Safari> Preferences ... (above), go to the card Generali located in the next window and make sure that, in the text field corresponding to the item First page, the web address of Apple, that of Google or, in general, any other address that is lawful and not connected to Search Marquis is specified (otherwise you can change it).
Once this is done, click on the tab Extensions, select, one at a time, all those you do not remember installing and click on the button Uninstall, to delete them. I also recommend that you delete the website data from the browser: to do this, click on the tab Privacy, then on the button Manage website data and then on the buttons Remove all and Remove.
As an additional security measure, I recommend that you also get rid of the browser cache, that is, all those temporary files saved on your computer to load Web pages more quickly: therefore reach the tab Advanced, put the check mark next to the item Show menu Sviluppo nella barra dei menu and close the Safari settings window. Next, click on the menu Development browser and click on the item Clear your cache, to conclude.
Once these operations have been completed, you should have completely cleaned Safari from Search Marquis traces. If not, you may have to proceed with a more in-depth "manual" cleaning which, however, involves the deletion of personal data and all other information connected to the browser, returning it to its initial state.
I know, it is a bit drastic, but often decisive. To proceed, close Safari completely, press and hold the button Other and click on the menu Go> Library Finder (located in the Mac menu bar). Now, follow the steps below to delete the various browser settings.
- General Settings: select the folder Safari and move it to the trash.
- cache: return to the folder library, enter the directory Caches and delete the folder com.apple.Safari.
- Pref Renze: return to the folder library, enter the path Preferences and delete any files whose name starts with com.apple.Safari.
- Previous state: return to the folder library, enter the directory Saved Application State and delete the folder com.apple.Safari.savedState.
- Cookie settings: return to the folder library, access the sub-folder Cookies and delete the files com.apple.Safari.SafeBrowsing.binarycookies and Cookies.binarycookies.
When you're done, try restarting your browser - if all went well, Safari should be back to its initial settings and all traces of Search Marquis should be gone. For more information on how to restore Safari, take a look at the specific guide I have dedicated to the topic.
Please note: if you have enabled the synchronization of navigation data with iPhone and iPad, the last ones will be deleted from all your devices.
How to remove Search Marquis from Google Chrome
If, on the other he, you usually use Google Chrome, do this: after opening the browser, click on the button (⋮) located at the top right, select the items Other tools> Extensions from the menu that appears, locate the suspicious add-ons or that you do not remember installing e, when you have found them, click on the button Remove, placed in the respective boxes, for two consecutive times.
The next step is to bring the browser home page back to normal: click the button again (⋮) to open the main menu of the program, this time select the item Settings, locate the box All'avvio and apponi il segno di spunta accanto alla voce I clicked the Nuova tab page.
Now, tap on the section Manage search engines (left), click on the drop-down menu Search engine used in the address bar and select Google or any other "trusted" engine, among those displayed.
After this step too, click on the item Manage search engines and identifies, in the list that appears on the screen, any search engines that refer to Search Marquis or similar; when you have found them, click on the button (⋮) corresponding to them and press on the item Delete, which appears in the proposed menu. Finally, tap on left arrow (located at the top) to return to the browser settings menu.
Now, as an additional security measure, I advise you to delete cookies and other site data: therefore click on the item Clear browsing data, set thetime lapse su From the beginning, put the check mark next to the items Cookie and altri dati dei siti and Cached images and files and his bottone award Clear data, to conclude. Finally, restart your browser and check that things are back to normal.
How do you say? Do you still see any "traces" of Search Marquis? In this case, I recommend that you reset Google Chrome to its initial settings: by doing so, you will delete most of your browser's personal settings, except for bookmarks and configured accounts. It is quite a drastic procedure, I know, but very often it represents the solution to the problem.
To restore Google Chrome, go back to the Settings browser, as I showed you a little while ago, click on the item Advanced placed at the bottom of the page that appears and then on the item Restore the original default settings, also located below. Finally, remove the check mark from the box next to the item Help improve Chrome by indicating current settings and click on the button Reset, finally. More info here.
Please note: if you have activated the synchronization of navigation data with other devices, the last ones will be deleted from all your devices.
How to protect yourself from Search Marquis (e other similar threats)
If you've found (e removed) Search Marquis on your Mac, you've certainly realized that macOS malware is rare, but not impossible to find. Although the macOS protections are many and active by default, it is possible to bypass them, even without wanting to: for example, the system GateKeeper It keeps you safe from running software from non-certified developers, but there are some malware that can silently disable this feature.
To make sure GateKeeper is active, open the System preference, pressing the icon ofgear placed on the Dock, click on the icon Privacy and security in the window that opens, then go to the tab Generali and check that, in correspondence with the box Allow apps downloaded from:, the item is selected App Store and identified developers.
If the voice is present Everywhere and the same was selected (clear symptom of a "profound" change, even if involuntary, to the system settings), click on the locked padlock located at the bottom left, enter the Mac admin password in the appropriate field and press the button Submit keyboard. Once this is done, put the check mark next to the item App store and developers identified and close the System Preferences window.
To make the Wherever option "disappear", thus authorizing only the execution of software from authorized developers, go to the menu Or> Utility of macOS, open the terminal by double clicking on its icon and issuing the comme sudo spctl --master-enable inside it, followed by pressing the key Submit. When prompted, enter the Mac admin password and give again Submit: following this operation, the GateKeeper protective action will be active again.
Regardless of GateKeeper's restrictions, in any case, be sure to allow programs downloaded from trusted sources to run only (first of all, the Mac App Store) and avoid installing or running programs whose exact origin you do not know, downloaded from file hosting services or from P2P networks such as BitTorrent: very often, in addition to being harmful and rich in malware, these software are also illegal (unless they are not free and open source software officially distributed on the BitTorrent network, such as LibreOffice, for example).
Also be wary of popups that appear while browsing the Internet, which pretend to notify you of necessary updates to plugins such as Adobe Flash Player (no longer supported), Java or similar: in most cases, clicking on such warnings leads to unaware installation spyware or malware of various kinds. As a precaution, I recommend that you always keep browser pop-ups blocked, unless you have special needs related to specific sites.
Also, make sure that the Xprotect, ie the "steard" integrated anti-malware in macOS, update automatically: to do this, open the System preference, reach the section Software update, award your bottone Advanced (located at the bottom right) and make sure the entry Install system data files and security updates is selected, otherwise do it yourself and click on the button OK.
Ultimately, keeping the security measures built into macOS active and running a preventive scan from time to time (with programs like Malwarebytes Anti-malware) should protect you from most existing threats, but be careful: as mentioned, bypass Mac warnings lightly can frustrate everything and still expose you to cyber risks. Take that into account!
