Remove Any Search Manager virus from Mac

0
926
Any Search Manager by SafeFinder
Any Search Manager

What is Any Search Manager?

Any Search Manager by SafeFinder is a strain of Mac malware that changes one’s web browsing preferences without permission, thereby driving traffic to its junk landing page at search.anysearchmanager.com or search.anysearch.net. Its installation usually escapes the user’s attention because the payload comes with bundles consisting of several programs, where only the benign component is in the limelight while the harmful object is deliberately kept backstage. This scheme explains why Mac users are unaware of the attack until the obvious symptoms come to the fore. Speaking of which, the infection operates according to a well-trodden hijacking plan: it adds a new extension called Any Search Manager 1.0 to Safari, Chrome, or Firefox. The specific browser undergoing this influence is the one the victim uses by default. The add-on immediately disables the previously defined custom settings and overrides them with a site of its own. This effect definitely contradicts the developer’s marketing mantra about allowing users to “easily search from the desktop”.

The virus forces the browser to resolve search.anysearchmanager.com over and over

The takeover of the web settings is stubborn enough to prevent the user from reverting to the correct configuration. The search engine, homepage, and new tab page fields are usually grayed out so that it’s impossible to enter anything alternative in a regular way. As a result, the infected Mac user ends up being stuck with search.anysearchmanager.com or its replica search.anysearch.net as their most frequently visited site, although they never opted for this in a straightforward way.

The page is designed as if it were a garden-variety search engine, but it turns out to lack a fundamental feature. When the victim enters a keyword, the dubious service returns search.yahoo.com rather than results of its own. This oddity means that the website endorsed by Any Search Manager is just a gasket between the intercepted Internet traffic and a third-party provider. What’s the point? The criminals behind this fraud most likely rake in profit by forcing unique user hits to ad networks, which occurs inconspicuously when every redirect encounter is underway.

How did Any Search Manager infect my Mac?

Although this service has an official website (anysearchmanager.com), the app download feature is missing there. This is a common discrepancy with potentially unwanted applications, or PUAs, which would hardly ever lure anyone to install them knowingly. The threat under consideration makes the rounds in a much stealthier way than via regular distribution channels. In most cases, it is installed alongside an Adobe Flash Player update package available on poor-quality software repository sites.

The shady bundle may be promoted through fake Flash Player update alerts popping up on hacked or malicious web pages. These untrustworthy notifications try to dupe users into thinking that they won’t get the most out of their web surfing unless they switch to the latest version of the software. Instead of giving your Internet experience a boost, though, this update additionally pushes Any Search Manager without letting you know. On top of it, the hidden structure of these installers often includes phony system utilities such as MacKeeper that uses scare tactics to fool victims into buying its licensed copy.

Why Does Any Search Manager keep reinstalling itself?

Unlike an average Mac app, Any Search Manager extends its own privileges in the host system by creating a new configuration profile behind the victim’s back. One of the goals of this activity is to disable the normal customization routine in the web browser. In other words, the default search and homepage areas under Safari, Chrome, or Firefox settings will be blocked from editing. Therefore, the rogue search.anysearchmanager.com URL appears to be hard-coded in these preferences without any obvious way to change it.

The good news is, ending the malicious process in the Activity Monitor may help you get around this obstruction and uninstall the harmful application. However, Any Search Manager tends to reappear shortly. This happens in scenarios where the device profile associated with the infection continues to be in effect. It runs commands to download and install the virus after it has been removed. Therefore, the cleanup is incomplete unless you get rid of the troublemaking profile under System Preferences. The appropriate steps will be provided further down.

How do I remove Any Search Manager virus from Mac?

Although this threat manifests itself in the web browser only, it actually leaves a footprint across the system to maintain persistence. The subsection below will help you find and remove all the components of Any Search Manager virus manually. Keep in mind that some of its files are a no-brainer to spot, while a few may be hidden so that the cleanup is harder to complete than in a typical software uninstall situation.

  • Expand the Go menu in your Mac’s Finder and click the Utilities entry.
    Access the Utilities dashboard
  • Proceed to the Activity Monitor.
    Select the Activity Monitor
  • Explore the Activity Monitor for processes that appear dubious and use up a good deal of the CPU. Be advised that the malicious executable isn’t necessarily named AnySearchManager, so you’ll have to follow your intuition to an extent. If you find such a suspicious object, use the Quit Process option to terminate it. Confirm the action by clicking Force Quit on a follow-up prompt.
Terminate the malicious executable
  • In the Finder bar, click the Go icon and select Go to Folder in the list. Alternatively, you can press the Command+Shift+G key combo.
  • Once the system search bar appears, type /Library/LaunchAgents in it and click Go.
    Go to Folder box
  • When the LaunchAgents folder is in front of you, look for suspicious files and drag them to the Trash. Note that the names of such malicious objects might appear to be unrelated to Any Search Manager adware. Here are a few examples of known-harmful files spawned by Mac viruses: com.mcp.agent.plist, com.pcv.herlperamc.plist, com.avickupd.plist, etc. Any items that don’t fit the mold of benign Mac files should be moved to the Trash immediately.
  • Follow the same logic (Go to Folder feature) to open the directories called ~/Library/LaunchAgents, /Library/Application Support, and /Library/LaunchDaemons in turn. Look for suspicious files (see examples above) in each one of these folders and remove them.
  • Now use the Go drop-down menu in the Finder again and choose Applications.
    Go to the Applications pane
  • Inspect the list of your applications for a potentially unwanted entity whose installation time co-occurred with the issue. It’s most likely the Any Search Manager or some random-named piece of software you don’t recollect installing recently. Once you find the unwelcome app, drag it to the Trash. Empty the Trash folder when done.
    Uninstall the malicious app
  • Use the Finder to navigate to your System Preferences
    Proceed to System Preferences from your Mac’s Finder
     
  • Proceed to Accounts and select Login Items. The system will display all user profiles created on your Mac as well as the programs executed automatically whenever your turn on your computer. Use the “minus” pictogram to delete the rogue account along with the sketchy item triggered at boot time.
    Eliminate the unwanted user account and login item
  • Uninstalling the harmful application is half the battle. It is a way to make sure that the symptoms won’t reappear after you implement the browser-level part of the repair. In the meanwhile, the Any Search Manager redirect nasty continues to affect your preferred web browser and therefore you need to revert to the correct Internet surfing settings. Read the subsection below to find out how.

How do I stop search.anysearchmanager.com redirects in the web browser?

Thankfully, you needn’t reinvent the wheel in terms of invalidating the adverse tweaks caused by the Any Search Manager virus in your browser. A tried-and-true technique is to reset the affected browser to its original defaults. On a side note, Apple has removed the “Reset Safari” button since the release of the Mac native browser’s version 9 back in 2015, so the procedure is now a bit more complex than a one-click experience (see below). Anyway, here’s a simple way to purge the most popular web browsers of the malicious influence:

  1. Tidy up your Safari browser
    • Select Preferences in the Safari menu and as illustrated below.Go to Safari Preferences
    • Click the Advanced tab and put a checkmark next to the Show Develop menu in menu bar option.Show Develop menu in menu bar’ option
    • Click the Advanced tab and put a checkmark next to the Show Develop menu in menu bar option.Empty Caches in Safari
    • Check if the browser is still being forwarded to search.anysearchmanager.com. If it is, go back to the Safari menu bar, expand the History menu, and select the Clear History option as shown in the screenshot below.Clear History in Safari
    • Customize the process using a follow-up dialog that allows you to define the period of time for which you want to remove cookies and other website data. It’s recommended that you select all history. Then, go ahead and click Clear History.Clear all Safari history
    • If your Safari browser is being rerouted to the rogue URL regardless, go to the Preferences pane via the Safari menu bar again and hit the tab called Privacy. Find and click the Manage Website Data button.Manage Website Data button
    • Safari will display a list of all sites that have retained your online data. Click the Remove All button without a second thought. Once the information has been deleted, click Done at the bottom right.Remove all site data in Safari
  2. Reset Google Chrome settings
    • Open Chrome, click the Customize and control Google Chrome () icon in the upper right-hand part of the window, and select Settings in the drop-down list.
    • Look for the button called Advanced and click it to access beyond the basic Chrome settings.
    • In the Reset settings area, click the button that says Restore settings to their original defaults.Reset Google Chrome on Mac
    • All that’s left to do is click Reset settings on the respective dialog in case you are okay with the resulting changes listed there. Restart Chrome to make sure the benign tweaks take effect.
  3. Give Mozilla Firefox a tune up
    • Open Firefox, click Help, and select Troubleshooting Information in the list.
    • Click the button called Refresh Firefox.Refresh Firefox on Mac computer
    • The browser will trigger an extra popup dialog where you should confirm the reset action. When finished, restart Firefox and enjoy your web surfing without Any Search Manager virus messing around with it.

How do I make sure that Any Search Manager virus is gone?

Symptoms isolated to the browser are the tip of the iceberg. Any Search Manager and its associated malware can gain a foothold in the Mac beyond redirect activity alone. The drawback of manual removal is that there might be hidden leftovers of the threat that will reinstall it after what seems to be a successful cleanup. This isn’t necessarily the case, but you may want to double-check if you are in the clear.
Consider scanning your Mac with Combo Cleaner, an optimization and security app with a decent track record. It’s lightweight, and it can detect all prevalent forms of Mac malware in a snap. Here’s the how-to:

  1. Download and install Combo Cleaner
  2. Open the Launchpad from your Mac’s Dock and click the Combo Cleaner icon to run the app. Wait for the tool to update its database of virus definitions and click the Start Combo Scan button.

    Click ‘Start Combo Scan’

  3. In addition to identifying malware and privacy issues, the app will inspect your Mac for junk files, duplicates, and large files you might no longer need. Deleting these redundant objects can release a good deal of disk space.

    Combo Cleaner scan

  4. Scrutinize the scan report. Hopefully, its results by the antivirus and privacy categories are blank and the verdict is “No Threats”, which means you are safe. If there are infections listed in the report, though, use the Remove Selected Items option to get rid of them.

LEAVE A REPLY

Please enter your comment!
Please enter your name here