Learn how to prevent web browsers on Mac from being redirected to search.anysearch.net or search.anysearchmac.com due to a persistent malware infection.
Update: November 2019
The browser hijacking plague has been making itself felt in the Mac world lately like no other malware-backed campaigns. It makes users perplexed why they can no longer customize their Internet navigation and visit the pages they want instead of something imposed without even a hint of approval. Any Search, AnySearch 1.2.3 or Any Search Manager, is one of the most common junkware entities from this category wreaking havoc over the past few months. It causes Safari, Chrome and Firefox, if installed on a host computer, to resolve an unwanted web page. The landing page in this scenario can vary – some users report being rerouted to search.anysearch.net, while others keep seeing search.anysearchmac.com in their URL bar.
There are some noteworthy ties of this hijack malware with other notorious Mac threats. One of them is Safe Finder, a cradle of malicious objects that tweak people's web surfing parameters to play into its proprietors' hands. Another one is Advanced Mac Cleaner, an aggressive pseudo optimization tool for Mac that displays misleading issue detection reports in order to dupe users into purchasing its license. The connection of the latter with Any Search malware can be concluded from victims' feedback on security forums where they post logs indicating the presence of Advanced Mac Cleaner on infected systems. This isn't likely to be a coincidence – moreover, rogue optimizers and bogus antispyware programs are known to propagate alongside extra culprits like browser hijackers.
As is the case with most adware and other browser-borne baddies, the source of the AnySearch contagion mainly comes down to bundling. It designates a practice of cross-promoting opportunistic malicious code as part of an installation client for some regular benign software. The pest in question typically makes the rounds by dint of booby-trapped Flash Player installs hosted on uncertified websites. This fact additionally emphasizes the importance of using official application portals when downloading and installing programs.
When the Any Search virus infiltrates a Mac this way, it has sufficient privileges to make system-level changes on the machine. That’s because the tricky setup client includes a one-for-all agreement option, where the would-be victim opts into the terms of the good software while also unknowingly accepting those for the bad company. Consequently, Any Search uses its permissions to mutilate web browser settings. The affected values include the homepage, preferred search engine and new tab page. All of these start defaulting to search.anysearch.net or search.anysearchmac.com – obviously, without the victim’s consent. This perpetrating code is cross-browser, so it will hit all web browsers running on the host.
The Any Search adware attack is also a privacy issue, although this hallmark isn’t as conspicuous as the browser disruption impact. A bit of scrutiny unearths the following: every time a redirect occurs, the victim’s traffic arrives at Yahoo – which doesn’t seem to be the worst imaginable outcome, given the legit essence of the landing page. However, the search results aren’t returned in their pure form. Instead, there will be a number of ads above the fold, and this sponsored information appears to accurately reflect the victim’s interests based on their recent Internet activity. It means that the underlying Any Search Manager extension tracks the infected user’s browsing history and search terms in order to serve targeted advertisements. Obviously, this fingerprintable data is abused by the rogue operators of this campaign, and it can as well be sold to marketing entities that don’t mind playing dirty.
Ultimately, everyone who encounters the Any Search virus ends up looking for a way to get rid of it. This task isn’t as trivial as removal of the average Mac app. The entirety of information regarding Any Search uninstall techniques is provided in the following sections of this post. Be sure to use these steps for a thoroughgoing cleanup process.
Any Search virus manual removal for Mac
The steps listed below will walk you through the removal of this malicious application. Be sure to follow the instructions in the order specified.
• Open up the Utilities folder as shown below
• Locate the Activity Monitor icon on the screen and double-click on it
• Under Activity Monitor, the entry for Any Search/AnySearch 1.2.3, select it and click Quit Process
• A dialog should pop up, asking if you are sure you would like to quit the troublemaking process. Select the Force Quit option
• Click the Go button again, but this time select Applications on the list. Find the entry for Any Search or AnySearch 1.2.3 on the interface, right-click on it and select Move to Trash. If user password is required, go ahead and enter it
• Now go to Apple Menu and pick the System Preferences option
• Select Accounts and click the Login Items button. The system will come up with the list of the items that launch when the computer is started up. Locate Any Search there and click on the “-“ button
Get rid of search.anysearch.net redirects in web browser
To begin with, settings for the web browser that got hit by this virus should be restored to their default values. The overview of steps for this procedure is as follows:
How to get rid of Any Search virus in Safari
- Open the browser and go to Safari menu. Select Preferences in the drop-down list
- Once the Preferences screen appears, hit the Privacy tab at the top. Find the option that says Remove All Website Data and click on it
- The system will display a confirmation dialog that also includes a brief description of what the reset does. Specifically, you may be logged out of some services and encounter other changes of website behavior after the procedure. If you’re okay with that, go ahead and click the Remove Now button
- In order to selectively clear data generated by certain websites only, not all of them, hit the Details button under the Privacy section of Safari Preferences
- This feature will list all websites that have stored potentially sensitive data, including cache and cookies. Select the one, or ones, that might be causing trouble and click the appropriate button at the bottom (Remove or Remove All). Click the Done button to exit.
How do I remove Any Search malware in Chrome
- Open Chrome, click the More (⁝) icon in the top right-hand part of the window, and select Settings in the drop-down
- When on the Settings pane, select Advanced
- Scroll down to the Reset settings section. Under the Restore settings to their original defaults option, click the Reset settings button
- Confirm the Chrome reset on a dialog that will pop up. When the procedure is completed, relaunch the browser and check it for malware activity.
How do I remove AnySearch adware from Mozilla Firefox
- Open Firefox and select Help – Troubleshooting Information
- On the page that opened, click the Reset Firefox button
Get rid of Any Search virus using Freshmac automatic removal tool
When confronted with malicious code like the Metro Premium Mac virus, you can neutralize its toxic impact by leveraging a specially crafted system utility. The Freshmac application (read review) is a perfect match for this purpose as it delivers essential security features along with must-have modules for Mac optimization.
This tool cleans unneeded applications and persistent malware in one click. It also protects your privacy by eliminating tracking cookies, frees up disk space, and manages startup apps to decrease boot time. On top of that, it boasts 24/7 tech support. The following steps will walk you through automatic removal of the MetroPremium infection from Mac.
1. Download Freshmac installer onto your machine. Double-click the Freshmac.pkg file to trigger the installer window, select the destination disk and click Continue. The system will display a dialog asking for your password to authorize the setup. Type the password and click Install Software.
2. Once the installation has been completed, Freshmac will automatically start a scan consisting of 5 steps. It scans cache, logs, unused languages, trash, and checks the Mac for privacy issues.
3. The scan report will then display your current system health status and the number of issues detected for each of the above categories. Click the Fix Safely button to remove junk files and address privacy issues spotted during the scan.
4. Check whether the MetroPremium virus has been fixed. If the lock screen is still there, go to the Uninstaller option on Freshmac GUI. Locate an entry that appears suspicious, select it and click Fix Safely button to force-uninstall the unwanted application.
5. Go to Temp and Startup Apps panes on the interface and have all redundant or suspicious items eliminated as well. The MetroPremium virus shouldn’t be causing any further trouble.
How do I remove browser hijacker Mac? Despite the fact that the impact of such an infection seems to be isolated to a web browser on Mac, the removal procedure spans more than browser troubleshooting alone. This is because a hijacker is, essentially, an app and therefore it leaves an additional footprint in a host system. Its components can be typically found in the Login Items, Applications, LaunchAgents, LaunchDaemons, and Application Support directories. Consequently, a cleanup done right is a matter of deleting the browser hijacker’s files from all of these paths prior to tidying up Safari or other affected web surfing software on your Mac. Given the extraordinary obstinacy of many present-day threats from this category, an effective manual fix may involve resetting the malware-riddled browser rather than simply disabling and trashing the misbehaving extension. The apparent flip side of this repair vector is that all personalized settings will be lost, so you will need to re-enter passwords for your online accounts and go through other types of customization from scratch. Under the circumstances, it may be a good idea to use an automatic utility that can detect every fragment of the malicious code and wipe it so that you don’t have to do all the tedious reconfiguration work yourself.