Skip to main content
“Search It Now” Mac virus removal

“Search It Now” Mac virus removal


Learn how to remove Search It Now Mac virus and stop browser redirects to searchitnow.info via goto-searchitnow.global.ssl.fastly.net transit domain.

Search It Now, also known as SearchItNow, is a malware sample that affects Mac computers and redirects a victim’s web browser to searchitnow.info. This unwanted activity is primarily aimed at endorsing ecommerce services with poor reputation. A few of these opportunistic resources are Alpha Shoppers at alphashoppers.co, and the searchnewworld.com site – both are replicas of popular search providers. The redistribution of illicitly seized Internet traffic is performed with involvement of an intermediary online spot, the goto-searchitnow.global.ssl.fastly.net domain. Although the infected users can see the latter appear in their URL bar for only about a second when the rerouting process is underway, said auxiliary domain is a critical component of the malware authors’ tactic as it dispatches the pilfered web traffic and may lead to outright harmful sites.

Most Mac users experiencing the Search It Now virus issue don’t remember ever installing an extension of that kind and, furthermore, find it really strange that the culprit has enough privileges to make such tangible changes to the browser settings. The trick is, the criminals employ a mechanism referred to as bundling to make sure their junk app proliferates. The catch is as follows: you find a free version of some must-have software online and proceed to the installation. As a side note, the setup wizard is usually hosted at uncertified application repositories that are neither controlled nor approved by Apple. Once the install routine begins, you are prompted to click through the options, with the express (recommended) method being the default one. Unless you dig deeper and go for the custom installation instead, baddies like SearchItNow will get inside.

The beauty of this distribution method for the malefactors is that their malicious applet is inadvertently granted high permissions as part of the general terms acceptance for the bundle. This allows it to twist the settings of Safari, Firefox and Chrome and thereby adjust the browsers on infected Mac to its intended misdemeanor. As a result, when opening the browser or trying to look something up on a search engine of choice, you will be forwarded to searchitnow.info. This web page, titled Search Control, has a primitive design with hardly anything in it except the search bar. Any query you enter in there will first reroute the traffic to the above-mentioned goto-searchitnow.global.ssl.fastly.net domain, this URL being appended with a long campaign ID string. The mediator site then invokes another sequence of redirects whose final destination is one of the affiliated pseudo search providers, including Alpha Shoppers (alphashoppers.co).

That’s a spiral of traffic forwarding activity that doesn’t seem to end, so the victim is forced to keep closing the wrong web pages off and on. The only effective fix is to find all components of the Search It Now Mac virus, delete them, and revert to normal browser settings. The following steps have been tailored to streamline this malware cleanup workflow.


Search It Now virus manual removal for Mac

The steps listed below will walk you through the removal of this malicious application. Be sure to follow the instructions in the order specified.

  1. Open up the Utilities folder as shown below

  2. Locate the Activity Monitor icon on the screen and double-click on it

  3. Under Activity Monitor, find the entry for Search It Now (SearchItNow) or other suspicious one, select it and click Quit Process
  4. A dialog should pop up, asking if you are sure you would like to quit the troublemaking process. Select the Force Quit option
  5. Click the Go button again, but this time select Applications on the list. Find the entry for Search It Now (or SearchItNow) on the interface, right-click on it and select Move to Trash. If user password is required, go ahead and enter it

  6. Now go to Apple Menu and pick the System Preferences option

  7. Select Accounts and click the Login Items button. The system will come up with the list of the items that launch when the box is started up. Locate Search It Now or other potentially unwanted app there and click on the “-“ button

Get rid of searchitnow.info redirects in web browser

To begin with, settings for the web browser that got hit by the Search It Now Mac virus should be restored to their default values. The overview of steps for this procedure is as follows:

  1. Reset Safari
    • Open the browser and go to Safari menu. Select Preferences in the drop-down list

    • Once the Preferences screen appears, hit the Privacy tab at the top. Find the option that says Remove All Website Data and click on it

    • The system will display a confirmation dialog that also includes a brief description of what the reset does. Specifically, you may be logged out of some services and encounter other changes of website behavior after the procedure. If you’re okay with that, go ahead and click the Remove Now button

    • In order to selectively clear data generated by certain websites only, not all of them, hit the Details button under the Privacy section of Safari Preferences

    • This feature will list all websites that have stored potentially sensitive data, including cache and cookies. Select the one, or ones, that might be causing trouble and click the appropriate button at the bottom (Remove or Remove All). Click the Done button to exit.
  2. Reset Google Chrome
    • Open Chrome and click the Customize and Control Google Chrome menu icon
    • Select Options for a new window to appear
    • Select Under the Hood tab, then click Reset to defaults button

  3. Reset Mozilla Firefox
    • Open Firefox and select HelpTroubleshooting Information
    • On the page that opened, click the Reset Firefox button


Get rid of Search It Now malware using Combo Cleaner removal tool

The Mac maintenance and security app called Combo Cleaner is a one-stop tool to detect and remove “Search It Now” Mac virus virus. This technique has substantial benefits over manual cleanup, because the utility gets hourly virus definition updates and can accurately spot even the newest Mac infections.

Furthermore, the automatic solution will find the core files of the malware deep down the system structure, which might otherwise be a challenge to locate. Here’s a walkthrough to sort out the “Search It Now” Mac virus issue using Combo Cleaner:

  1. Download Combo Cleaner installer. When done, double-click the combocleaner.dmg file and follow the prompts to install the tool onto your Mac.

    Download Combo Cleaner

    By downloading any applications recommended on this website you agree to our Terms and Conditions and Privacy Policy. The free scanner checks whether your Mac is infected. To get rid of malware, you need to purchase the Premium version of Combo Cleaner.

  2. Open the app from your Launchpad and let it run the update of malware signature database to make sure it can identify the latest threats.
  3. Click the Start Combo Scan button to check your Mac for malicious activity as well as performance issues.

  4. Examine the scan results. If the report says “No Threats”, then you are on the right track with the manual cleaning and can safely proceed to tidy up the web browser that may continue to act up due to the after-effects of the malware attack (see instructions above).

  5. In case Combo Cleaner has detected malicious code, click the Remove Selected Items button and have the utility remove “Search It Now” Mac virus threat along with any other viruses, PUPs (potentially unwanted programs), or junk files that don’t belong on your Mac.

  6. Once you have made doubly sure that the malicious app is uninstalled, the browser-level troubleshooting might still be on your to-do list. If your preferred browser is affected, resort to the previous section of this tutorial to revert to hassle-free web surfing.

21

Was this article helpful? Please, rate this.

There are no comments yet.
Authentication required

You must log in to post a comment.

Log in