Skip to main content
“Search It Now” Mac virus removal

“Search It Now” Mac virus removal

Learn how to remove Search It Now Mac virus and stop browser redirects to searchitnow.info via goto-searchitnow.global.ssl.fastly.net transit domain.

Search It Now, also known as SearchItNow, is a malware sample that affects Mac computers and redirects a victim’s web browser to searchitnow.info. This unwanted activity is primarily aimed at endorsing ecommerce services with poor reputation. A few of these opportunistic resources are Alpha Shoppers at alphashoppers.co, and the searchnewworld.com site – both are replicas of popular search providers. The redistribution of illicitly seized Internet traffic is performed with involvement of an intermediary online spot, the goto-searchitnow.global.ssl.fastly.net domain. Although the infected users can see the latter appear in their URL bar for only about a second when the rerouting process is underway, said auxiliary domain is a critical component of the malware authors’ tactic as it dispatches the pilfered web traffic and may lead to outright harmful sites.

Most Mac users experiencing the Search It Now virus issue don’t remember ever installing an extension of that kind and, furthermore, find it really strange that the culprit has enough privileges to make such tangible changes to the browser settings. The trick is, the criminals employ a mechanism referred to as bundling to make sure their junk app proliferates. The catch is as follows: you find a free version of some must-have software online and proceed to the installation. As a side note, the setup wizard is usually hosted at uncertified application repositories that are neither controlled nor approved by Apple. Once the install routine begins, you are prompted to click through the options, with the express (recommended) method being the default one. Unless you dig deeper and go for the custom installation instead, baddies like SearchItNow will get inside.

The beauty of this distribution method for the malefactors is that their malicious applet is inadvertently granted high permissions as part of the general terms acceptance for the bundle. This allows it to twist the settings of Safari, Firefox and Chrome and thereby adjust the browsers on infected Mac to its intended misdemeanor. As a result, when opening the browser or trying to look something up on a search engine of choice, you will be forwarded to searchitnow.info. This web page, titled Search Control, has a primitive design with hardly anything in it except the search bar. Any query you enter in there will first reroute the traffic to the above-mentioned goto-searchitnow.global.ssl.fastly.net domain, this URL being appended with a long campaign ID string. The mediator site then invokes another sequence of redirects whose final destination is one of the affiliated pseudo search providers, including Alpha Shoppers (alphashoppers.co).

That’s a spiral of traffic forwarding activity that doesn’t seem to end, so the victim is forced to keep closing the wrong web pages off and on. The only effective fix is to find all components of the Search It Now Mac virus, delete them, and revert to normal browser settings. The following steps have been tailored to streamline this malware cleanup workflow.

Search It Now virus manual removal for Mac

The steps listed below will walk you through the removal of this malicious application. Be sure to follow the instructions in the order specified.

  1. Open up the Utilities folder as shown below

  2. Locate the Activity Monitor icon on the screen and double-click on it

  3. Under Activity Monitor, find the entry for Search It Now (SearchItNow) or other suspicious one, select it and click Quit Process
  4. A dialog should pop up, asking if you are sure you would like to quit the troublemaking process. Select the Force Quit option
  5. Click the Go button again, but this time select Applications on the list. Find the entry for Search It Now (or SearchItNow) on the interface, right-click on it and select Move to Trash. If user password is required, go ahead and enter it

  6. Now go to Apple Menu and pick the System Preferences option

  7. Select Accounts and click the Login Items button. The system will come up with the list of the items that launch when the box is started up. Locate Search It Now or other potentially unwanted app there and click on the “-“ button

Get rid of searchitnow.info redirects in web browser

To begin with, settings for the web browser that got hit by the Search It Now Mac virus should be restored to their default values. The overview of steps for this procedure is as follows:

  1. Reset Safari
    • Open the browser and go to Safari menu. Select Preferences in the drop-down list

    • Once the Preferences screen appears, hit the Privacy tab at the top. Find the option that says Remove All Website Data and click on it

    • The system will display a confirmation dialog that also includes a brief description of what the reset does. Specifically, you may be logged out of some services and encounter other changes of website behavior after the procedure. If you’re okay with that, go ahead and click the Remove Now button

    • In order to selectively clear data generated by certain websites only, not all of them, hit the Details button under the Privacy section of Safari Preferences

    • This feature will list all websites that have stored potentially sensitive data, including cache and cookies. Select the one, or ones, that might be causing trouble and click the appropriate button at the bottom (Remove or Remove All). Click the Done button to exit.
  2. Reset Google Chrome
    • Open Chrome and click the Customize and Control Google Chrome menu icon
    • Select Options for a new window to appear
    • Select Under the Hood tab, then click Reset to defaults button

  3. Reset Mozilla Firefox
    • Open Firefox and select HelpTroubleshooting Information
    • On the page that opened, click the Reset Firefox button

Get rid of Search It Now malware using Freshmac removal tool

When confronted with malicious code like the Search It Now virus on Mac, you can neutralize its toxic impact by leveraging a specially crafted system utility. The Freshmac application (read review) is a perfect match for this purpose as it delivers essential security features along with must-have modules for Mac optimization.

This tool cleans unneeded applications and persistent malware in one click. It also protects your privacy by eliminating tracking cookies, frees up disk space, and manages startup apps to decrease boot time. On top of that, it boasts 24/7 tech support. The following steps will walk you through automatic removal of the Search It Now infection from Mac.

  1. Download Freshmac installer onto your machine. Double-click the Freshmac.pkg file to trigger the installer window, select the destination disk and click Continue. The system will display a dialog asking for your password to authorize the setup. Type the password and click Install Software

    Download Now

  2. Once the installation has been completed, Freshmac will automatically start a scan consisting of 5 steps. It scans cache, logs, unused languages, trash, and checks the Mac for privacy issues.

  3. The scan report will then display your current system health status and the number of issues detected for each of the above categories. Click the Fix Safely button to remove junk files and address privacy issues spotted during the scan.

  4. Check whether the Search It Now redirect problem has been fixed. If it perseveres, go to the Uninstaller option on Freshmac GUI. Locate an entry that appears suspicious, select it and click Fix Safely button to force-uninstall the unwanted application.

  5. Go to Temp and Startup Apps panes on the interface and have all redundant or suspicious items eliminated as well. The Search It Now malware shouldn’t be causing any further trouble.
0

Was this article helpful? Please, rate this.