Take a dive into the Search Encrypt Mac virus issue and get an effective walkthrough to stop annoying browser redirects leading to searchencrypt.com web page.
Update: November 2019
Privacy on the Internet is a real buzzword and talk of the town these days. The numerous breach reports and questionably honest tactics of major data aggregates have been adding agitation to the discussion, encouraging users to look for services that deliver more anonymity than the instruments built into operating systems and web browsers. In pursuit of extra protection, though, those privacy-minded might choose the wrong tool. This caveat applies to Search Encrypt, a browser add-on that claims to hide one’s web searches from prying eyes of whoever wants to surveil, be it governmental eavesdroppers or identity thieves. When this extension is on board Safari, Chrome or Firefox on a Mac computer, it replaces the online navigation defaults with searchencrypt.com and doesn’t provide an easy way to revert the changes.
The mechanism of protection allegedly employed by Search Encrypt comes down to leveraging an advanced SSL encryption whenever a Mac user is looking up information on the Internet. Furthermore, according to the developers’ claims, all searches are wiped after half an hour of inactivity. While this seems like a fairly robust countermeasure for what remote observers may do, the big picture doesn’t look too comforting, to put it mildly. One of the serious giveaways in terms of this app’s real gist is about the way it is doing the rounds. Most people never actually download and install it – at least, that’s what they think. Here’s the thing: the Search Encrypt virus typically sneaks into a Mac without the admin’s awareness and consent. The technique that makes such a stealth possible is called bundling. In a nutshell, this is a means of cross-promoting software through multi-element install clients. Opting for the “express”, or “recommended”, setup workflow might get one’s computer infected with malware that’s kept out of sight.
As soon as the Search Encrypt virus is in, it adds the related extension to the victim’s default web browser without asking for permission. This helper, or rather spoiler, object adjusts the Internet surfing routine on the host Mac to noxious malvertising activity. It overwrites the user’s preferences, including the search provider, new tab and homepage, and sets another URL instead. As a result, the web browsing will be stuck in a spiral of redirects to searchencrypt.com. Gauging by commonplace search engine design, the site in question is nothing out of the ordinary. It’s got a prominent search bar as well as a list of basic features of the underlying service.
When a keyword or phrase is entered in there, the service returns results of its own while also offering to retry the same search on other engines, such as Yahoo!, Bing, or Google. The trick is that there’s a notice saying that in the latter case the user will be rerouted away from the “privacy-enhanced search engine”. This ostensibly trivial remark is a component of the devious marketing, the goal being to emphasize the purported pros of using the rogue service. The irony is that instead of standing sentinel over one’s privacy, Search Encrypt does quite the opposite. Even judging by its official site, it intercepts all web searches, encrypts them and forwards the queries to its own servers. The “interception” part is particularly discouraging because it means the proprietors of this service know exactly what information the victim is looking for. Based on this data, the dodgy app generates targeted ads that show up on the results pages.
To recap, the Search Encrypt malware infiltrates Macs in a furtive fashion, hijacks the web browsers, tracks users’ web surfing activities, and imposes new Internet defaults. On top of that, it doesn’t yield to regular removal. The good news is that there is an effective workaround to eradicate the infection from Mac. Continue reading to get the relevant how-to’s.
Search Encrypt manual removal for Mac
The steps listed below will walk you through the removal of this malicious application. Be sure to follow the instructions in the order specified.
- Open up the Utilities folder as shown below
- Locate the Activity Monitor icon on the screen and double-click on it
- Under Activity Monitor, find the entry for Search Encrypt, select it and click Quit Process
- A dialog should pop up, asking if you are sure you would like to quit the troublemaking process. Select the Force Quit option
- Click the Go button again, but this time select Applications on the list. Find the entry for Search Encrypt on the interface, right-click on it and select Move to Trash. If user password is required, go ahead and enter it
- Now go to Apple Menu and pick the System Preferences option
- Select Accounts and click the Login Items button. The system will come up with the list of the items that launch when the box is started up. Locate Search Encrypt or other potentially unwanted app there and click on the “-“ button
Get rid of browser redirects to searchencrypt.com
To begin with, settings for the web browser that got hit by the Search Encrypt hijacker should be restored to their default values. The overview of steps for this procedure is as follows:
- Reset Safari
- Open the browser and go to Safari menu. Select Preferences in the drop-down list
- Once the Preferences screen appears, hit the Privacy tab at the top. Find the option that says Remove All Website Data and click on it
- The system will display a confirmation dialog that also includes a brief description of what the reset does. Specifically, you may be logged out of some services and encounter other changes of website behavior after the procedure. If you’re okay with that, go ahead and click the Remove Now button
- In order to selectively clear data generated by certain websites only, not all of them, hit the Details button under the Privacy section of Safari Preferences
- This feature will list all websites that have stored potentially sensitive data, including cache and cookies. Select the one, or ones, that might be causing trouble and click the appropriate button at the bottom (Remove or Remove All). Click the Done button to exit.
- Open the browser and go to Safari menu. Select Preferences in the drop-down list
- Reset Google Chrome
- Open Chrome, click the More (⁝) icon in the top right-hand part of the window, and select Settings in the drop-down
- When on the Settings pane, select Advanced
- Scroll down to the Reset settings section. Under the Restore settings to their original defaults option, click the Reset settings button
- Confirm the Chrome reset on a dialog that will pop up. When the procedure is completed, relaunch the browser and check it for malware activity.
- Reset Mozilla Firefox
- Open Firefox and select Help – Troubleshooting Information
- On the page that opened, click the Reset Firefox button
Get rid of Search Encrypt virus using Freshmac removal tool
When confronted with malicious code like Search Encrypt on Mac, you can neutralize its toxic impact by leveraging a specially crafted system utility. The Freshmac application (read review) is a perfect match for this purpose as it delivers essential security features along with must-have modules for Mac optimization.
This tool cleans unneeded applications and persistent malware in one click. It also protects your privacy by eliminating tracking cookies, frees up disk space, and manages startup apps to decrease boot time. On top of that, it boasts 24/7 tech support. The following steps will walk you through automatic removal of the Search Encrypt Mac infection.
- Download Freshmac installer onto your machine. Double-click the Freshmac.pkg file to trigger the installer window, select the destination disk and click Continue. The system will display a dialog asking for your password to authorize the setup. Type the password and click Install Software
- Once the installation has been completed, Freshmac will automatically start a scan consisting of 5 steps. It scans cache, logs, unused languages, trash, and checks the Mac for privacy issues.
- The scan report will then display your current system health status and the number of issues detected for each of the above categories. Click the Fix Safely button to remove junk files and address privacy issues spotted during the scan.
- Check whether the searchencrypt.com redirect problem has been fixed. If it perseveres, go to the Uninstaller option on Freshmac GUI. Locate an entry that appears suspicious, select it and click Fix Safely button to force-uninstall the unwanted application.
- Go to Temp and Startup Apps panes on the interface and have all redundant or suspicious items eliminated as well. The Search Encrypt malware shouldn’t be causing any further trouble.
Search Encrypt is a rogue service that claims to add a layer of privacy to a Mac user’s web search activities but ends up hijacking their default browser and snooping on sensitive web surfing information. It is manifested as an extension supporting Safari, Google Chrome, and Mozilla Firefox. This entity redirects all searches to ad-supported landing page at searchencrypt.com without asking for permission.
Whereas automatic encryption of search terms is an enticing feature overall, the dubious app under scrutiny provides it at the expense of the victim’s proper Internet experience. It overrides the browsing preferences to promote its own service crammed up with sponsored links.
Furthermore, most of the affected Mac users don’t even know what functionality Search Encrypt purports to accommodate, because the unwanted application is installed behind the scenes. It usually accompanies other software, arriving via the same installers that furtively push a bundle of programs rather than one. Figuratively speaking, this PUA (potentially unwanted application) is a wolf in sheep’s clothing and should be avoided.
Although searchencrypt.com, the website associated with this controversial service, doesn’t have any offensive functionality as such and therefore poses no risk to visitors, the underlying Mac application is definitely malicious. It mostly infiltrates systems without the users’ knowledge and then takes over the web search activity in the default browser (Safari, Chrome, or Firefox). It may interfere with other preferences as well, including the homepage and new tab page. The app also adds its executable to the Login Items so that the intrusive influence makes itself felt right after every Mac startup or reboot instance and cannot be easily terminated.
One more thing on the minus side of Search Encrypt is that it engages in sneaky data harvesting when running inside a computer. In particular, it keeps a record of all search requests and may additionally monitor which websites the victim goes to. This information is aggregated and processed for targeted advertising via the landing page. Getting back to the original question, Search Encrypt exhibits enough shady characteristics to be categorized as malware or adware.
The notorious persistence of Search Encrypt stems from the fact that it creates a new configuration profile on the Mac without letting you know. Whilst this is generally a benign and really useful feature allowing power users or IT administrators to adjust their Macs to specific tasks, cybercriminals at the helm of adware campaigns have been abusing it for quite some time. Search Encrypt operators follow suit.
Once inside a Mac, the infection adds a rogue profile called “AdminPrefs” or similar. Disabling or removing the Search Encrypt extension in the contaminated web browser is only a short-time measure as long as this configuration profile remains active. The culprit will reappear shortly. To top it off, reverting to the correct custom settings (default search engine, homepage, etc.) isn’t possible either because they are managed by the adware’s profile.
To get around this roadblock, you should go to System Preferences and click ‘Profiles’. Select the harmful entry under ‘Device Profiles’ in the left-hand section of the pane and click the “-” (minus) button to delete it. Then, follow the steps in the guide above to uninstall Search Encrypt and fix the web browser misconfigured by the virus.