This annoying and difficult to remove SearchMine is a browser hijacker that will change the homepage and default search engine for your web browser to https://searchmine.net. The culprit keeps on forwarding an ambushed user’s Internet traffic to its landing page.

The victim’s default browser – be it Safari, Google Chrome, or Firefox – undergoes unauthorized manipulation resulting in the custom settings being replaced with new values. In addition to tweaking the browser preferences, the malware sets a Chrome enterprise policy that overrides the admin’s settings and disallows changes that the victim may attempt to make keeping the browser forwarding loop in place until the policy is removed. It is NOT enough to just remove the culprit files, apps and profiles from your Mac directories but all browser extensions, history, search engines and website data must also be removed. And with Chrome, you may have to remove policies as well.

SearchMine may keep re-infecting your Mac unless you delete all of its fragments

These are the steps for manual removal this adware: 

  • STEP 1: Remove malicious Profiles from your Mac
  • STEP 2: Remove SearchMine app from Mac
  • STEP 3: Remove Startup Items from you Mac
  • STEP 4: Remove Launch Items from your Mac
  • STEP 3: Uninstall the SearchMine extensions from Safari, Chrome, or Firefox
  • STEP 4: Chrome may need to Policies removed

Removing SearchMine From Your Mac

  1. Open Activity Monitor from within the Utilities folder in Applications
    1. Find a process named SearchMine or Search Mine, select it and click Quit Process
    2. A dialog should pop up, asking if you are sure you would like to quit the troublemaking process. Select the Force Quit option
  2. Remove malicious Profiles from your Mac
    1. If there’s a Profile icon, click on it and select any suspicious profile that you want to remove, and then press the minus button. Click Removeto remove the profile.
  3. Remove the Application– Click the Go, select Applications from the list. Find SearchMine, MPlayerX, NicePlayer, or any other unfamiliar applications, right-click on it and select Move to Trash.
  4. Remove Launch Items– Click the desktop to make sure you’re in the Finder, choose “Go” then click on “Go to Folder“.
    1. /Library/LaunchAgents
    2. ~/Library/LaunchAgents
    3. /Library/Application Support
    4. /Library/LaunchDaemons
  5. Remove User Login Items– Select Accounts in System Preferences and click the Login Items button. The system will come up with the list of the items that launch when the computer is started up. Locate any items that shouldn’t be there there and click on the minus button.

Browser Removal

 

Reset Safari

  1. Open the browser and go to Safari menu. Select Preferences in the drop-down list
  2. Check Homepage- Opened to the “General” tab. Some browser hijackers may change your default homepage, so in the Homepage field make sure it’s a web page you want to use as your start-up page.
  3. Once the Preferences screen appears, hit the Privacy tab at the top. Find the option that says Remove All Website Data and click on it.
  4. Next, click on the “Extensions” tab- The “Extensions”screen will be displayed with a list of all the extensions installed on Safari. Scroll through the list until you find the SearchMine extension, and then click on “Uninstall” to remove it. By default, there are no extensions installed on Safari so it’s safe to remove all extensions.
  5. Select the Historymenu this time, and click on Clear History

Reset Google Chrome

  1. Make sure Chrome is up to date. Click Settings → About Chrome
  2. Start Chrome, Click Settings → Extensions. There, find the malware and select the trash icon.
  3. Click Settings →  Search engine, select Manage Search Engines.  Delete everything but the search engines you normally use.
  4. Reset Home page, search engine, and default tab. Settings →  Appearance > Appearance →  Show Home button. Search Engine →  On startup →  Open the New Tab page.
  5. Open Chrome →  Settings in the drop-down →  Advanced Scroll down to the Reset settings section. Under the Restore settings to their original defaults option, click the Reset settings button. Confirm the Chrome reset on a dialog that will pop up. When the procedure is completed, relaunch the browser and check it for malware activity.
  6. Remove Policies. To get rid of the “managed by organization” notification, you’ll have to remove the admin preference files from “menu bar > preferences > profiles” AND you need to unset the policies that are listed at page http://chrome://policy
    1. Go to chrome://policy. Find which policy has value. Then open up “terminal”. Use the following syntax to delete these policies
    2. defaults delete com.google.Chrome XXX
    3. XXX is the policy name shown up in the chrome://policy.

or

    1. Download the Chrome Policy Remover for Mac (made by Product Expert (PE) Stefan vd)
        • close all open Chrome windows
        • unzip the file you just downloaded
        • double click on “chrome-policy-remove-and-remove-profile-mac”

You can reset all the above using Terminal.

  1. First remove the unwanted profile(s) on your Mac.
  2. Open the Terminal app. Enter the commands below and hit the Enter key after each one:

      • defaults write com.google.Chrome HomepageIsNewTabPage -bool false

      • defaults write com.google.Chrome NewTabPageLocation -string “https://www.google.com/”

      • defaults write com.google.Chrome HomepageLocation -string “https://www.google.com/”

      • defaults delete com.google.Chrome DefaultSearchProviderSearchURL

      • defaults delete com.google.Chrome DefaultSearchProviderNewTabURL

      • defaults delete com.google.Chrome DefaultSearchProviderName

Reset Mozilla Firefox

  1. Open Firefox and select Help – Troubleshooting Information
  2. On the page that opened, click the Reset Firefox button
  3. Click on the three lines (top right) →  Add-ons. Hit Extensions. The problem should be lurking somewhere around here – Remove it. Then Refresh Your Firefox Settings.