Is SystemNotes 1.0 malware?

Search engine automatically changing is a symptom associated with malware infection.

This may be an existing malware with a new name.

This is going to be a two part answer.

1. Before removing the adware, run Etrecheck for diagnosis and post the result here if you don't mind.

Download EtreCheck, run it to see if there is any adware installed or not.

      https://etrecheck.com

      Click  “Free download” button,

      Open Downloads folder, click on it to open, and then select ”Open”.

      “Choose a problem” from the popup menu box, and then “Start EtreCheck” in the dialog.

      Click “Share Report” button in the toolbar, select “Copy report” .

      Paste the report when you reply.

2 Follow through the malware removal process.

 1. Check for adware.

     Run the latest release of Malwarebytes for Mac to remove malware/adware, if installed on your Mac.

     For instructions:  Install Malwarebytes for Mac v4     Uninstall Malwarebytes for Mac

     Click the “Scan Now” button. Once done, quit Malwarebytes for Mac.

     Restart the computer and relaunch Safari holding the shift key down.

     Remove unknown profiles (1), unknown login items(@) unknown extensions(3), reset search engine (4)

     and reset Homepage (5 & 6)  listed under Additional steps.

2. Additional steps to take, if necessary.

  1. Remove unknown profiles.

      System Preferences > Profiles

      Open System Preferences, click the “Profiles” icon ( a checkmark on a gear) .

      When Profiles pane opens, select the unknown profile and click the minus button at the bottom.

  2. Remove unknown Login item.

       System Preferences > Users & Groups > Login items

       Authenticate and unlock the lock.

       Select the unknown login item and click the “-“ button at the bottom left to remove it.   

  3. Remove unknown extensions:  Safari > Preferences > Extensions

      https://support.apple.com/guide/safari/use-safari-extensions-sfri32508/mac

  4. Reset search engine:    https://support.apple.com/guide/safari/customize-your-search-ibrwe75c2a3c/mac

      Change Home Page

  5. Reset  Homepage.   https://support.apple.com/guide/safari/set-your-homepage-ibrw1020/mac

  6. Section: If Safari's home page is stuck

Ref: https://forums.malwarebytes.com/topic/236261-how-to-remove-weknow-malware-and-others/

   7. Shutdown the computer from  menu. Start your Mac using the Power button.

The only extension that shows is SystemNotes 1.0.

If you find a Safari Extension that you do not understand or recognize, remove it using the Uninstall button and it will be gone. No Extensions are required for normal operation.

If you find that Safari have been affected by "Safe Finder" removing it is simple and follows the procedure described in this Discussion: Adware Safe Finder - new removal techniques the beginning of which follows below. Under no circumstances should you download or install anything an effort to remove it.

---

Navigate to the following folder, and post its contents in a screenshot:

~/Library/LaunchAgents

To open that folder, copy the entire line above and paste it in the Finder's Go menu > Go to Folder... field. Make it look like this:

... and click the Go button.

A Finder window will open. Take a screenshot showing all that folder's contents, and post it in a reply. To learn how to do that please read the Appendix in the following User Tip: Writing an effective Apple Support Communities question.

Usually, there is nothing in that folder so don't be surprised to find it empty. The reason for starting with that folder is to eliminate other potential causes before proceeding with steps that will identify and eradicate whatever is affecting that Mac.

There will be additional instructions to follow and this is just the first step.