You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

How to remove this Searchlee malware if it is one?

Whenever I open google and search for anything in safari it redirects to “searchlee”. It gives me unwanted webpages too. I tried to look if it is any extension but I got no such extension when I looked in extension tab of safari




[Re-Titled by Moderator]

Posted on Feb 3, 2021 5:45 AM

Reply
4 replies

Mar 22, 2021 5:02 AM in response to monika1604

This thread is months old.


   1. Remove adware installed on your Mac..


       Run the latest release of Malwarebytes for Mac to remove malware/adware, if installed on your Mac.

       For instructions: Install Malwarebytes for Mac v4      Uninstall Malwarebytes for Mac

       Click the “FREE DOWNLOAD” button.

       Click the “Scan ” button. Once done, quit Malwarebytes for Mac.

       Restart the computer and relaunch Safari holding the shift key down.

       Scan for Malware again.


       Additional steps  if necessary.

  2. Reset search engine:    https://support.apple.com/guide/safari/customize-your-search-ibrwe75c2a3c/mac

  3. Reset  Homepage.   https://support.apple.com/guide/safari/set-your-homepage-ibrw1020/mac 

Feb 3, 2021 8:16 PM in response to monika1604

im not quite sure but recently I've been having these notification about some random number wanting to gain access to my safari stuff and I didn't;t quite read and just said yes. after that my google started reloading each time I would search something like 5 times before just staying in the page and as of today, the searched thing happened. I manage to get "help" from an apple chat but it didn't quite fix the problem, it was starting in safe boot, by turning on your computer pressing shift and then logging in, but the problem was just resolved there and it looked weird. so I decided to check some more and I found a solution that might not be permanent. I did it and yet I haven't had any more problems with the searched thing. so listen:

  1. you first go to your apple icon.
  2. click on the system preferences for your Mac.
  3. then go to your security thing. (sorry im not professional)
  4. then go to privacy (is the last tab
  5. then go to almost the end where it says automation and disable whatever appears on that window.
  6. after that you might get the annoying notifications again I really don't know how to disable them but your google should work fine.

Feb 5, 2021 5:31 PM in response to misodera

Disclaimer: Do it at your own risk:


I had the malware problem in Safari.


Expanding on what "misodera" said. When you get to the Automation section make a note of the malicious application name. It most likely be a random generated number (let say 123456789 as an example). There will be a safari checkbox underneath. If you open the activity monitor app you will see the app name there as well. Close safari, uncheck the safari checkbox in the Automation section. The entry should be gone from there. You might need to get out of the automation section and back in to get it refresh. If it is not gone we can clean it up at the end. Open the terminal app and execute ps -ef | grep "enter the application name here" . For example, ps -ef | grep 123456789. There you will see the location of the application. Something like this:


/Users/you user name/Library/Application Support/com.13413412341/123456789 Remember, Your app name will be different.


Go to the Activity Monitor and kill the application: Select the app name (123456789) and click the stop button.


Remove the malicious app bundle (e.g., com.13413412341) using this command:

sudo rm -rf /Users/you user name/Library/Application Support/com.13413412341


Now go to the Security & Privacy and the privacy tab, select "Full Disk Access" and remove the malicious app reference from there. Finally, if you still see a grayed out reference in Automation with the malicious app name , you can run in the terminal to clean this up: sudo tccutil reset AppleEvents





How to remove this Searchlee malware if it is one?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.