For 2 weeks now, search alpha has started to appear every time I open safari. I have tried to follow in the steps of some websites with the intention of solving this and nothing changes.
I hope someone can help me with this and maybe give me some advice so that it doesn't happen to me anymore.
[Re-Titled by Moderator]
MacBook Air (M2, 2022)
Toni_125, please follow the instructions below.
First, ensure you have a reliable backup of your Mac, in case something should go wrong with continued troubleshooting. To learn how to do that, please read Back up your Mac with Time Machine.
Next: This step will prevent the scam products from loading so that they can be removed while they are inactive. Restart in "Safe Mode", and log in: How to use safe mode on your Mac - Apple Support. Starting in Safe Mode takes longer than usual so let it finish. The rogue processes affecting that Mac are inoperative in "Safe Mode".
The following files and / or folders need to be deleted while using your Mac in "Safe Mode":
First screenshot:
Nothing needs to be deleted from the folders in your other two screenshots, but please read my comments regarding "Malwarebytes" later.
Drag those selections of files to the Trash. You may be asked to authenticate. Confirm they are no longer present in that folder. Leave all the others alone for now.
Next: open Safari and select the Safari menu > Preferences (or Settings) > Extensions. If you see any Safari Extensions that you do not recognize or understand, simply click the Uninstall button and they will be gone. No Safari Extensions are required for normal operation. Then, select the General pane and review your Homepage selection. Then, select the Search pane and confirm your desired Search Engine. Repeat those equivalent actions for any other browser you may use (Brave, Firefox, or Opera for example).
There may also be adware-associated app icons in your Mac's Applications folder. Open it and examine its contents. Any unwanted or mysterious app icons should be obvious to you, but again please don't remove anything if you are uncertain—ask first. Identify any suspicious apps by name, or post another screenshot.
Next: In an abundance of caution, examine System Preferences (or Settings) > Extensions. Determine if there are any System Extensions that may have been installed without your knowledge. Ask if you're uncertain.
Remaining in System Preferences, check for the presence of any Profiles. Profiles are installed by organizations with a need to manage Macs deployed in institutional corporate or educational environments (for example), but have also been exploited by adware creators and similar malcontents. If any Profiles are installed on your Mac an icon like this will appear in System Preferences:
If you see that icon in System Preferences, select it. To remove a Profile, select it, then click the [—] (minus) button and authenticate.
Remaining in System Preferences, open Users & Groups. Select your User Account's Login Items. You may or may not find those Applications in its list. If you do, select them then click the [—] (minus) button to remove them from Login Items.
You can then restart your Mac and log in as usual. Evaluate its operation and ensure everything is working as you expect it should.
Next: You can see for yourself that "Malwarebytes" did nothing to prevent you from installing the "Search Alpha" adware, nor did it appear to help in removing it. It's up to you to determine whether you want to keep it around or not, but if something isn't doing your Mac any good I recommend uninstalling it. Follow its uninstallation instructions.
Next: if you want to eradicate all remaining adware remnants post a screenshot of the following folder, in the same manner as you did earlier:
~/Library/Application Support
It is normal for that folder to contain many items, but anything associated with the above adware may contain identical names. If you find a folder or folders bearing those names, drag those folders to the Trash. Without the files you already removed or the reintroduction of similar malware, they can do nothing but occupy space. These can be removed if you wish, but again don't remove anything if you are uncertain.
Finally: If any of the above actions result in abnormal operation or if something else stops working, the easiest way to recover would be to restore the Time Machine backup you created as a prerequisite, so the importance of that fundamental step cannot be overemphasized.
rominaguilera, please follow the instructions below.
First, ensure you have a reliable backup of your Mac, in case something should go wrong with continued troubleshooting. To learn how to do that, please read Back up your Mac with Time Machine.
Next: This step will prevent the scam products from loading so that they can be removed while they are inactive. Restart in "Safe Mode", and log in: How to use safe mode on your Mac - Apple Support. Starting in Safe Mode takes longer than usual so let it finish. The rogue processes affecting that Mac are inoperative in "Safe Mode".
The following files and / or folders need to be deleted while using your Mac in "Safe Mode":
Nothing needs to be deleted from the other folders.
Drag those selections of files to the Trash. You may be asked to authenticate. Confirm they are no longer present in that folder. Leave all the others alone for now. Please read my comments regarding certain additional files later.
Next: open Safari and select the Safari menu > Preferences (or Settings) > Extensions. If you see any Safari Extensions that you do not recognize or understand, simply click the Uninstall button and they will be gone. No Safari Extensions are required for normal operation. Then, select the General pane and review your Homepage selection. Then, select the Search pane and confirm your desired Search Engine. Repeat those equivalent actions for any other browser you may use (Brave, Firefox, or Opera for example).
There may also be adware-associated app icons in your Mac's Applications folder. Open it and examine its contents. Any unwanted or mysterious app icons should be obvious to you, but again please don't remove anything if you are uncertain—ask first. Identify any suspicious apps by name, or post another screenshot.
Next: In an abundance of caution, examine System Preferences (or Settings) > Extensions. Determine if there are any System Extensions that may have been installed without your knowledge. Ask if you're uncertain.
Remaining in System Preferences, check for the presence of any Profiles. Profiles are installed by organizations with a need to manage Macs deployed in institutional corporate or educational environments (for example), but have also been exploited by adware creators and similar malcontents. If any Profiles are installed on your Mac an icon like this will appear in System Preferences:
If you see that icon in System Preferences, select it. To remove a Profile, select it, then click the [—] (minus) button and authenticate.
Remaining in System Preferences, open Users & Groups. Select your User Account's Login Items. You may or may not find those Applications in its list. If you do, select them then click the [—] (minus) button to remove them from Login Items.
You can then restart your Mac and log in as usual. Evaluate its operation and ensure everything is working as you expect it should.
Next: The "anydesk" product is remote access software. If you installed it deliberately and have a need for it, that's ok, but you were evidently deceived into installing the bogus "Search Alpha" product. That is justification for concern that you may have been deceived into installing other unwanted products also. For additional context, read this Discussion: AnyDesk installed by scammer - Apple Community
Next: if you want to eradicate all remaining adware remnants post a screenshot of the following folder, in the same manner as you did earlier:
~/Library/Application Support
It is normal for that folder to contain many items, but anything associated with the above adware may contain identical names. If you find a folder or folders bearing those names, drag those folders to the Trash. Without the files you already removed or the reintroduction of similar malware, they can do nothing but occupy space. These can be removed if you wish, but again don't remove anything if you are uncertain.
Finally: If any of the above actions result in abnormal operation or if something else stops working, the easiest way to recover would be to restore the Time Machine backup you created as a prerequisite, so the importance of that fundamental step cannot be overemphasized.
You have got several problems there along with the Malware denoted by the fsefosian, readerupdate, and systemmond files. The AntiVirus and CleanMyMac installation should be removed using their uninstallers. I recommend you review the excellent article by John Galt along with the information in this thread and post a new thread after removing the 3 files noted using the steps in the article. You should have a backup and start up in Safe Mode as described there.
Removing "Search Marquis" / "Search Baron… - Apple Community
joelene80 I strongly recommend uninstalling the "McAfee" product according to its instructions. It's junk. Consult its developer documentation. After following those instructions, confirm no files bearing its name remain in any of those three folders. Files with Adobe and Google in their names are legitimate so leave them alone.
Then, reset the Google Chrome product to its defaults according to https://support.google.com/chrome/answer/3296214?hl=en
If you still encounter trouble, I encourage you to post a brand new Discussion because there are no other files in those folders that can cause or contribute to the problem — with the exception of the "easeus" product, which is suspicious only because of the company it keeps.
dianasyrko, please follow the instructions below.
First, ensure you have a reliable backup of your Mac, in case something should go wrong with continued troubleshooting. To learn how to do that, please read Back up your Mac with Time Machine.
Next: This step will prevent the scam products from loading so that they can be removed while they are inactive. Restart in "Safe Mode", and log in: How to use safe mode on your Mac - Apple Support. Starting in Safe Mode takes longer than usual so let it finish. The rogue processes affecting that Mac are inoperative in "Safe Mode".
The following files and / or folders need to be deleted while using your Mac in "Safe Mode":
First screenshot:
Nothing needs to be deleted from the folders in the other two screenshots.
Drag those selections of files to the Trash. You may be asked to authenticate. Confirm they are no longer present in that folder. Leave all the others alone for now.
Next: open Safari and select the Safari menu > Preferences (or Settings) > Extensions. If you see any Safari Extensions that you do not recognize or understand, simply click the Uninstall button and they will be gone. No Safari Extensions are required for normal operation. Then, select the General pane and review your Homepage selection. Then, select the Search pane and confirm your desired Search Engine. Repeat those equivalent actions for any other browser you may use (Brave, Firefox, or Opera for example).
There may also be adware-associated app icons in your Mac's Applications folder. Open it and examine its contents. Any unwanted or mysterious app icons should be obvious to you, but again please don't remove anything if you are uncertain—ask first. Identify any suspicious apps by name, or post another screenshot.
Next: In an abundance of caution, examine System Preferences (or Settings) > Extensions. Determine if there are any System Extensions that may have been installed without your knowledge. Ask if you're uncertain.
Remaining in System Preferences, check for the presence of any Profiles. Profiles are installed by organizations with a need to manage Macs deployed in institutional corporate or educational environments (for example), but have also been exploited by adware creators and similar malcontents. If any Profiles are installed on your Mac an icon like this will appear in System Preferences:
If you see that icon in System Preferences, select it. To remove a Profile, select it, then click the [—] (minus) button and authenticate.
Remaining in System Preferences, open Users & Groups. Select your User Account's Login Items. You may or may not find those Applications in its list. If you do, select them then click the [—] (minus) button to remove them from Login Items.
You can then restart your Mac and log in as usual. Launch Safari, evaluate its operation and ensure everything is working as you expect it should.
Next: if you want to eradicate all remaining adware remnants post a screenshot of the following folder, in the same manner as you did earlier:
~/Library/Application Support
It is normal for that folder to contain many items, but anything associated with the above adware may contain identical names. If you find a folder or folders bearing those names, drag those folders to the Trash. Without the files you already removed or the reintroduction of similar malware, they can do nothing but occupy space. These can be removed if you wish, but again don't remove anything if you are uncertain.
Finally: If any of the above actions result in abnormal operation or if something else stops working, the easiest way to recover would be to restore the Time Machine backup you created as a prerequisite, so the importance of that fundamental step cannot be overemphasized.
Philkettle please read Removing "Search Marquis" / "Search Baron" / etc on your own - Apple Community, and post the three screenshots it describes in a reply to this Discussion.
gwells1011, please follow the instructions below.
First, ensure you have a reliable backup of your Mac, in case something should go wrong with continued troubleshooting. To learn how to do that, please read Back up your Mac with Time Machine.
Next: This step will prevent the scam products from loading so that they can be removed while they are inactive. Restart in "Safe Mode", and log in: How to use safe mode on your Mac - Apple Support. Starting in Safe Mode takes longer than usual so let it finish. The rogue processes affecting that Mac are inoperative in "Safe Mode".
The following files and / or folders need to be deleted while using your Mac in "Safe Mode":
Second screenshot:
Nothing needs to be deleted from the folders in the other two screenshots.
Drag those selections of files to the Trash. You may be asked to authenticate. Confirm they are no longer present in that folder. Leave all the others alone for now.
Next: open Safari and select the Safari menu > Preferences (or Settings) > Extensions. If you see any Safari Extensions that you do not recognize or understand, simply click the Uninstall button and they will be gone. No Safari Extensions are required for normal operation. Then, select the General pane and review your Homepage selection. Then, select the Search pane and confirm your desired Search Engine. Repeat those equivalent actions for any other browser you may use (Brave, Firefox, or Opera for example).
There may also be adware-associated app icons in your Mac's Applications folder. Open it and examine its contents. Any unwanted or mysterious app icons should be obvious to you, but again please don't remove anything if you are uncertain—ask first. Identify any suspicious apps by name, or post another screenshot.
Next: In an abundance of caution, examine System Preferences (or Settings) > Extensions. Determine if there are any System Extensions that may have been installed without your knowledge. Ask if you're uncertain.
Remaining in System Preferences, check for the presence of any Profiles. Profiles are installed by organizations with a need to manage Macs deployed in institutional corporate or educational environments (for example), but have also been exploited by adware creators and similar malcontents. If any Profiles are installed on your Mac an icon like this will appear in System Preferences:
If you see that icon in System Preferences, select it. To remove a Profile, select it, then click the [—] (minus) button and authenticate.
Remaining in System Preferences, open Users & Groups. Select your User Account's Login Items. You may or may not find those Applications in its list. If you do, select them then click the [—] (minus) button to remove them from Login Items.
You can then restart your Mac and log in as usual. Launch Safari, evaluate its operation and ensure everything is working as you expect it should.
Next: if you want to eradicate all remaining adware remnants post a screenshot of the following folder, in the same manner as you did earlier:
~/Library/Application Support
It is normal for that folder to contain many items, but anything associated with the above adware may contain identical names. If you find a folder or folders bearing those names, drag those folders to the Trash. Without the files you already removed or the reintroduction of similar malware, they can do nothing but occupy space. These can be removed if you wish, but again don't remove anything if you are uncertain.
Finally: If any of the above actions result in abnormal operation or if something else stops working, the easiest way to recover would be to restore the Time Machine backup you created as a prerequisite, so the importance of that fundamental step cannot be overemphasized.
ElishaSnow, please follow the instructions below.
First, ensure you have a reliable backup of your Mac, in case something should go wrong with continued troubleshooting. To learn how to do that, please read Back up your Mac with Time Machine.
Next: This step will prevent the scam products from loading so that they can be removed while they are inactive. Restart in "Safe Mode", and log in: How to use safe mode on your Mac - Apple Support. Starting in Safe Mode takes longer than usual so let it finish. The rogue processes affecting that Mac are inoperative in "Safe Mode".
The following files and / or folders need to be deleted while using your Mac in "Safe Mode":
First screenshot:
Nothing needs to be deleted from the folders in the other two screenshots.
Drag those selections of files to the Trash. You may be asked to authenticate. Confirm they are no longer present in that folder. Leave all the others alone for now.
Next: open Safari and select the Safari menu > Preferences (or Settings) > Extensions. If you see any Safari Extensions that you do not recognize or understand, simply click the Uninstall button and they will be gone. No Safari Extensions are required for normal operation. Then, select the General pane and review your Homepage selection. Then, select the Search pane and confirm your desired Search Engine. Repeat those equivalent actions for any other browser you may use (Brave, Firefox, or Opera for example).
There may also be adware-associated app icons in your Mac's Applications folder. Open it and examine its contents. Any unwanted or mysterious app icons should be obvious to you, but again please don't remove anything if you are uncertain—ask first. Identify any suspicious apps by name, or post another screenshot.
Next: In an abundance of caution, examine System Preferences (or Settings) > Extensions. Determine if there are any System Extensions that may have been installed without your knowledge. Ask if you're uncertain.
Remaining in System Preferences, check for the presence of any Profiles. Profiles are installed by organizations with a need to manage Macs deployed in institutional corporate or educational environments (for example), but have also been exploited by adware creators and similar malcontents. If any Profiles are installed on your Mac an icon like this will appear in System Preferences:
If you see that icon in System Preferences, select it. To remove a Profile, select it, then click the [—] (minus) button and authenticate.
Remaining in System Preferences, open Users & Groups. Select your User Account's Login Items. You may or may not find those Applications in its list. If you do, select them then click the [—] (minus) button to remove them from Login Items.
You can then restart your Mac and log in as usual. Launch Safari, evaluate its operation and ensure everything is working as you expect it should.
Next: if you want to eradicate all remaining adware remnants post a screenshot of the following folder, in the same manner as you did earlier:
~/Library/Application Support
It is normal for that folder to contain many items, but anything associated with the above adware may contain identical names. If you find a folder or folders bearing those names, drag those folders to the Trash. Without the files you already removed or the reintroduction of similar malware, they can do nothing but occupy space. These can be removed if you wish, but again don't remove anything if you are uncertain.
Finally: If any of the above actions result in abnormal operation or if something else stops working, the easiest way to recover would be to restore the Time Machine backup you created as a prerequisite, so the importance of that fundamental step cannot be overemphasized.
bcridt, please follow the instructions below.
First, ensure you have a reliable backup of your Mac, in case something should go wrong with continued troubleshooting. To learn how to do that, please read Back up your Mac with Time Machine.
Next: This step will prevent the scam products from loading so that they can be removed while they are inactive. Restart in "Safe Mode", and log in: How to use safe mode on your Mac - Apple Support. Starting in Safe Mode takes longer than usual so let it finish. The rogue processes affecting that Mac are inoperative in "Safe Mode".
The following files and / or folders need to be deleted while using your Mac in "Safe Mode":
First picture:
Nothing needs to be deleted from the folders in the other two pictures for now, but please read my comments regarding "Trend Micro" later.
Drag those selections of files to the Trash. You may be asked to authenticate. Confirm they are no longer present in that folder. Leave all the others alone for now.
Next: open Safari and select the Safari menu > Preferences (or Settings) > Extensions. If you see any Safari Extensions that you do not recognize or understand, simply click the Uninstall button and they will be gone. No Safari Extensions are required for normal operation. Then, select the General pane and review your Homepage selection. Then, select the Search pane and confirm your desired Search Engine. Repeat those equivalent actions for any other browser you may use (Brave, Firefox, or Opera for example).
There may also be adware-associated app icons in your Mac's Applications folder. Open it and examine its contents. Any unwanted or mysterious app icons should be obvious to you, but again please don't remove anything if you are uncertain—ask first. Identify any suspicious apps by name, or post another screenshot.
Next: In an abundance of caution, examine System Preferences (or Settings) > Extensions. Determine if there are any System Extensions that may have been installed without your knowledge. Ask if you're uncertain.
Remaining in System Preferences, check for the presence of any Profiles. Profiles are installed by organizations with a need to manage Macs deployed in institutional corporate or educational environments (for example), but have also been exploited by adware creators and similar malcontents. If any Profiles are installed on your Mac an icon like this will appear in System Preferences:
If you see that icon in System Preferences, select it. To remove a Profile, select it, then click the [—] (minus) button and authenticate.
Remaining in System Preferences, open Users & Groups. Select your User Account's Login Items. You may or may not find those Applications in its list. If you do, select them then click the [—] (minus) button to remove them from Login Items.
You can then restart your Mac and log in as usual. Launch Safari, evaluate its operation and ensure everything is working as you expect it should.
Next: Like all non-Apple "anti-virus" products, "Trend Micro" did nothing to prevent you from installing the "Search Alpha" malware, nor did it appear to aid in removing it. Uninstall it according to its instructions (suggest https://helpcenter.trendmicro.com/en-us/article/TMKA-14475). After following those instructions, confirm no files containing their names appear in any of those folders.
Next: if you want to eradicate all remaining adware remnants post a screenshot of the following folder, in the same manner as you did earlier:
~/Library/Application Support
It is normal for that folder to contain many items, but anything associated with the above adware may contain identical names. If you find a folder or folders bearing those names, drag those folders to the Trash. Without the files you already removed or the reintroduction of similar malware, they can do nothing but occupy space. These can be removed if you wish, but again don't remove anything if you are uncertain.
Finally: If any of the above actions result in abnormal operation or if something else stops working, the easiest way to recover would be to restore the Time Machine backup you created as a prerequisite, so the importance of that fundamental step cannot be overemphasized.
Reply Part 2 of 2:
Next: That Mac is hosting a torrent client. Presumably, you are aware of the risks that entails. The fact that you were affected by the "Search Alpha" malware suggests that you may need to be more circumspect regarding such risks though.
Next: Remnants of certain old "cleaning" or similarly ill-conceived apps appear to be present. They are not directly related to the "Search Alpha" problem at hand and the foregoing instructions do not address their removal. Those products are obsolete and may have been rendered inert years ago. However, if your Mac is experiencing inexplicable behavior or poor performance you may need to pursue those problems separately. Write back for guidance.
Next: if you want to eradicate all remaining adware remnants post a screenshot of the following folder, in the same manner as you did earlier:
~/Library/Application Support
It is normal for that folder to contain many items, but anything associated with the above adware may contain identical names. If you find a folder or folders bearing those names, drag those folders to the Trash. Without the files you already removed or the reintroduction of similar malware, they can do nothing but occupy space. These can be removed if you wish, but again don't remove anything if you are uncertain.
Finally: If any of the above actions result in abnormal operation or if something else stops working, the easiest way to recover would be to restore the Time Machine backup you created as a prerequisite, so the importance of that fundamental step cannot be overemphasized.
LysbethKoster, please follow the instructions below.
First, ensure you have a reliable backup of your Mac, in case something should go wrong with continued troubleshooting. To learn how to do that, please read Back up your Mac with Time Machine.
Next: This step will prevent the scam products from loading so that they can be removed while they are inactive. Restart in "Safe Mode", and log in: How to use safe mode on your Mac - Apple Support. Starting in Safe Mode takes longer than usual so let it finish. The rogue processes affecting that Mac are inoperative in "Safe Mode".
The following files and / or folders need to be deleted while using your Mac in "Safe Mode":
Third screenshot:
Nothing needs to be deleted from the folders in the other two screenshots.
Drag those selections of files to the Trash. You may be asked to authenticate. Confirm they are no longer present in that folder. Leave all the others alone for now.
Next: open Safari and select the Safari menu > Preferences (or Settings) > Extensions. If you see any Safari Extensions that you do not recognize or understand, simply click the Uninstall button and they will be gone. No Safari Extensions are required for normal operation. Then, select the General pane and review your Homepage selection. Then, select the Search pane and confirm your desired Search Engine. Repeat those equivalent actions for any other browser you may use (Brave, Firefox, or Opera for example).
There may also be adware-associated app icons in your Mac's Applications folder. Open it and examine its contents. Any unwanted or mysterious app icons should be obvious to you, but again please don't remove anything if you are uncertain—ask first. Identify any suspicious apps by name, or post another screenshot.
Next: In an abundance of caution, examine System Preferences (or Settings) > Extensions. Determine if there are any System Extensions that may have been installed without your knowledge. Ask if you're uncertain.
Remaining in System Preferences, check for the presence of any Profiles. Profiles are installed by organizations with a need to manage Macs deployed in institutional corporate or educational environments (for example), but have also been exploited by adware creators and similar malcontents. If any Profiles are installed on your Mac an icon like this will appear in System Preferences:
If you see that icon in System Preferences, select it. To remove a Profile, select it, then click the [—] (minus) button and authenticate.
Remaining in System Preferences, open Users & Groups. Select your User Account's Login Items. You may or may not find those Applications in its list. If you do, select them then click the [—] (minus) button to remove them from Login Items.
You can then restart your Mac and log in as usual. Launch Safari, evaluate its operation and ensure everything is working as you expect it should.
Next: if you want to eradicate all remaining adware remnants post a screenshot of the following folder, in the same manner as you did earlier:
~/Library/Application Support
It is normal for that folder to contain many items, but anything associated with the above adware may contain identical names. If you find a folder or folders bearing those names, drag those folders to the Trash. Without the files you already removed or the reintroduction of similar malware, they can do nothing but occupy space. These can be removed if you wish, but again don't remove anything if you are uncertain.
Finally: If any of the above actions result in abnormal operation or if something else stops working, the easiest way to recover would be to restore the Time Machine backup you created as a prerequisite, so the importance of that fundamental step cannot be overemphasized.
dr.jb, please follow the instructions below.
First, ensure you have a reliable backup of your Mac, in case something should go wrong with continued troubleshooting. To learn how to do that, please read Back up your Mac with Time Machine.
Next: This step will prevent the scam products from loading so that they can be removed while they are inactive. Restart in "Safe Mode", and log in: How to use safe mode on your Mac - Apple Support. Starting in Safe Mode takes longer than usual so let it finish. The rogue processes affecting that Mac are inoperative in "Safe Mode".
The following files and / or folders need to be deleted while using your Mac in "Safe Mode":
com.gregorian.gettime.plist
com.mac.booster.agent.plist
com.pcv.hlprnmcp.plist
com.readerupdate.plist
com.systemmond.plist
com.techyutil.Utility.plist
com.update.updService.plist
Nothing needs to be deleted from the other two folders for now.
Drag those selections of files to the Trash. You may be asked to authenticate. Confirm they are no longer present in that folder. Leave all the others alone for now.
Next: open Safari and select the Safari menu > Preferences (or Settings) > Extensions. If you see any Safari Extensions that you do not recognize or understand, simply click the Uninstall button and they will be gone. No Safari Extensions are required for normal operation. Then, select the General pane and review your Homepage selection. Then, select the Search pane and confirm your desired Search Engine. Repeat those equivalent actions for any other browser you may use (Brave, Firefox, or Opera for example).
There may also be adware-associated app icons in your Mac's Applications folder. Open it and examine its contents. Any unwanted or mysterious app icons should be obvious to you, but again please don't remove anything if you are uncertain—ask first. Identify any suspicious apps by name, or post another screenshot.
Next: In an abundance of caution, examine System Preferences (or Settings) > Extensions. Determine if there are any System Extensions that may have been installed without your knowledge. Ask if you're uncertain.
Remaining in System Preferences, check for the presence of any Profiles. Profiles are installed by organizations with a need to manage Macs deployed in institutional corporate or educational environments (for example), but have also been exploited by adware creators and similar malcontents. If any Profiles are installed on your Mac an icon like this will appear in System Preferences:
If you see that icon in System Preferences, select it. To remove a Profile, select it, then click the [—] (minus) button and authenticate.
Remaining in System Preferences, open Users & Groups. Select your User Account's Login Items. You may or may not find those Applications in its list. If you do, select them then click the [—] (minus) button to remove them from Login Items.
You can then restart your Mac and log in as usual. Launch Safari, evaluate its operation and ensure everything is working as you expect it should.
Next: You can see for yourself that "Malwarebytes" did nothing to prevent you from installing adware, and from what you describe it was equally ineffective at removing it. It's your decision whether to keep it installed or not, but there is nothing any product can do to prevent you from installing junk. Recognition and avoidance is the only effective defense. For more regarding that subject, read How to install adware - Apple Community.
Next: if you want to eradicate all remaining adware remnants post a screenshot of the following folder, in the same manner as you did earlier:
~/Library/Application Support
It is normal for that folder to contain many items, but anything associated with the above adware may contain identical names. If you find a folder or folders bearing those names, drag those folders to the Trash. Without the files you already removed or the reintroduction of similar malware, they can do nothing but occupy space. These can be removed if you wish, but again don't remove anything if you are uncertain.
Finally: If any of the above actions result in abnormal operation or if something else stops working, the easiest way to recover would be to restore the Time Machine backup you created as a prerequisite, so the importance of that fundamental step cannot be overemphasized.
You should post both screenshots for LaunchAgents at:
~/Library/LaunchAgents
/Library/LaunchAgents
They are different.
Antho-21 wrote:
I have the same problem, I tried so many ways to get rid of it but it is still there, even i just bought my mac few months ago
Antho-21 you really should post your own question. This one is old and has grown far too lengthy and confusing for anyone to navigate.
When you post that question, please follow the instructions I posted for everyone else: Removing "Search Marquis" / "Search Baron" / etc on your own - Apple Community.
The fact you were unable to find those instructions in this overly long and convoluted thread illustrates how it's not a good idea to post "me too" replies. Posting your own question is by far the best way to get timely and accurate replies on this site, and the most effective way to get the personal attention you need.
The Mac must be restarted in "Safe Mode" before you can perform the removals.
How to use safe mode on your Mac - Apple Support
Follow the instructions for Apple Silicon, expanded below to include additional detail.
Thank-you John! Safari tried to go back to search-alpha when I restarted simply because Safari was set to Open with Windows from Last Session. When I removed that and restarted Safari, I was back up and running :-}
How can I remove Search Alpha from Safari?
