How can I remove the searchbaron virus from chrome?

[Rod]

I fully understand your reluctance to loose bookmarks, passwords etc, really that shouldn't happen if you are a registered user on Chrome but it's not guaranteed so it comes down to how much trouble this malware is to you. From what I am reading it just redirects your searches to Bing. As Randy said it will probably be added to reputable anti malware software eventually. Do you have any problem with Safari? Perhaps you could use Safari in the interim or try Firefox until a fix is found. You could even export your bookmarks from Chrome to Fitefox.

Not very helpful but here is a discussion on Apple Forums; https://discussions.apple.com/thread/250587505

 

[Rod]

Just by way of reassurance, some years ago I was the victim of a persistant Ransom Ware attack on Firefox browser which I could not remove. I have a Mozilla subscription so I switched off my WiFi connection, erased/uninstalled Firefox and all associated files (using CMM). Restarted my MBP and using Safari downloaded a new version of Firefox from Mozilla, opened it, logged back in and all my bookmarks, extensions, preferences and passwords were restored after about 15 min.
Of course I had a password manager so I was not really concerned about loosing my passwords or user names and regularily I backup my bookmarks to Safari anyway so I can always restore them from there.

 

[terra1000]

I've never heard of "Search Baron" prior to just now. Suspiciously, there is no mention of it from any of the established anti-virus companies or folks who usually track such things closely. I've managed to find three Web sites that mention "how to remove it" (including the one that "chscag" cited in this very thread) and all three are shill sites that want to sell you very questionable software.

The situation sounds very similar to the recent CrossRider adware that was going around:
New Crossrider variant installs configuration profiles on Macs

Since just about all malware and adware for the macintosh is due to a Trojan Horse, it's almost certain that whatever Search Baron is, you got it by downloading and launching software. Possibly a fake Adobe installer or uninstaller, or possibly it came as part of an otherwise legitmate software bundle deal.

Folks got hit by CrossRider, they ran various anti-malware and anti-adware utilities and couldn't get rid of it, then they went to the Web and found suspicious shill Web sites offering to fix the problem if only they bought and downloaded very suspicious software. I WOULDN"T DOWNLOAD ANY SOFTWARE FROM SUCH A WEB SITE! It's likely to make matters much worse.

Try this: Go into System Preferences. See if there is a preference pane for "Profiles". If there is open it and delete all profiles. Then I'd run DetectX again, just for good measure. Let us know if that fixes the problem.

If it doesn't, then you are going to have to wait until one or more of the well regarded anti-virus companies, such as Intego, analyze this piece of adware and either push out an update to their product to delete it, or give instructions on how to manually delete it. Or...

You can try to manually find and eliminate the adware:

How to Remove Adware, Pop-Ups, and Browser Redirects From Your Mac

What is Adware? Adware is software that automatically displays or downloads advertising material (often unwanted) when a user is online. It's typically found within your web browser and it might be...

support.intego.com

Or...

You can contact Intego to work with them to fix the problem if they haven't seen Search Baron before:

Submit Malware- Help Intego Eliminate Malware

Have you identified malware that affects Macs? Let the Intego Malware Research Team know.

www.intego.com

Here is a screenshot oh what Detectx found, I only habe one profile, my own.You dont thnk that this file in the default browser is the problem tp://www.searchbaron.com/v1/hostedsearch?aid=&data=aWlkPTIyJnVpZD0xNTIzNzEwNjk=&sto=1&keyword=%s (outdated link removed)

I changed some symbols in it and it kept t from redirecting but was not working on getting to google...

 

[Randy B. Singer]

...I only habe one profile, my own.

If you have a Profiles preferences pane in System Preferences, then you have found the source of the problem. Normally, there is no Profiles preferences pane in System Preferences if you are an individual working outside of a company with an IS manager who specifically put one there.

Go into the Profiles preferences pane, and delete ANYTHING that is there (including any profile that looks like it belongs to you).

Now run DetectX for good measure.

Restart your Mac and see if things are all better.

 

[Randy B. Singer]

I should also note that, based on the report that you posted from DetectX, you seem to have a penchant for downloading incredibly suspect cleaning and maintenance apps. Wondershare, Memory Cleaner X...those apps are all going to cause you more harm than good.

 

[chscag]

This is really strange Randy. Those are the exact same items found by DetectX when Lori ran the program.

Here's the thread: Take a look.

detect x -swift

after reading in other forums that this would be a good thing to run in addition to malwarebytes and virus barrier scanner...which I have and use. I downloaded, installed and ran detect x - swift... a screen popped up with 9 locations. I dont know what I am supposed to do now. one has to do...

www.mac-forums.com

 

[terra1000]

I've never heard of "Search Baron" prior to just now. Suspiciously, there is no mention of it from any of the established anti-virus companies or folks who usually track such things closely. I've managed to find three Web sites that mention "how to remove it" (including the one that "chscag" cited in this very thread) and all three are shill sites that want to sell you very questionable software.

The situation sounds very similar to the recent CrossRider adware that was going around:
https://blog.malwarebytes.com/threa...iant-installs-configuration-profiles-on-macs/

Since just about all malware and adware for the macintosh is due to a Trojan Horse, it's almost certain that whatever Search Baron is, you got it by downloading and launching software. Possibly a fake Adobe installer or uninstaller, or possibly it came as part of an otherwise legitmate software bundle deal.

Folks got hit by CrossRider, they ran various anti-malware and anti-adware utilities and couldn't get rid of it, then they went to the Web and found suspicious shill Web sites offering to fix the problem if only they bought and downloaded very suspicious software. I WOULDN"T DOWNLOAD ANY SOFTWARE FROM SUCH A WEB SITE! It's likely to make matters much worse.

Try this: Go into System Preferences. See if there is a preference pane for "Profiles". If there is open it and delete all profiles. Then I'd run DetectX again, just for good measure. Let us know if that fixes the problem.

If it doesn't, then you are going to have to wait until one or more of the well regarded anti-virus companies, such as Intego, analyze this piece of adware and either push out an update to their product to delete it, or give instructions on how to manually delete it. Or...

You can try to manually find and eliminate the adware:

How to Remove Adware, Pop-Ups, and Browser Redirects From Your Mac

What is Adware? Adware is software that automatically displays or downloads advertising material (often unwanted) when a user is online. It's typically found within your web browser and it might be...

support.intego.com

Or...

You can contact Intego to work with them to fix the problem if they haven't seen Search Baron before:

Submit Malware- Help Intego Eliminate Malware

Have you identified malware that affects Macs? Let the Intego Malware Research Team know.

www.intego.com

It would seem to me the search baron link has to be replaced using ''URL with %s in place of query'' as being asked...

 

[terra1000]

I think I solved the problem by getting rid of all default browsers as bing,yahoo etc. in chrome...

 

[Rod]

Ha, well I didn't think of that. I'm not sure that has actually "fixed" the problem as searchbaron is still lurking somewhere in your OS but it is a solution to the functional issue. If this works for you that's great but I think you may have to remove it at some point. In the mean time you seem to have removed the nuisance element.
Do have a think about having a few backup browsers though. Having just one primary browser with all your bookmarks, passwords etc is like putting all your eggs in one basket. Firefox is pretty good these days and it's easy to export your data from one browser to another but in your case you might want to do it manually over time in case you export your problem from Chrome to Firefox.