Eliminate unwanted redirects to searchmine.net website
Written by Tomas Meskauskas on (updated)
What is searchmine.net?
searchmine.net is yet another variant of the weknow.ac and chumsearch.com fake web search engines. This website claims to enhance the browsing experience by generating improved results and providing quick access to several popular websites (Twitter, YouTube, Facebook, and AliExpress).
Note that these false claims are merely attempts to give the impression of legitimacy, since this site is typically promoted using fake Adobe Flash Player updaters. Furthermore, it is designed to gather information and redirect users to another fake search engines: opti-page.com, trovi.com, webcrawler.com and bing.com, searchpowerapp.com.
Fake update/download/installation set-ups that promote websites such as searchmine.net hijack popular browsers (e.g., Safari, Mozilla Firefox, Google Chrome, etc.) and modify the new tab URL, default search engine, and homepage options by assigning them to promoted URLs. Although these changes may seem insignificant, users are unable to revert them.
These set-ups install a number of "helper objects" (third party applications and browser plug-ins) that reassign browser settings when attempts are made to change them. Therefore, returning browsers to their previous states becomes impossible and users are encouraged to visit searchmine.net when they open a new browser tab/window or search via the URL bar.
This significantly diminishes the browsing experience. Note that searchmine.net does not generate any unique search results - it simply redirects users to opti-page.com, which is another fake search engine. Bear in mind that opti-page.com might also generate results leading to other potentially malicious websites.
This can lead to various system infections. Information tracking is also an issue. "Helper objects" and fake search engines usually gather search queries, websites visited, pages viewed, Internet Protocol (IP) addresses, geolocations, and other similar data relating to browsing activity.
Furthermore, the recorded information usually contains personal details that are shared with third parties (potentially, cyber criminals). These people generate revenue by misusing private information. Therefore, information tracking might result in various privacy issues, including identity theft.
| Name | searchmine.net browser hijacker |
| Threat Type | Redirect, Browser hijacker, Unwanted application, Mac malware, Mac virus |
| Symptoms | Your Mac becomes slower than normal, you see unwanted pop-up ads, you are redirected to dubious websites. |
| Serving IP Address (searchmine.net) | 104.25.231.10 |
| Detection Names (Adobe Flash Player.dmg) | Avast (MacOS:Agent-EN [Drp]), BitDefender (Adware.MAC.Bundlore.DMM), DrWeb (Adware.Mac.Bundlore.191), Kaspersky (Not-a-virus:HEUR:AdWare.OSX.Bnodlero.q), Full list of detection names (VirusTotal). |
| Payload | Searchmine.net, Mac Cleanup Pro, MediaDownloader, MyCouponsmart. |
| Distribution methods | Deceptive pop-up ads, free software installers (bundling), fake flash player installers, torrent file downloads. |
| Damage | Internet browser tracking (potential privacy issues), display of unwanted ads, redirects to dubious websites, loss of private information. |
| Malware Removal (Mac) | To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. |
searchmine.net shares many similarities with dozens of other fake search engines, such as search.getstranto.club, my-search.site, go.coloringmaster.net.
All claims to enhance web browsing experience by generating improved search results and, in some cases, other "useful features" (e.g., quick access to popular websites, weather forecasts, currency exchange rates, etc., however, these claims are mere attempts to attempt to give the impression of legitimacy.
Fake web search engines have only one purpose: to generate revenue for the developers, whilst regular users get no real value, since websites such as searchmine.net merely cause unwanted redirects and gather sensitive data.
Furthermore, fake web search engines may feed users with misleading search results and/or intrusive advertisements, of which usually lead to dubious websites. Therefore, using fake web search engines users may can lead tofecting their computers.
How did searchmine.net install on my computer?
As mentioned above, searchmine.net is usually promoted using fake Adobe Flash Player updaters. These are typically proliferated using rogue websites that deliver fake pop-up errors. These claim that the Flash Player is outdated (even though it is not) and encourage the visitor to update it immediately.
The actual purpose of these fake updaters is to inject additional unwanted applications (or even high-risk malware) and promote fake search engines (in this case, searchmine.net). The sample we analyzed not only promoted searchmine.net, but also injected Mac Cleanup Pro, MediaDownloader, and MyCouponsmart.
Therefore, if you encounter redirects to searchmine.net, it is likely that these (or other) unwanted applications are also present.
How to avoid installation of potentially unwanted applications?
To prevent this situation, be very cautious when browsing the Internet and downloading/installing software. Intrusive advertisements (which are delivered by adware-type applications) usually seem legitimate, since developers invest many resources into their design. In fact, they usually redirect to dubious websites.
If you encounter these ads/redirects, remove all suspicious applications and browser plug-ins. Carefully analyze each window of the download/installation dialogs using the "Custom" or "Advanced" settings. Opt-out of additionally-included rogue applications and decline offers to download/install other applications.
We advise you to download apps from official sources only, using direct download links. Third party downloaders/installers often include rogue apps, and thus such tools should never be used. The same applies to software updates. Keep installed applications and operating systems up-to-date, however, use implemented functions or tools provided by the official developer.
The key to computer safety is caution. If your computer is already infected with browser hijackers, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate them.
Appearance of searchmine.net redirecting users to opti-page.com (GIF):
Appearance of searchmine.net redirecting users to webcrawler.com:
Appearance of searchmine.net redirecting users to bing.com via trovi.com:
Fake Adobe Flash Player installer promoting searchmine.net:
Screenshot of this setup during the installation/update process:
Rogue website promoting a fake Adobe Flash Player updater:
Screenshot of Mac Cleanup Pro unwanted application:
Screenshot of MediaDownloader adware:
Appearance of a fake Google Docs extension (titled "Google Docs Offline") designed to control browser settings and promote browser hijackers (such as searchmine.net):
Appearance of this fake Google Docs extension managing Google Chrome search engine settings:
This browser hijacker modifies the Google Chrome web browser itself, thereby making it unfixable. For this reason, in order to use it you have to re-install a fresh copy once all the malicious files are removed.
Update April 17, 2020 - There is reason to believe that the information gathered by SearchMine is specifically geared towards further infections.
The collected device data (e.g. unique device ID, operating system version, installed applications and anti-virus software, etc.) - is particularly relevant for cyber criminals, proliferating malware. More information on these developments can be found in an article by Phil Stokes on sentinelone.com.
IMPORTANT NOTE! Rogue setups/apps that promote the searchmine.net website are designed to create a new device profiles ("Chrome Settings" and "Safari Settings"). Therefore, before taking any further removal steps, perform these actions:
1) Click the "Preferences" icon in the menu bar and select "Profiles".
2) Select the "Chrome Settings" and "Safari Settings" profiles and delete them.
3) Perform a full system scan with Combo Cleaner anti-virus suite.
After performing these actions, you can proceed with further removal steps for this browser hijacker.
Instant automatic Mac malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.
Quick menu:
- What is searchmine.net?
- STEP 1. Remove searchmine.net related files and folders from OSX.
- STEP 2. Remove searchmine.net redirect from Safari.
- STEP 3. Remove searchmine.net browser hijacker from Google Chrome.
- STEP 4. Remove searchmine.net homepage and default search engine from Mozilla Firefox.
Video showing how to remove browser redirects to searchmine.net using Combo Cleaner:
searchmine.net redirect removal:
Remove searchmine.net-related potentially unwanted applications from your "Applications" folder:
Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX","NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.
Remove browser hijacker-related files and folders
Click the Finder icon from the menu bar. Choose Go, and click Go to Folder...
Check for browser hijacker generated files in the /Library/LaunchAgents/ folder:
In the Go to Folder... bar, type: /Library/LaunchAgents/
In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by browser hijackers - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Browser hijacker commonly installs several files with the exact same string.
Check for browser hijacker generated files in the ~/Library/Application Support/ folder:
In the Go to Folder... bar, type: ~/Library/Application Support/
In the "Application Support" folder, look for any recently-added suspicious folders. For example, "MplayerX" or "NicePlayer", and move these folders to the Trash.
Check for browser hijacker generated files in the ~/Library/LaunchAgents/ folder:
In the Go to Folder... bar, type: ~/Library/LaunchAgents/
In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by browser hijackers - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Browser hijacker commonly installs several files with the exact same string.
Check for browser hijacker generated files in the /Library/LaunchDaemons/ folder:
In the "Go to Folder..." bar, type: /Library/LaunchDaemons/
In the "LaunchDaemons" folder, look for recently-added suspicious files. For example "com.aoudad.net-preferences.plist", "com.myppes.net-preferences.plist", "com.kuklorest.net-preferences.plist", "com.avickUpd.plist", etc., and move them to the Trash.
Scan your Mac with Combo Cleaner:
If you have followed all the steps correctly, your Mac should be clean of infections. To ensure your system is not infected, run a scan with Combo Cleaner Antivirus. Download it HERE. After downloading the file, double click combocleaner.dmg installer. In the opened window, drag and drop the Combo Cleaner icon on top of the Applications icon. Now open your launchpad and click on the Combo Cleaner icon. Wait until Combo Cleaner updates its virus definition database and click the "Start Combo Scan" button.
Combo Cleaner will scan your Mac for malware infections. If the antivirus scan displays "no threats found" - this means that you can continue with the removal guide; otherwise, it's recommended to remove any found infections before continuing.
After removing files and folders generated by the browser hijackers, continue to remove rogue extensions from your Internet browsers.
Remove browser hijackers from Internet browsers
Remove Safari browser hijackers:
Open the Safari browser, from the menu bar, select "Safari" and click "Preferences...".
In the preferences window, select "Extensions" and look for any recently-installed suspicious extensions. When located, click the "Uninstall" button next to it/them. Note that you can safely uninstall all extensions from your Safari browser - none are crucial for regular browser operation.
Change your homepage:
In the "Preferences" window, select the "General" tab. To set your homepage, type the preferred website URL (for example: www.google.com) in the Homepage field. You can also click the "Set to Current Page" button if you wish to set your homepage to the website you are currently visiting.
Change your default search engine:
In the "Preferences" window, select the "Search" tab. Here you will find a drop-down menu labeled "Search engine:" Simply select your preferred search engine from the drop-down list.
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Safari.
Remove Google Chrome browser hijackers:
Click the Chrome menu icon 
(at the top right corner of Google Chrome), select "More Tools" and click "Extensions". Locate all recently-installed suspicious extensions, select these entries and click "Remove".
Change your homepage
Click the Chrome menu icon (at the top right corner of Google Chrome) and select "Settings". In the "On startup" section, disable the malicious extension (if present), look for a browser hijacker URL below the "Open a specific or set of pages" option. If present, click on the three vertical dots icon and select "Remove".
Change your default search engine:
To change your default search engine in Google Chrome: Click the Chrome menu icon (at the top right corner of Google Chrome), select "Settings", in the "Search engine" section, click "Manage search engines...", in the opened list look for a browser hijacker URL, when located click the three vertical dots near this URL and select "Delete".
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Google Chrome.
Remove malicious extensions from Mozilla Firefox:
Click the Firefox menu 
(at the top right corner of the main window) and select "Add-ons and themes". Click "Extensions", in the opened window locate all recently-installed suspicious extensions, click on the three dots and then click "Remove".
Change your homepage
To reset your homepage, click the Firefox menu (at the top right corner of the main window), then select "Settings", in the opened window disable malicious extension (if present), remove the browser hijacker URL and enter your preferred domain, which will open each time you start Mozilla Firefox.
Change your default search engine:
In the URL address bar, type "about:config" and press Enter. Click "Accept the Risk and Continue".
In the search filter at the top, type: "extensionControlled". Set both results to "false" by either double-clicking each entry or clicking the 
button.
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Mozilla Firefox.
Outstanding!
▼ Show Discussion