Redirection (itch) Mac OS

Posted on  by

If you’ve noticed that the browser you use on your Mac has suddenly started re-directing to Bing whenever you try and use Google or Yahoo to search the web, your Mac has fallen prey to the Bing redirect virus.

CoRD was a Mac OS X remote desktop client for Microsoft Windows computers using the RDP protocol. It's easy to use, fast, and free for anyone to use or modify. 2020-04-13: This project is defunct. Most people will be happy with Microsoft's clients. When troubleshooting issues with Web Traffic Redirection (WTR) on the Symantec Endpoint Protection (SEP) for Mac client, it may be necessary to disable the feature. In rare circumstances, disabling WTR or uninstalling the SEP client may fail to restore the previous Automatic Proxy Configuration settings.

The current situation

In 2020, browser hijackers are on the rise again, despite the ever-improving security protocols. According to security expert Adenike Cosgrove, it’s not only your browser that can easily be hijacked but your entire account as well. As online streaming grows during the Coronavirus lockdown, thousands of hacked Netflix and Twitch accounts are being sold daily on the Dark Web. And clicking the wrong ad banner will easily get you there.

Mac users are just as vulnerable to adware attacks as Windows users. Have you heard of NewTab? This adware redirect virus has swarmed across the Mac world, infecting 30 million Macs. Adware known as Bing belongs to the same family. So here’s your guide on how to get rid of Bing on your Mac.

Name

Bing redirect virus

CategorymacOS browser hijacker, adware redirect
Also known as

Win32:Malware-gen, Adware.Win32.DealPly

SymptomsLocks the default search engine, ad pop-ups
Infection method

Flash Player updater, torrents & covert installers

System damageInstalls malicious cookies, hijacks user privilege
RemovalCleanMyMac X anti-virus, Malwarebytes

What is Bing redirect virus

Bing redirect isn’t a virus per se. It doesn’t replicate itself and copy itself from computer to computer over a network or using shared storage. It is, however, a form of malware known as a potentially unwanted program, or PUP. Specifically, it’s a browser hijacker, which means it intercepts your browser settings, whether you use Chrome, Firefox, or Safari, and changes the homepage and default search engine.

Then it displays intrusive adverts and collects data such as your IP address, web searches, and sites visited. That’s all done to earn money for the hackers who created it.

How did it get onto your Mac?

Ask yourself if you’ve downloaded any applications recently. Did you see a prompt from macOS telling you that the app wasn’t downloaded from the Mac App Store and have to allow the installation in System Preferences? If so, that’s the culprit. Bing redirect bundles itself with other applications and is downloaded and installed when you download those. To avoid it, be careful about what applications you download, make sure you know what they are and that they are safe. And avoid downloading software from sites that use proprietary download managers.

If you’re not sure whether you’ve already downloaded Bing redirect, just launch a web browser and type a search query. If it redirects to Bing, you have your answer.

Read on, and we'll explain how to remove Bing from Chrome and other browsers.

How to remove Bing redirect virus automatically

Luckily, in 2020 many apps recognize the Bing virus. One of the latest antiviruses, CleanMyMac X, does that well. This app is notarized by Apple and detects many PUPs and key loggers, adware extensions, etc.
If all you are looking for is to delete the Bing redirect virus, you may go with a free version of CleanMyMac X.
Download the app — a link to a free edition
Launch the app and click Malware Removal in the sidebar
It should look like this:

How to destroy the Bing virus manually.

There are several steps to manual Bing redirect virus removal. First, stop it running.

  1. Launch Activity Monitor from Applications>Utilities.
  2. Look for any processes that look like they may be malware. If you’re not sure, google the name of suspicious processes.
  3. If you find one, select it and press the Quit Process button in the toolbar.

Get rid of suspicious applications

  1. Go to your Applications folder.
  2. Look for any applications you don’t remember installing.
  3. If you find one, uninstall it.

How to see your hidden folders?

There is a shortcut combination to reveal the unseen folders on your Mac. It may help you get hold of the virus that infiltrated many parts of your macOS. To see hidden items in the Documents or Applications folder, use:
Shift + Command + Period key

Reset homepage in Safari Preferences

Go to the Safari menu > Preferences > General.
Find the Homepage box and change what's written there to your preferred search engine.

What else can you do: Check your login items

Redirection (itch) mac os downloads

Sometimes, malware puts itself in your login items, so it starts up when your Mac boots.

  1. Go to System Preferences and choose Users & Groups.
  2. Click on your user name and choose the Login Items tab.
  3. Look for any suspicious login items.
  4. If you find any, check the box next to them and press “-“

Remove Bing redirect from browser extensions

Many users are asking how to stop redirects caused by Bing. One of the solutions is cutting down on your browser extensions. Even seemingly helpful extensions, like parcel trackers, could be covert vehicles for Bing.

For Safari:

  1. Launch Safari, then click on the Safari menu and select Preferences.
  2. Click on the Extensions tab.
  3. Look for an extension that you haven’t installed, and that looks suspicious.
  4. Select it and press Uninstall.
  5. Now go to the General tab.
  6. Change the Homepage address to your preferred homepage.
  7. Go to the Search tab and choose the search engine you want to use.

Remove Bing redirect from Chrome

How to remove Bing from Chrome extensions:

  1. Launch Chrome.
  2. Type “chrome://extensions” into the address bar.
  3. Look for an extension that you haven’t installed, and that looks suspicious.
  4. Click Remove next to the extension.
  5. Type “chrome://settings” into the address bar.
  6. Scroll down to “On-startup.”
  7. If the setting has been changed, change it back to your preferred homepage.
  8. Go back to settings and select “search engine.”
  9. Press “manage search engines” and then the drop-down menu next to the “search engine used in the address bar” the choose the one you want to use.

Remove Bing redirect from Firefox extensions

  1. Launch Firefox and click on the three horizontal lines on the right of the toolbar.
  2. Choose Add-ons.
  3. Select Extensions and look for an extension that you haven’t installed, and that looks suspicious.
  4. Press Remove.
  5. Click on the three horizontal lines again.
  6. Choose Preferences.
  7. Now, select Home.
  8. Set “Homepage and new windows” to your preferred homepage.
  9. Choose Search.
  10. Set the search engine to the one you want to use.

Once you’ve completed the above steps, the Bing redirect should have been removed, and your browser should work normally. To make sure you don’t download any further malware, be careful about what you download. Never click on a pop-up window that appears when you visit a website and tells you that software is out of date or that you must download an app to continue.

It's also worth trying a dedicated app uninstaller like the one is CleanMyMac X.

So what is Bing redirect essentially? For some, it might be just a nuisance, but what if it steals your credit card details? So you should remove it as soon as you become aware of it.

Fortunately, removing it isn’t very difficult if you follow the steps above carefully. Once you’ve removed it, it’s worth scanning your Mac with an antivirus tool or with CleanMyMac X's Malware Removal tool.

Recap: A few quick answers

Why does my search engine keeps changing to Bing?
Most likely, you have unknowingly installed the Bing virus as part of a software bundle. The best way to fix it is to use a dedicated antivirus.

How to stop Bing from opening at startup
Open your Login items on Mac and disable all non-essential items. As a nuclear option, fully delete and reinstall your browser that is affected by Bing.

How to change Bing to Google
You can reset your default search engine in Chrome > Settings > Search engine. That doesn’t delete parts of the virus that are still present in your system.

Frequently asked questions

How to find out your Mac is infected by Bing redirect?

Bing Redirect is a browser hijacker, which means it takes over your browser, whether it’s Chrome, Safari, or Firefox, and changes the homepage and default search engine. If your Mac’s infected with Bing redirect, you will likely see pop-ups, banners, and other intrusive ads in your browser.

How is Bing redirect related to the Bing search engine?

Bing is a legitimate search engine, which isn’t malicious at all. The creators of Bing redirect used the Bing brand name to trick users into downloading this PUP.

How does Bing redirect get into your Mac?

Bing redirect finds way on your Mac following the easiest pattern: it disguises itself as a third-party app. If you have installed some apps recently, Bing redirect could have been bundled with them. The next time you install an app, pay attention to installation steps to deselect the installation of third-party apps that can be malicious.

Administrators can configure the client system to specify which USB devices can be redirected to a remote desktop.

You can configure USB policies for both View Agent or Horizon Agent, on the remote desktop, and Horizon Client, on the local system, to achieve the following goals:

  • Restrict the types of USB devices that Horizon Client makes available for redirection.
  • Make View Agent or Horizon Agent prevent certain USB devices from being forwarded from a client computer.
  • Specify whether Horizon Client should split composite USB devices into separate components for redirection.

    Composite USB devices consist of a combination of two or more devices, such as a video input device and a storage device.

Configuration settings on the client might be merged with or overridden by corresponding policies set for View Agent or Horizon Agent on the remote desktop. For information about how USB settings on the client work in conjunction with View Agent or Horizon Agent USB policies, see the topics about using policies to control USB redirection, in the Configuring Remote Desktop Features in Horizon 7 document.

Using Rules From a Previous Horizon Client Release

In previous Horizon Client releases, you had to use sudo to configure USB filtering and splitting rules. You can use the following procedure to move rules that use sudo to new rules that do not use sudo.

  1. On the Mac client, open Terminal (/Applications/Utilities/Terminal.app) and run the following command:
  2. Open a Terminal window (press command+N) and run the following command:
  3. In the first Terminal window, run the following command:
  4. Close both Terminal windows.

You can now use defaults write com.vmware.viewusb propertyvalue to update the rules.

Syntax for Configuring USB Redirection

You can configure filtering and splitting rules to exclude or include USB devices from being redirected to a remote desktop. On a Mac client, you configure USB functionality by using Terminal (/Applications/Utilities/Terminal.app) and running a command as root.

  • To list the rules:

    For example:

  • To remove a rule:

    For example:

  • To set or replace a filter rule:

    For example:

    Important: Some configuration parameters require the VID (vendor ID) and PID (product ID) for a USB device. To find the VID and PID, you can search on the Internet for the product name combined with vid and pid. Alternatively, you can look in the USB Log file after you plug in the USB device to the local system when Horizon Client is running. For more information, see Turn On Logging for USB Redirection.
  • To set or replace a splitting rule for a composite device:

    For example:

    Composite USB devices consist of a combination of two or more devices, such as a video input device and a storage device. The first line in this example turns on automatic splitting of composite devices. The second line excludes the specified composite USB device (Vid-03f0_Pid-2a12) from splitting.

    The third line tells Horizon Client to treat the components of a different composite device (Vid-0911_Pid-149a) as separate devices but to exclude the following component from being redirected: the component whose interface number is 03. This component is kept local.

    Because this composite device includes a component that is ordinarily excluded by default, such as a mouse or keyboard, the fourth line is necessary so that the other components of the composite device Vid-0911_Pid-149a can be redirected to the remote desktop.

    The first three properties are splitting properties. The last property is a filtering property. Filtering properties are processed before splitting properties.

Excluding a USB Ethernet Device

One example of a USB device you might want to exclude from redirection is a USB Ethernet device. Suppose that your Mac is using a USB Ethernet device to connect the network for the Mac client system to a remote desktop. If you redirect the USB Ethernet device, your local client system will lose its connection to the network and the remote desktop.

Redirection (itch) Mac Os Download

If you want to permanently hide this device from the USB connection menu, or if you have set your remote desktop to autoconnect USB devices, you can add an exception to exclude your Ethernet connection.

Redirection (itch) Mac Os Downloads

In this example, xxxx is the vendor ID and yyyy is the product ID of the USB Ethernet adapter.