AresLookup is adware that attacks macOS devices. It forces browsers to redirect web searches and it logs the victim’s browsing data as a valuable resource for advertisers. AresLookup gets installed unwittingly by its victims who may not notice anything wrong other than their searches being redirected. The important thing is to remove AresLookup once it’s discovered, as well as any other malware that could have come with AresLookup.
Areslookup Redirects quicklinks
- AresLookup infection symptoms
- How adware gets installed
- How to remove AresLookup
- Automatic Malware removal tools
- Remove browser extensions manually
(Win)
Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,
(Mac)
Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,
Details on AresLookup:
Classification | Adware,
browser hijacker, trojan. |
---|---|
What AresLookup does | Makes web browsers switch the default search engine,
logs the victim’s browsing history, forces more ads to be shown. |
How it gets installed | Downloaded with free apps,
downloaded from malicious ads, installs in a way that lets AresLookup come back after being removed. |
How to remove AresLookup | Delete malicious profiles,
remove the app and the browser extension, scan your device with antivirus tools (Combo Cleaner, Malwarebytes, etc.), look for other malware and remove it if any is found. |
AresLookup infection symptoms
AresLookup causes browser redirects. It changes your browser settings to influence which websites you go to. For example, your browser could return your internet search results in Yahoo.com or Anysearchmanager.com. As long as AresLookup is installed, it interferes with the person’s web browsing.
The redirects are in service of AresLookup’s operators making some advertising revenue.
As AresLookup has access to the victim’s web browser, it can read a lot of the data on it. Meaning that it can function as spyware, too. Our browsing habits combined with our demographic info make some really valuable data for advertisers, so it’s often a part of what adware does. If you can see AresLookup in your installed browser extensions, you can read what permissions it has.
So, AresLookup forces people to visit certain websites and it reads their browsing history, but it might go further than that. AresLookup looks very similar to the Shlayer trojan infections, and some of those have actually hijacked people’s traffic by changing their network settings. This can cause the internet connection to be unstable and some apps to crash or freeze periodically.
How adware gets installed
AresLookup has a few ways to spread:
- Downloaded in an unrelated app where it was bundled as an optional offer. The developers of free software sometimes accept money in exchange for bundling an app. Sometimes that app happens to be malware.
- Downloaded off of malicious sites that show fake warnings about necessary software updates. The image of Adobe Flash Player is commonly used.
AresLookup spreads thanks to sites showing malicious ads with fake messages to “install the newest update” that actually just download malware. Sure, cybercriminals sometimes bundle a real update or installer with the malware to make the scam more believable. But these sites that AresLookup is downloaded off of have nothing to do with legitimate companies. This is entirely the work of whoever is behind this adware campaign.
Like most malware, AresLookup is made with profit being the purpose. It’s meant to not be too intrusive so that it can remain unnoticed and stay installed for as long as possible. That way, it can continue messing with the victim’s search. But it’s also made to be annoying to remove: after being deleted from Applications like normal, it comes back.
How to remove AresLookup
Profiles on macOS are used to enforce settings on a Mac. They can be legitimate, but AresLookup abuses them to reinstall itself after being removed. AresLookup creates a set of two profiles that can be found in System Preferences. These profiles should be deleted. Just open System Preferences, look for a section called Profiles, open it, find entries called “AresLookup”, and remove them by pressing the minus button on the bottom left.
There’s no need to worry about removing these profiles. Many Mac users have no profiles at all on their machines.
When the AresLookup profiles are gone, check if your browser is still redirecting to its own sites. AresLookup may also be installed in browser extensions. It needs to be removed from there, too. In the last section of this post are the instructions for removing browser extensions.
AresLookup also needs to be removed from Applications, if it’s there. Without its profiles, it shouldn’t be able to come back.
It’s advisable to do a scan with an antivirus program, like Combo Cleaner, Malwarebytes, or others. Malware gets installed in groups, so to avoid future issues, it’s really important to make sure that all the malicious apps are removed.
Those who care about getting rid of clutter can check their ~/Library/Application Support, ~/Library/LaunchAgents, and ~/Library/LaunchDaemons folders for any files related to AresLookup. Its files should be deleted, but those folders also hold the settings of legitimate programs, so it’s advised to be careful.
It’s notable that AresLookup’s files may come in different names, like ArchiveIdea, MainBoardSearch, ActivelySearch, OriginalTechSearch, DynamicExtra, ArtemisSearch, AssistEngine, TopResults, and others. You probably get the idea. AresLookup is titled this way to be hard to look up and to be as incospicuous as possible.
Automatic Malware removal tools
(Win)
Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,
(Mac)
Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,
Remove browser extensions manually
TopRemoving AresLookup Redirects from Safari (Mac OS X)
- Click on the Safari menu.
- Choose Preferences.
- Click on the Extensions Tab.
- Click on the Uninstall button near the AresLookup Redirects. Remove all other unknown or suspicious entries too. If you are not sure whether you need the extension or not, you can simply uncheck the Enable check-box to disable the extension temporarily.
- Restart Safari.
(Optional) Reset your browser’s settings
If you are still experiencing any issues related to AresLookup Redirects, reset the settings of your browser to its default settings.
- Click on the Safari menu on the top left corner of the screen. Select Reset Safari.
- Select which options you want to reset (usually all of them come preselected) and click on the Reset button.
If you cannot reset your browser settings and the problem persists, scan your system with an anti-malware program.
TopRemoving AresLookup Redirects from Chrome
- Click on the menu button on the top right corner of a Google Chrome window. Select “Settings”.
- Click “Extensions” on the left menu bar.
- Go through the extensions list and remove programs you do not need, especially similar to AresLookup Redirects. Click on the trash bin icon next to AresLookup Redirects or other add-ons you want to remove.
- Press on the “Remove” button on the Confirmation window.
- If unsure, you can disable them temporarily.
- Restart Chrome.
(Optional) Reset your browser’s settings
If you are still experiencing any issues related to AresLookup Redirects, reset the settings of your browser to its default settings.
- Click on Chrome’s menu button (three horizontal lines) and select Settings.
- Scroll to the end of the page and click on the Reset settings button.
- Click on the Reset button on the confirmation box.
If you cannot reset your browser settings and the problem persists, scan your system with an anti-malware program.
TopRemoving AresLookup Redirects from Firefox
- Click on the menu button on the top right corner of a Mozilla window and select the “Add-ons” icon (or press Ctrl+Shift+A on your keyboard).
- Go through Extensions and Addons list, remove everything AresLookup Redirects related and items you do not recognise. If you do not know the extension and it is not made by Mozilla, Google, Microsoft, Oracle or Adobe then you probably do not need it.
- Click on the menu button on the top right corner of a Mozilla Firefox window. Click on the Help button.
- Choose Troubleshooting Information on the Help menu.
- Click on the Reset Firefox button.
- Click on the Reset Firefox button on the confirmation box. Mozilla Firefox will close and change the settings to default.