What is CornusMas and How to Remove it?

CornusMas is an unknown browser search tool that claims to enhance the online searching experience. It states that by installing the extension, web users may be able to have a quick and reliable search outcome. The problem with this browser extension is that it does not adhere to web user’s preferences. In fact, CornusMas can overturn the internet program to its own liking without due permission from the computer user.

Sneaky entry of CornusMas

The most successful way to spread CornusMas is through free software installers that adware makers were able to modify to incorporate the malicious code. Sadly, it is already widespread and sitting on different online repositories, file servers, websites, and torrent portals. Downloading the said crafted freeware gives way for CornusMas to freely sneak inside the target browser applications like Google Chrome, Microsoft Edge, or Mozilla Firefox.

The people behind CornusMas exert extra effort and spend some cash to help spread the adware via online advertisements. As a result, web users may sometimes bump into pop-up ads that aggressively promote CornusMas as a valuable search engine. The darker side of this scheme is that there are ads that purport to be system alerts, claiming to have detected obsolete applications. Then, it prompts for the download of a crucial software update that will eventually install CornusMas as a replacement.

The CornusMas operation

It is worth mentioning that CornusMas is part of a huge adware clan that is responsible for deploying other unwanted programs like GorillaBeringei and AmebelodonFricki. These applications may be serving a different niche, but the damage that they inflict on infected browser programs is just the same. For CornusMas, it overrides the homepage and search settings to let an unwanted search engine reign as the start-up page and search provider. With it leading the search region, the previously accurate and useful search result could turn into a worthless outcome due to the inability of the new search engine.

Typically, the entry of adware like CornusMas brings no improvement to an internet browser’s performance. The only visible changes that web users may encounter are the overflowing displays of advertisements, which are quite distracting. With that being said, there is no reason to let CornusMas sit on an internet program, and removal is suggested as soon as possible.

For Windows PC Users

CornusMas Removal Procedure for PC

Below is a systematic instruction that is very useful in getting rid of the potentially unwanted program (PUP) from compromised computer. In order to totally eliminate the threat, it is vital to follow the process in exact manner.

Step 1 : Scan the PC with Combo Cleaner

Combo Cleaner is a trusted PC utility application with complete antivirus and optimization features. It is useful in dealing with adware, malware, and PUP's. Moreover, it can get rid of malicious browser extension like CornusMas that is responsible for displaying unknown homepage and pop-ups.

To quickly remove CornusMas without going through the complicated process, please click on the button to download the removal tool. You may need to purchase full version if you require to maximize its premium features.

Proceed with the rest of the removal steps if you are comfortable manually removing malicious objects associated with the threat. The following guides are also vital in deleting malicious items from the browser configuration.

Step 2 : Get Rid of CornusMas Extension from Google Chrome

The above procedures should have totally eliminated the browser hijacker. However, if you still find that there are still remnants of CornusMas on internet application, please proceed to manual removal of associated objects as outlined below.

1. Open Google Chrome browser.

2. Type or copy and paste the following in the address bar and press Enter on the keyboard.

chrome://extensions/

Screenshot of Chrome Extensions in PC

3. Find CornusMas or relevant entry and remove it from Google Chrome.

If you cannot remove CornusMas because "Your Browser is Managed by your Organization", do the following:

1. Activate the Developer mode on Extensions window by using the slider.

2. Then, copy or take note of the malicious extension's ID code.

Screenshot of Chrome Developer Mode in PC

3. Open Windows or File Explorer and locate the following folder:

C:\Users\(Your Username)\AppData\Local\Google\Chrome\User Data\Default\Extensions

4. After opening the Folder, find the item that matches the Extension ID and delete it.

5. Please restart your Google Chrome browser.

Aside from this straightforward workaround, we have a separate comprehensive guide to fix the Managed by Organization issue. You can also execute that guide if the steps on this page are not enough to delete CornusMas.

Step 3 : Scan the computer with Sophos Home Antivirus

To remove CornusMas automatically, scanning the computer with this powerful antivirus tool is recommended. This scanner does not just uncover known threats like viruses or malware, it is also effective in discovering browser hijacker like CornusMas that slows down online browsing activities.

1. Please click on the link below to download the program.

2. After downloading, locate the file SophosInstall.exe in the Downloads folder.

3. Install by double-clicking on the file.

4. If it prompts "Do you want to allow this app to make changes on your device?" please click Yes.

5. Next, it will display the Terms and Conditions page. Click the Install button to begin.

Screenshot of Terms by Sophos Home

6. Run the installation with the default settings. Please note that an internet connection is required in order to download important updates.

7. After finishing the installation, you must login to the dashboard. If you already have a Sophos account, please login. Otherwise, please enter your details and click on the Create Account button.

8. Once you are in the Sophos Home console, click the Scan button to start checking the computer for CornusMas components.

Screenshot of Sophos Home

9. Scanning may take a while; please wait for this process to finish.

10. After scanning the computer, Sophos Home will start cleaning or deleting files infected with CornusMas.

11. You may now close Sophos Home. The computer is now free from CornusMas, as well as associated malware and viruses.

The above procedures should have totally eliminated CornusMas browser hijacker. However, if you find that there are still remnants of the virus, please proceed to the next steps below.

Step 4 : Scan with AdwCleaner and Reset Chrome Policies

In addition to the procedure, we suggest scanning the computer with AdwCleaner tool. Possibly, there are some traces of CornusMas on the browser that was not deleted during the preceding steps. This tool will scan the computer and check for presence of malicious applications.

1. Follow the link below to download the tool called AdwCleaner.

2. When the download has completed, please close all running programs on the computer, especially browsers affected by CornusMas.

3. Browse the location of the downloaded file and double-click on adwcleaner.exe to start running the tool.

4. If Windows displays a prompt saying, "Do you want to allow this app to make changes to your device?" click Yes to proceed.

5. On the AdwCleaner dashboard, click on Settings.

Screenshot of AdwCleaner Policies

6. While in the Settings window, please turn On the Reset Chrome Policies and Reset IE Policies.

Screenshot of AdwCleaner Scanner

7. Go back to the Dashboard and click the Scan Now button.

8. AdwCleaner searches the computer for malicious programs, extensions, plug-ins, adware, and any items that may be associated with CornusMas.

9. Clean or Remove all suspicious and harmful items identified after the thorough scan.

10. After the cleanup procedure, rebooting the computer is required to finalize the removal of detected threats.

For Mac OS Users

Procedures to Remove CornusMas from Mac

This section contains comprehensive guide for Mac users. It will help you remove malicious browser hijacker from Google Chrome browser. Procedures on this page are written in a manner that can be easily understand and execute by Mac users.

Step 1 : Scan the Mac Computer with Combo Cleaner

Combo Cleaner is a trusted Mac utility application with complete antivirus and optimization features. It is useful in dealing with adware, malware, and PUP's. Moreover, it can get rid of malicious browser hijacker like CornusMas.

1. Download the tool from the following page:

2. Double-click the downloaded file and proceed with the installation.

3. In the opened window, drag and drop the Combo Cleaner icon onto your Applications folder icon.

4. Open your Launchpad and click on the Combo Cleaner icon.

5. Wait until antivirus downloads its latest virus definition updates and click on "Start Combo Scan" to start removing CornusMas.

Screenshot of Combo Cleaner Dashboard

Mac users may need to upgrade to the premium version in order to fully utilize the functions of anti-virus and privacy scanners.

If you are comfortable eliminating the threat and any harmful things associated with it manually, please proceed with the following removal instructions.

Step 2 : Delete Suspicious Google Chrome Extension on Mac

Most adware and unwanted programs use a program called a browser extension to take over the settings of internet applications. Therefore, we highly recommend checking and removing the extension that is closely related to CornusMas.

1. Open the Google Chrome browser.

2. Type or copy and paste the following in the address bar. Next, press Enter on the keyboard:

chrome://extensions

Screenshot of Chrome Address Bar

3. Find CornusMas or a relevant entry and remove it from Google Chrome.

If unable to remove CornusMas because browser is "Managed by your Organization", follow these steps:

1. Activate the Developer mode on Extensions window by using the slider.

2. Then, copy or take note of the browser Extension ID.

Screenshot of Malware Extension

3. Open Finder on your Mac and on top menu, click Go > Go to Folder and go the following directory:

~/Library/Application Support/Google/Chrome/Default/Extensions

Screenshot of Finder

4. Once you opened the directory, find the folder that matches the Extension ID and delete it.

5. Please restart your Google Chrome browser.

Aside from this straightforward workaround, we have a separate comprehensive guide to fix the Managed by Organization issue. You can also execute that guide if the steps on this page are not enough to delete CornusMas.

Step 3 : Delete CornusMas from Mac Applications

1. Go to Finder.

2. On the menu, click Go and then, select Applications from the list to open Applications Folder.

3. Find CornusMas or any unwanted program.

Screenshot of Deleting App

4. Drag CornusMas to Trash Bin to delete the application from Mac.

5. Next, go to the Dock, Right-click on Trash icon and click on Empty Trash.

Step 4 : Delete Malicious Files that have installed CornusMas

1. Go to your Finder. From the menu bar please select Go > Go to Folder....

2. Input the following string and press Enter on the keyboard

~/Library/LaunchAgents

Screenshot of Go To Folder

3. You will now see a hidden folder named LaunchAgents. Take note of the following files inside the folder:

  • com.CornusMas.plist
  • unknown.service.plist
  • unknown.system.plist
  • unknown.download.plist
  • unknown.update.plist

4. The term unknown is just a representation of the actual malware name. Attackers may use the following file names:

- CornusMas, (random characters).plist

If you cannot find the specified file, please look for any unfamiliar or suspicious entries. It may be the one causing CornusMas to be present on your Mac. Arranging all items to see the most latest ones may also help you identify recently installed unfamiliar files.

5. Please click on Show items as...

Screenshot of LaunhAgents Folder

6. To arrange the items in chronological order, click the Date Modified.

7. Drag all suspicious files that you may find to Trash.

Important: Take note of all the suspicious files as you may also delete the same item on another folder as we go on.

8. Please restart the Mac computer.

9. Open another folder using the same method as above. Copy and Paste the following string to easily locate the folder.

~/Library/Application Support

Screenshot of Go to Folder

10. Select any suspicious items that you have noted previously. Drag them to the Trash.

11. Repeat the process on the following non-hidden folders (without ~):

/Library/LaunchAgents
/Library/LaunchDaemons
/Library/Application Support

12. Lastly, go to your Finder > Go and open the Applications folder. Look for subfolders with the following names and drag them to Trash.

- CornusMas

Optional : For locked files that cannot be removed, do the following:

1. Go to Launchpad > Other folder, open the Activity Monitor.

2. Select the process you want to quit.

3. In the upper part of the window, click the Stop button.

Screenshot of Force Quit

4. Click on Force Quit button.

5. You may now delete or remove the locked file that belongs to CornusMas homepage hijacker.

Step 5 : Double-check with Malwarebytes for Mac

1. Download Malwarebytes for Mac from the link below.

2. Locate the downloaded Malwarebytes-Mac.pkg and install it with the default settings.

3. Run Malwarebytes for Mac. It will check for updates and download the most recent version if one is available. This is necessary for finding recent malware threats, including CornusMas.

4. Once you are on the Malwarebytes dashboard, please click on the Scan button to start scanning your Mac computer.

Screenshot of Malwarebytes Dashboard

5. After the scan, Malwarebytes for Mac will display a list of identified threats, and CornusMas is surely part of it. Be sure to select all items in the list. Then, click the Remove button to clean the computer.

Never forget: Remove CornusMas from Homepage and Search of Chrome

1. In the address bar of Google Chrome, type or copy and paste the following. Then, press Enter on the keyboard:

chrome://settings

Screenshot of Chrome Settings

2. Go to the left sidebar and click On Startup.

3. Select Open a specific page or set of pages in the right panel.

Screenshot of Chrome Startup

4. Locate the unwanted Homepage URL, click on More Actions icon (3-dot), and select Edit.

5. Enter the desired web address as your home page, replacing CornusMas. Click Save.

6. To set the default search engine, go to the sidebar and, this time, select Search Engine.

Screenshot of Default Search

7. Click on the Manage search engines and site search button in the right panel.

8. Find the unwanted Search Engine in the list. Click on More Actions icon (3-dot) and click Delete.

9. Go back to the left-side bar and click Search Engine.

Screenshot of Search Engine Address Bar

10. In the right panel, choose a valid entry from the Search engine used in the address bar.

You can now restart the Google Chrome browser to see if the unwanted homepage and search engine related to CornusMas are gone.

About the author

Leave a Comment

Your email address will not be published. Required fields are marked *