andyBall_uk
Level 7 (20,495 points)

Q: Don't use the installmac uninstaller : it adds hidden software.

It's been known for some time, that the installmac adware uninstaller doesn't work, and leaves software behind. I hadn't known for sure that it actually adds new genieo software if you didn't already have it.

 

Taking a completely new install of OS X 10.8.5 Mountain Lion that had never had any extra software added, I ran the uninstaller downloaded directly from installmac at ...installmac.com/downloads/Uninstaller.dmg.

 

Screen Shot 2014-02-16 at 14.22.42.png

 

Things start as expected

 

Screen Shot 2014-02-16 at 14.22.52.png

 

but right after asking if the browser homepage & search should be reset, we see this request...

It must be legit, surely ?.

 

Screen Shot 2014-02-16 at 14.23.01.png

 

Screen Shot 2014-02-16 at 14.23.43.png

 

Well, that's a relief

 

The uninstaller then quits, and you might think that all was well.

But look, there's a new process running, named Application :

 

Screen Shot 2014-02-16 at 14.24.29.png

 

We should see what it is, right ?

 

Screen Shot 2014-02-16 at 14.24.39.png

 

Note that it is using files from /Library/Frameworks/GenieoExtra.Framework

which most certainly is not part of OS X and did not exist prior to running the uninstaller.

 

 

There's more, of course :

 

 

Screen Shot 2014-02-16 at 14.27.26.png

 

Screen Shot 2014-02-16 at 14.36.17.png

 

 

So, using the installmac uninstaller on a new install of OS X has added these items :

 

/Library/Frameworks/GenieoExtra.Framework

/Library/PrivilegedHelperTools/com.genieoinnovation.macextension.client

/Library/LaunchAgents/com.genieoinnovation.macextension.plist

/Library/LaunchDaemons/com.genieoinnovation.macextension.client.plist

 

No doubt, the genieo/installmac person will be along to say that these are harmless... just like their other software.

 

Next time : the genieo uninstaller.

Posted on Feb 16, 2014 8:11 AM

by ultrarunner5,Solvedanswer
ultrarunner5 ultrarunner5
Level 1 (10 points)
A:

How do I delete them?

 

These:

/Library/Frameworks/GenieoExtra.Framework

/Library/PrivilegedHelperTools/com.genieoinnovation.macextension.client

/Library/LaunchAgents/com.genieoinnovation.macextension.plist

/Library/LaunchDaemons/com.genieoinnovation.macextension.client.plist

Posted on Apr 22, 2014 12:29 PM

Close
andyBall_uk

Q: Don't use the installmac uninstaller : it adds hidden software.

  • All replies
  • Helpful answers

  • by andyBall_uk,

    andyBall_uk andyBall_uk Feb 16, 2014 9:15 AM in response to andyBall_uk
    Level 7 (20,495 points)
    Feb 16, 2014 9:15 AM in response to andyBall_uk

    The current genieo adware uninstaller seems rather less flawed than the installmac one. Whcih isn't to say that it works : just that it doesn't add anything that wasn't already there from installing in the first place.

     

    It does still leave software behind : these at the least

     

    /Library/PrivilegedHelperTools/com.genieoinnovation.macextension.client

    /Library/LaunchDaemons/com.genieoinnovation.macextension.client.plist

    ~/Library/Safari/Extensions/Omnibar.safariextz

     

     

    On earlier or different installs, it's possible that even more would remain after running the uninstaller.

  • by thomas_r.,

    thomas_r. thomas_r. Feb 16, 2014 1:35 PM in response to andyBall_uk
    Level 7 (30,924 points)
    Mac OS X
    Feb 16, 2014 1:35 PM in response to andyBall_uk

    This is quite interesting! I needed to do some more testing with a new Genieo and GoPhoto.it installer that is going around... I'll have to do some playing with this as well. I would never have imagined that the uninstaller would actually install something!

     

    Do you mind if I repeat these findings in an article on my blog? (Appropriately accredited, of course.) I'd like to document this for the security community, and have a number of security folks following. This might help to increase detection of Genieo aka InstallMac as a PUA, at the very least.

  • by andyBall_uk,

    andyBall_uk andyBall_uk Feb 16, 2014 1:44 PM in response to thomas_r.
    Level 7 (20,495 points)
    Feb 16, 2014 1:44 PM in response to thomas_r.

    >>Do you mind if I repeat these findings in an article on my blog?

     

    Of course, feel free. It'll be interesting to see if you find the same thing.

  • by thomas_r.,

    thomas_r. thomas_r. Feb 16, 2014 3:25 PM in response to andyBall_uk
    Level 7 (30,924 points)
    Mac OS X
    Feb 16, 2014 3:25 PM in response to andyBall_uk

    I did indeed find the same thing. I also ran a couple different Genieo uninstallers, including the uninstaller that comes with the new one currently going around, with the name Mac_Installer, that installs both Genieo and GoPhoto.it. None of those uninstallers installed anything.

     

    One interesting observation... if you look at the interface for the Genieo installer, downloaded from the Genieo site, it now displays a "progress indicator" of sorts that looksl ike a spinning InstallMac logo. So, despite the difference in behavior, I think we can rule out any claims the Genieo folks might make about InstallMac being just a "partner," whose behavior has no bearing on Genieo. Their ties would seem to go deeper than that.

  • by andyBall_uk,

    andyBall_uk andyBall_uk Feb 16, 2014 5:27 PM in response to thomas_r.
    Level 7 (20,495 points)
    Feb 16, 2014 5:27 PM in response to thomas_r.

    The company is a part of Genieo Innovation (2008) Ltd. a privately backed company based in Israel.

     

    About us > InstallMac

     

    You saw where a marketing guy who said he acted for them also worked for the baylon toolbar lot ?.

  • by thomas_r.,Helpful

    thomas_r. thomas_r. Feb 16, 2014 7:30 PM in response to andyBall_uk
    Level 7 (30,924 points)
    Mac OS X
    Feb 16, 2014 7:30 PM in response to andyBall_uk

    I just posted my write-up here:

     

    InstallMac uninstaller antics

     

    My site's having some sporadic problems with unresponsiveness at the moment, though, so if you can't load the page, try again later.

  • by ultrarunner5,Solvedanswer

    ultrarunner5 ultrarunner5 Apr 22, 2014 12:29 PM in response to andyBall_uk
    Level 1 (10 points)
    Apr 22, 2014 12:29 PM in response to andyBall_uk

    How do I delete them?

     

    These:

    /Library/Frameworks/GenieoExtra.Framework

    /Library/PrivilegedHelperTools/com.genieoinnovation.macextension.client

    /Library/LaunchAgents/com.genieoinnovation.macextension.plist

    /Library/LaunchDaemons/com.genieoinnovation.macextension.client.plist

  • by ~Bee,Helpful

    ~Bee ~Bee Apr 22, 2014 4:05 PM in response to andyBall_uk
    Level 7 (31,787 points)
    Mac OS X
    Apr 22, 2014 4:05 PM in response to andyBall_uk

    andy & thomas:

     

    Your dedication to thoroughly testing opotential dangers to Mac users is just tremendous!  Thank you both for all your good work!