WSD2014

Q: How do I get rid of Genieo virus?

Guessing I managed to get this Genieo virus.  What do I do?

MacBook Pro with Retina display, OS X Mavericks (10.9.2)

Posted on Apr 15, 2014 7:40 PM

Close

Q: How do I get rid of Genieo virus?

  • All replies
  • Helpful answers

Page 1 Next
  • by Kappy,

    Kappy Kappy Apr 15, 2014 7:43 PM in response to WSD2014
    Level 10 (271,789 points)
    Desktops
    Apr 15, 2014 7:43 PM in response to WSD2014
  • by WSD2014,

    WSD2014 WSD2014 Apr 15, 2014 7:50 PM in response to Kappy
    Level 1 (0 points)
    Apr 15, 2014 7:50 PM in response to Kappy

    I will check it out.  Thanks!

  • by WSD2014,

    WSD2014 WSD2014 Apr 15, 2014 7:57 PM in response to WSD2014
    Level 1 (0 points)
    Apr 15, 2014 7:57 PM in response to WSD2014

    I have yet to locate any of those files in the finder and do not have the app icon (house).

    Thoughts?

  • by Kappy,

    Kappy Kappy Apr 15, 2014 8:05 PM in response to WSD2014
    Level 10 (271,789 points)
    Desktops
    Apr 15, 2014 8:05 PM in response to WSD2014

    You aren't following the instructions carefully.

  • by WSD2014,

    WSD2014 WSD2014 Apr 15, 2014 8:07 PM in response to Kappy
    Level 1 (0 points)
    Apr 15, 2014 8:07 PM in response to Kappy

    I assume looking over "locating files by paths" may have something to do with it. 

  • by Kappy,Helpful

    Kappy Kappy Apr 15, 2014 8:09 PM in response to WSD2014
    Level 10 (271,789 points)
    Desktops
    Apr 15, 2014 8:09 PM in response to WSD2014

    Yes, that's why the paths are provided.

  • by WSD2014,

    WSD2014 WSD2014 Apr 15, 2014 8:14 PM in response to Kappy
    Level 1 (0 points)
    Apr 15, 2014 8:14 PM in response to Kappy

    Ok, I followed the directions and nothing.  I will go over it yet again.

  • by clintonfrombirmingham,

    clintonfrombirmingham clintonfrombirmingham Apr 15, 2014 8:20 PM in response to WSD2014
    Level 7 (30,009 points)
    Mac OS X
    Apr 15, 2014 8:20 PM in response to WSD2014

    If you'll closely follow the instructions at The Safe Mac -> http://www.thesafemac.com/arg-genieo/ - and take each instruction step by step, you'll be rid of the malware. If there's anything you don't understand, just post a message here.

     

    Clinton

  • by Kappy,

    Kappy Kappy Apr 15, 2014 8:20 PM in response to WSD2014
    Level 10 (271,789 points)
    Desktops
    Apr 15, 2014 8:20 PM in response to WSD2014

    Linc Davis

    Re: Safari quit unexpectedly

     

    Feb 10, 2014 10:39 AM (in response to selimfromfort lauderdale)

    You installed the "Genieo" scam product. There is an uninstaller, but as the developer is not trustworthy, you shouldn't rely on it. I suggest the tedious procedure below to disable Genieo.

    Back up all data. You must know how to restore from a backup even if the system becomes unbootable. If you don't know that, stop here and ask for guidance.

     

    Quit the Genieo application, if it's running. Force quit if necessary.

    Triple-click anywhere in the line below on this page to select it:

     

    /etc/launchd.conf

     

    Right-click or control-click the line and select

    Services Reveal in Finder (or just Reveal)

     

    from the contextual menu.

    If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select

    Go Go to Folder...

    from the menu bar, paste into the box that opens (command-V). You won't see what you pasted because a line break is included. Press return.

     

    A folder may open with a file selected, or the file may be absent, in which case you'll get a message that it doesn't exist. If it does exist, it's a configuration file created or replaced by the Genieo installer. Any software installer that does this should be considered ipso facto malware. Move the file to the Trash. You'll be prompted for your administrator password.

    IMPORTANT: If the launchd.conf file exists, you must move it to the Trash it before continuing. Otherwise the systemwill become unbootable. In that case, restore from your backup and start over. That's how badly Genieo has sabotaged your system.

     

    Repeat with each of these lines:

     

     

    /Applications/Genieo.app

    /Applications/Uninstall Genieo.app

    /Library/Frameworks/GenieoExtra.framework

    /Library/LaunchAgents/com.genieo.engine.plist

    /Library/LaunchAgents/com.genieoinnovation.macextension.plist

    /Library/LaunchDaemons/com.genieoinnovation.macextension.client.plist

    /Library/PrivilegedHelperTools/com.genieoinnovation.macextension.client

    /usr/lib/libgenkit.dylib

    /usr/lib/libimckit.dylib

    /usr/lib/libimckitsa.dylib

     

    Again, some of these items may be absent, in which case you'll get a message that the file doesn't exist. Skip that item and go on to the next one.

    Reboot and empty the Trash. Don't try to empty the Trash until you have rebooted.

    Your web browser(s) should now function normally, and you should be able to reset the home page and search engine. If not, stop here and post your results.

    From the Safari menu bar, select

           

    Safari Preferences... Extensions

        

    Uninstall any extensions you don't know you need, including one called "Spigot" if it's present. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.

      

    The Genieo installer may also install the "Silverlight" web plugin from Microsoft. If you have no use for that plugin, you can remove it according to Microsoft's instructions. Don't remove it if you subscribe to "Netflix" or any other video-streaming service that uses it.

    This procedure may leave a few files behind, but it should deactivate Genieo. Make sure you don't repeat the mistake that led you to install it. Chances are you got it from one of the Internet's open sewers such as "Softonic" or "CNET Download." Never visit either of those sites again. You might also have downloaded it from an ad embedded in a page on some other site.

    Finally, be forewarned that when Genieo is mentioned on this site, the developer sometimes shows up under the name "Genieo support." If that happens, don't believe anything he says, but feel free to tell him what you think of his scam.

  • by Kappy,

    Kappy Kappy Apr 15, 2014 8:24 PM in response to clintonfrombirmingham
    Level 10 (271,789 points)
    Desktops
    Apr 15, 2014 8:24 PM in response to clintonfrombirmingham

    The provided instructions are all identical. It makes no difference which one is followed. So the carefully go step by step has already been stated.

  • by WSD2014,

    WSD2014 WSD2014 Apr 15, 2014 9:38 PM in response to Kappy
    Level 1 (0 points)
    Apr 15, 2014 9:38 PM in response to Kappy

    Maybe Genio is not what I actually have???

     

    This is one of the ads that pops up in the LH lower corner of the page.

    Screen Shot 2014-04-15 at 11.30.20 PM.png
    This is some that are on the same page typiclly where other site ads would be displayed.  Note the normal site ads are present when I open the page, but within 15 sec they are replaced with these.
    Screen Shot 2014-04-15 at 11.30.31 PM.png
  • by WSD2014,

    WSD2014 WSD2014 Apr 15, 2014 9:39 PM in response to WSD2014
    Level 1 (0 points)
    Apr 15, 2014 9:39 PM in response to WSD2014

    I may add I never have an issue with anything changing or popping up on FB.

  • by Linc Davis,Solvedanswer

    Linc Davis Linc Davis Apr 15, 2014 10:02 PM in response to WSD2014
    Level 10 (208,037 points)
    Applications
    Apr 15, 2014 10:02 PM in response to WSD2014

    That's not Genieo. You installed the "DownLite" trojan, perhaps under a different name. Remove it as follows.

     
    Malware is constantly changing to get around the defenses against it. The instructions in this comment are valid as of the date it was posted, as far as I know.They won't necessarily be valid in the future. Anyone finding this comment after a few days from now should look for more recent discussions or start a new one.

    Back up all data.

    Triple-click anywhere in the line below on this page to select it:

    /Library/Application Support/VSearch

    Right-click or control-click the line and select

    Services Reveal in Finder (or just Reveal)

    from the contextual menu.* A folder should open with an item named "VSearch" selected. Drag the selected item to the Trash. You may be prompted for your administrator login password.

    Repeat with each of these lines:

    /Library/LaunchAgents/com.vsearch.agent.plist
    /Library/LaunchDaemons/com.vsearch.daemon.plist
    /Library/LaunchDaemons/com.vsearch.helper.plist
    /Library/LaunchDaemons/Jack.plist
    /Library/PrivilegedHelperTools/Jack
    /System/Library/Frameworks/VSearch.framework

    Some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.

    Restart and empty the Trash. Don't try to empty the Trash until you have restarted.

    From the Safari menu bar, select

    Safari Preferences... Extensions

    Uninstall any extensions you don't know you need, including any that have the word "Spigot" in the description. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.

    This trojan is distributed on illegal websites that traffic in pirated movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect much worse to happen in the future.

    You may be wondering why you didn't get a warning from Gatekeeper about installing software from an unknown developer, as you should have. The reason is that the DownLite developer has a codesigning certificate issued by Apple, which causes Gatekeeper to give the installer a pass. Apple could revoke the certificate, but as of this writing, has not done so, even though it's aware of the problem. It must be said that this failure of oversight is inexcusable and has seriously compromised the value of Gatekeeper and the Developer ID program. You cannot rely on Gatekeeper alone to protect you from harmful software.

    *If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination  command-C. In the Finder, select

    Go Go to Folder...

    from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.

  • by WSD2014,

    WSD2014 WSD2014 Apr 15, 2014 10:20 PM in response to Linc Davis
    Level 1 (0 points)
    Apr 15, 2014 10:20 PM in response to Linc Davis

    I'm busted.  Linc Davis your input seems to have solved my issue.  I did in fact download and or start to a file off of a movie related website.  Honestly I truly know better but for some odd reason..............won't happen again. 

     

    My problem was not related to the Genieo issues I had been reading about.  For the record I chatted with apple tech twice and the first time was basic items, no mention of Genieo.  Couple days later I chatted again referencing my case number and illistrating pics and was informed to that it was Genieo.  They directed me to The Safe Mac. 

     

    So far so good and everything seems to be working very smoothly.  Many thanks for all the help!

Page 1 Next