lrmcvan

Q: How to remove osx.trojan.geneio-1

my macbook is infected with osx.trojan.geneio-1. It won't let safari run. ClamXav anti-virus found it and quarantined it, but machine still infected. How to remove this virus?

Posted on Feb 4, 2015 6:46 AM

Close

Q: How to remove osx.trojan.geneio-1

  • All replies
  • Helpful answers

Page 1 Next
  • by my ginger,Solvedanswer

    my ginger my ginger Feb 4, 2015 9:51 AM in response to lrmcvan
    Level 4 (2,472 points)
    Feb 4, 2015 9:51 AM in response to lrmcvan

    Hi Irmcvan. Clamxav does not get rid of al the file for this adware virus. One that I know does is Adware medic. but you need to be running 10.7 or higher to use it. You do not say what your operating system is so I will give you the link for adware medic.  http://www.adwaremedic.com/index.php   If you have to remove it manually,here is that link.   http://www.wikihow.com/Delete-Genieo

  • by lrmcvan,

    lrmcvan lrmcvan Feb 4, 2015 10:15 AM in response to my ginger
    Level 1 (0 points)
    Feb 4, 2015 10:15 AM in response to my ginger

    Thanks!

    i was a little hesitant to run an unknown program to clean up an unknown problem. Seems to have worked perfectly. Thanks again.

    Will have to make a donation to the program writers web site.

  • by my ginger,

    my ginger my ginger Feb 4, 2015 10:33 AM in response to lrmcvan
    Level 4 (2,472 points)
    Feb 4, 2015 10:33 AM in response to lrmcvan

    Yes . he is a contributor on this site.

  • by lrmcvan,

    lrmcvan lrmcvan Feb 4, 2015 10:51 AM in response to my ginger
    Level 1 (0 points)
    Feb 4, 2015 10:51 AM in response to my ginger

    Well it looks as though I was a little premature on that assessment. Safari still not working correctly. Unable to get to Preferences to change home page. Pop-up screens still popping up. Appears as though AdawareMedic did not even run, although it displayed scan complete - no adware found screen. Let me take another look.

  • by my ginger,

    my ginger my ginger Feb 4, 2015 11:39 AM in response to lrmcvan
    Level 4 (2,472 points)
    Feb 4, 2015 11:39 AM in response to lrmcvan

    Hi Irmcvan.  I was going to tell you to delete the files that clamx quarantined, but you would need to go into the quarantined file to make sure that they are only the files for geneio. That other link I gave you shows the files that are part of this virus. You should write them down. As to safari. Are you saying that you cannot open safari preferences at all?  Can you click safari upper left and click reset? And then try to use the preferences.You maystill have something in the extensions that is causing the popups.

  • by lrmcvan,

    lrmcvan lrmcvan Feb 4, 2015 11:59 AM in response to my ginger
    Level 1 (0 points)
    Feb 4, 2015 11:59 AM in response to my ginger

    Well thanks for your support here! This looks bad!

     

     

    Yes I am unable to access Preferences or Extensions in Safari - greyed out.

    Reset also greyed out.

    Unable to take Snapshot or Scan in AdwareMedic - greyed out.

    Running OS 10.7 on 13" macbook circa 2007.

    Pop up in Safari directs me to www.geek-techies.com, but cannot go to ANY website in Safari. Cannot close the popup.

    Looked in Applications for Geneio but its not listed, nor are  any other related apps that AdwareMedic suggests I check (MPlayer, LightSpark etc.)

    Do I have a more potent version of Genieo?

     

    Will look over procedures for manually removing this malware.

     

    How can I notify the author of the AdwareMedic app of this situation?

  • by my ginger,Helpful

    my ginger my ginger Feb 4, 2015 12:33 PM in response to lrmcvan
    Level 4 (2,472 points)
    Feb 4, 2015 12:33 PM in response to lrmcvan

    I think clamx grabbed some things out of safari it shouldn't have and and Quarantined them Did you look in the clamx quarantine file to see. In you home folder /library /preferences delete safari plist and try safari again. If still the same ,go and click on safari/about safari and take note of the version. Go to apple/support/ downloads/browse by product and inter into the search the  safari version you have and download and then reinstall it. When you get to the support page the download and update link is down at the bottom.

  • by thomas_r.,

    thomas_r. thomas_r. Feb 4, 2015 2:13 PM in response to lrmcvan
    Level 7 (30,924 points)
    Mac OS X
    Feb 4, 2015 2:13 PM in response to lrmcvan

    lrmcvan wrote:

     

    Unable to take Snapshot or Scan in AdwareMedic - greyed out.

     

    I'm the author of AdwareMedic. Are you getting any kinds of error messages in AdwareMedic, or are all its menus and the buttons in its main window simply grayed out and unresponsive?

     

    It sounds like you were able to run a scan earlier and it reported that no adware was found. Any files that ClamXav quarantined would not be detected, because they have been removed.

  • by lrmcvan,Helpful

    lrmcvan lrmcvan Feb 4, 2015 5:11 PM in response to thomas_r.
    Level 1 (0 points)
    Feb 4, 2015 5:11 PM in response to thomas_r.

    downloaded and ran your AdwareMedic, but did not see any change in behavior of Safari. home page still changed, Unable to delete popup or access menu items.  Thought the Adware Medic was unsuccessful. Tried to run it again, and yes, the Scan and Snapshot menu options were greyed out. I'm thinking this is getting worse. But then I noticed a pop up window in Safari mentioned geek.techies.com

    googling that led me to this site

    https://sites.google.com/site/appleclubfhs/support/advice-and-articles/browser-p opup-hijack-safari

    Realized I had two problems.The  osx.trojan.genieo-1 was removed by your software, but now I had something else hijacking Safari.

     

    removed two files, and was then able to reset safari and manually change homepage.

    Did another scan with AdwareMedic and things look good.

    Popups seem to be gone. Safari runs normally, but I wonder if I got it all or not.

     

    Thank you so much for your concern and the AdwareMedic program.

  • by lrmcvan,

    lrmcvan lrmcvan Feb 4, 2015 5:17 PM in response to my ginger
    Level 1 (0 points)
    Feb 4, 2015 5:17 PM in response to my ginger

    your advice was good and correct, but it took me a little longer to realize it! Thanks.

  • by my ginger,

    my ginger my ginger Feb 4, 2015 5:42 PM in response to lrmcvan
    Level 4 (2,472 points)
    Feb 4, 2015 5:42 PM in response to lrmcvan

    Good to hear! That other popup was not exactly adware. but the option I gave for deleting safari plist worked so we didn't need to try anything else. I was wrong about clamx doing something to safari.

  • by Genieo_support,

    Genieo_support Feb 5, 2015 12:43 AM in response to lrmcvan
    Level 1 (0 points)
    Feb 5, 2015 12:43 AM in response to lrmcvan

    Hello lrmcvan,

     

    When you tried to open Safari, what error did you get that prevented you from opening Safari?

  • by thomas_r.,

    thomas_r. thomas_r. Feb 5, 2015 3:14 AM in response to Genieo_support
    Level 7 (30,924 points)
    Mac OS X
    Feb 5, 2015 3:14 AM in response to Genieo_support

    Genieo_support wrote:

     

    Hello lrmcvan,

     

    When you tried to open Safari, what error did you get that prevented you from opening Safari?

     

    You should be aware that the above message was posted by the very people responsible for creating the Genieo adware.

  • by Winston Churchill,

    Winston Churchill Winston Churchill Feb 5, 2015 7:13 AM in response to lrmcvan
    Level 10 (104,081 points)
    Apple TV
    Feb 5, 2015 7:13 AM in response to lrmcvan

    Please don't follow the advice given by Genieo_Support, Thomas r is quite correct Genieo is adware, these people simply want to infect your system.

Page 1 Next