What is Genieo and why did it appeared misteriosouly on my MacBook Pro?

americagirl7 wrote:

This application downloaded itself while I was downloading another app

Yes, so to better understand what happened and how to avoid it in the future read John Galt's How to install adware.

I got it too. It was bundled to the video swiss army knife VLC (which I needed because Quicktime wouldn't play a specific video).

VLC is something I've used for years on various machines, but this is a new MBP so I needed to download the program. The first link on this morning's google search for VLC is the following:

http://vlc-media-player.macsoftware.com/download/file/id/1225260/os/mac/?lp=adwo rds&tg=us&kw=Vlc+mac&mt=e&ad=52633284779&pl=&ds=s&uid=141130552978639fbbf0529ff9 e7dc7e9bf336214a&_ga=2127728944.1411301953&gclid=CLvi_OSy8sACFa5cMgodTT0AJQ

Check it out. There IS a mention of Geneio on that page, but if you don't look too closely, it's pretty easy to miss. I didn't see it and proceeded to download what I thought was just VLC. When my Safari home page was changed to Geneio, I pretty much freaked.

I've see the debate elsewhere as to weather or not this is malware, and by the letter of the definition, it might not be. But this practice is absolutely despicable. It makes me sick.

This Adware attack a and it happened to me a month or so ago with a VLC link. My Browsers were affected and I was helped by Thomas Reeds http://www.adwaremedic.com/index.php

I used this app and got rid of genio, superfish, googleapis and others Good Luck P.S. The LINK you supplied automatically will download VLC and Its attatchment if not deleted so thanks for the heads up Also another Genio removal link----http://www.thesafemac.com/arg-genieo/

Jashue67 wrote:

I got it too. It was bundled to the video swiss army knife VLC (which I needed because Quicktime wouldn't play a specific video).

VLC is something I've used for years on various machines, but this is a new MBP so I needed to download the program. The first link on this morning's google search for VLC is the following:

http://vlc-media-player.macsoftware.com/download/file/id/1225260/os/mac/?lp=adwo rds&tg=us&kw=Vlc+mac&mt=e&ad=52633284779&pl=&ds=s&uid=141130552978639fbbf0529ff 9 e7dc7e9bf336214a&_ga=2127728944.1411301953&gclid=CLvi_OSy8sACFa5cMgodTT0AJQ

Check it out. There IS a mention of Geneio on that page, but if you don't look too closely, it's pretty easy to miss. I didn't see it and proceeded to download what I thought was just VLC. When my Safari home page was changed to Geneio, I pretty much freaked.

I've see the debate elsewhere as to weather or not this is malware, and by the letter of the definition, it might not be. But this practice is absolutely despicable. It makes me sick.

Then stop using crap sites to download from. VLC isn't malware, but you chose a 3rd party service to bundle malware with it.

What is wrong with using VLC's own site? VideoLAN - Official page for VLC media player, the Open ...

1st hit in Google.

Well, OBVIOUSLY I know VLC isn't malware. And yes I should have been more careful about the site from which I downloaded the program. My first hit on Google:

I guess I should have been tipped off by that nasty little "Ad" icon, but I hadn't yet finished my first cup of coffee and I suppose I was in too much of a rush.

None of this however, excuses Geneio and their partners. I had Geneio off my computer is a matter of minutes (reset my homepage. deleted the program, the Safari extension, and all cookies associated with this "service"). If this happened to my mom or dad who are elderly and not terribly computer literate? Forget about it! They wouldn't have had a clue about what to do.

Oh I am not excusing Genio, or the sites that take their money to 'bundle' Genio and similar products with otherwise good applications.

But It does mean that we have to be more careful what we say yes to unfortunately.

Genieo is Malware, just as invasive as anything out there

jaymefromsalt lake wrote:

Genieo is Malware, just as invasive as anything out there

Perhaps you can convince Apple Security that their Apple Developer ID should be revoked, then. Neither Thomas nor I have been able to so far.

Thomas, Symantec is really focusing on Genieo these days and they do label it as a "virus". The software does seem to be rather ubiquitous; I've seen it on a Macbook, an iMac and at least one Mac Pro. Are you still in favor of this stealth software?

GGATCC wrote:

Thomas, Symantec is really focusing on Genieo these days and they do label it as a "virus"....Are you still in favor of this stealth software?

Not sure where you are seeing this. All the references I see on the Symantec site refer to it as Potentially Unwanted App (PUA). That's about the lowest rating you can get.

Sorry, but I don't read anything in Thomas' explanation that would indicate he is in favor of this software. Several of us appealed to Apple when it first appeared to revoke Genieo's Apple DeveloperID, but so far they have not chosen to take such action. If Apple doesn't consider it to be malware, then who are we to make such a call?

If you are asking if users should be more careful in where they obtain downloads and what is being installed, I'd have to say absolutely. That's the only way users can control their environment. It's really up to the OS to protect us from stupidity. An educated user is a safe user.

For more ideas along these lines see John Galt's How to install adware.

My Symantec software identified Genieo as a Trojan Horse and as a virus. It picked up 15 files and actually quarantined Genieo. I would claim to be a pretty cautious Mac user and the thing about Genieo that ****** me off is that it seems to have come with something else e.g. it was carried inside some other "Trojan Horse". Genieo's website sounds like they're all about setting up useful and functional home pages. I'd just prefer to have some input before something gets added to my Mac. Even one of their graphics was id'd as suspicious - libimckit.dylib.png.

I'm not sure Genieo was actually running in any browser. I've actually asked a local eNewspaper if they include Genieo to beef up their ad revenue.

For now, I've fixed the problem with Symantec endpoint protection and will continue to be vigilant about what gets downloaded.

GGATCC wrote:

the thing about Genieo that ****** me off is that it seems to have come with something else e.g. it was carried inside some other "Trojan Horse"....I'd just prefer to have some input before something gets added to my Mac.

Sorry, I though you might have read through enough of this discussion or the John Galt paper to know that the majority of such infections come along with the installer for legitimate third party software from either C|Net's download[dot]com or Softpedia. During the installation process, one of the dialogs tells you in the fine print that Genieo will be installed unless you uncheck a box. There was at least one instance of a fake FlashPlayer installer that apparently did not give any warning and Genieo cancelled said that it cancelled it's relationship with that party. If you ever do discover the source of your infection and it did not give you the opportunity to opt-out, be sure to let somebody know.

GGATCC wrote:

Are you still in favor of this stealth software?

I've never been "in favor" of Genieo... I just wasn't ready to call it malware back in 2012, when this topic got started. At that time, Genieo was still fairly new and unknown. There was little sign at the time that it would become the problem that it is today.

Today, Genieo is one of the worst adware programs out there for the Mac, and arguably the most difficult to remove.

Thank you, I think we're getting down to the brass tacks in this thread. Symantec identified a whole series of files it considers suspicious. My tendency is to go surgically remove those files rather that go back to the source and download Genieo's own uninstaller. That sounds too much like the fox watching the hen house. And I don't have the chops to evaluate their download.

I also suspect Google + as the source of this type of thing. It is about as invasive as anything in terms of adware. Even if it's not malware, I can't say that I have any non malevolent feelings about it.

But I see that the battle has just begun. While writing the last post, Symantec quarantined another batch of files.