What is Genieo and why did it appeared misteriosouly on my MacBook Pro?

Thomas A Reed wrote:

Especially when the engine you are recommending does not detect the software you're recommending it for.

here is a point where you missunderstood my advice to Hendrick ; i did NOT recommend the boot cd "especially and only" for Genieo, but for what Hendrick want to do : "immediately perform a full check of the mac to see if there is anything suspicious."

it is not my fault, Thomas, if when you read "anything suspicious" you understand "Genieo" 😉

neither if you don't see any advantage in performing a full check on an OS you are not running at the same time ................

My statements about the uselessness of using a Linux CD to scan your Mac for malware are not specific to Genieo. If you need to scan your Mac for any kind of malware for some reason, that is not a useful way of doing it, since there is no malware that cannot be detected by a live scan (assuming the engine you're using actually recognizes the malware in question). Further, the ClamAV engine is not the best one to use.

Besides which, any recommendation in this topic ought to apply to Genieo specifically.

all my apologies Mr IKnowEveryThing ...

if i undestand your words and your statements (that only talk about malware), then you are certain that Genieo does NOT contain any virus ? and can only be a malware ("at worse and nothing worse") ?

whaoooo, don't know how you made the challenge, but all my great congratulations !!!!!!! you have solved the first question of the topic -> What is Genieo ? a malware, of course ! evrybody except me knows that !

further (like you said ...) i think that opinon about AV efficacity is just like nose -> everyone has its own ...

further and finnally thanks to you, the topic can be marked as "resolved", and this sterile discussion can end ...

I don't understand a lot of what you're saying, and don't really think that the attitude is appropriate. I have actually played around with Genieo, back around the time this topic started, and there's no malware involved other than Genieo itself (which sounds like it may have crossed the line into malware itself). I have also tested a large number of Mac anti-virus programs, so I do have more than just another opinion on that topic. You may want to read:

http://www.thesafemac.com/mac-anti-virus-testing-01-2013/

Hello, I have to first admit that I am a philistine when it comes to understanding my computer technically, but I am wondering if someone can help me. I was wanting to download a script in PDF, it was indicated that I had to install Genieo to achieve this... so I did. I didn’t end up being able to achieve downloading the PDF but ended up with Genieo presenting itself on my desktop. I decided to uninstall it. Here’s where I feel really naive, I just dragged the icon from the applications folder and trashed it and also the install icon I found in the applications folder. I then ran Disk Utilities to clean up my mess. I had this result

Can anybody tell me what I do about this?

I too had Genieo on my iMac running OS X 10.08.3. I use a freeware program named AppCleaner.app, which is a drag and drop delete program that seems to work very well. It will uninstall the main culprit and associated sub files by dragging the unwanted application to a "bullseye" and then hitting the delete button when the files pop up on your screen. No more Genieo on my iMac, took about thirty seconds to delete.

I just went a couple of rounds with Genieo too and it definitely 'hijacked' me. I was streaming msnbc through the WWHD Boston tv website and it started popping up saying I couldn't keep watching unless I updated Flash. I hit ok, got the Genieo dmg, then the installer - at that point I could no longer choose to quit it and it changed my homepage to Genieo. It opens on startup without showing up as a startup app and there appears to be no way to quit it except through Activity Monitor - and it won't stay quit. I finally used CleanMyMac which seems to have worked fine. We'll see.

MaryArias wrote:

Genieo is a computer virus, or malware according to Malwarebytes Anti-Malwar PRO.

I think most users would consider it to be a Potentially Unwanted Application in that they chose to install it without fully understanding what it was.

http://botcrawl.com/how-to-remove-the-genieo-virus/

botcrawl.com has as bad a reputation as genieo does according to WOT.

I suppose the instructions you posted will work, but IMHO the uninstaller provided appears to work perfectly and is much easier to accomplish. It is still necessary to go into each browser and change the "home page" settings, with either approach.

Note that this conversation has been going on for over five months now.

"That's the first I've heard of such behavior. Can you provide additional information about where/how you learned this?"

A few minutes ago, I had a window that appeared to be a Flash update notice.

I actually *read* the text in the window, and noticed that the description of the update was really vague. "Better performance", that sort of thing.

There was a "Update Details" link. I clicked it. installgenieo.dmg was downloaded. (I didn't install)

I'm not surprised that some bottomfeeder is doing this. It was pretty much inevitable, given how frequently Flash asks you to update, that some cretins would pretend to be Flash.

Amusing that Genieo people troll around forums like this, issuing denials. Scum.

"I think most users would consider it to be a Potentially Unwanted Application in that they chose to install it without fully understanding what it was."

It's a trojan, in that it tries to pass itself off as a Flash update. Some people won't notice anything wrong about a Flash update called "installgenieo.dmg" - maybe they'd think Adobe changed the name or something.

Jonathan Hendry wrote:

It's a trojan, in that it tries to pass itself off as a Flash update. Some people won't notice anything wrong about a Flash update called "installgenieo.dmg" - maybe they'd think Adobe changed the name or something.

First off, thank you for posting your description of all you observed on this. It's the clearest one I've seen posted anywhere.

You are certainly entitled to your opinion on this, but it doesn't seem to be shared by any of the A-V community. There seems to be no sign of it having been submitted to a site such as VirusTotal and there have been no blog write-ups or definitions posted that I can find that label this as any soft of malware. From what you have told us it would seem as if the only thing wrong here is that Genieo or a 3rd party hired by them is engaged in sleazy advertisement. The clearest example of this was when you went to a fake ClamXav or ProtectMac site and if you were convinced it some something you wanted you would click on a big green "Download" button and receive MacKeeper, instead. Although many in this Forum labeled that malware, it never held up as anything but crash advertisement.

Had the downloaded file, the installer icon on the mounted image file or the Installer app itself said or appeared to have anything to do with "Flash" then you would be well within your rights to label it as malware and probably a Trojan.

There is a precedent to labeling some forms of "adware" as malware. One such example is OSX/FkCodec-A which I stumbled across thanks to some users here and submitted to VirusTotal several months before it was finally labeled malware. In this case you were told you needed to download a Codec to view certain videos. In the process the name changed from Codec-A to Codec-V and the download was Codec-M, but all it did was change your default search site (sound familiar?). Interestingly, they too provided an uninstaller on the .dmg. Oh, and you still weren't able to view those videos after you installed the "Codec."

In the future, if you really feel that strongly about it, I would encourage you to submit that file to VirusTotal to let the community have a look at it.

Hi Thomas - I can add some informaion to the mystery as well. Yesterday, I was browsing wowhead.com, a data reference site for World of Warcraft which is well known and respected and I've never heard of anyhing shady originating from them, so I thought nothing of it when suddenly the page I was on had a message float across it stating that my copy of Adobe Flash must be updated in order to view the content on the page. There are often flash-based video ads in the margins, so this did not arrouse my suspicion, that plus the fact that Flash seems to update once a week anyway.

A few strange things occured though that tipped me off that this was not genuine. First, there were several link buttons on this little floater, such as Flash Players alleged home page, one saying "Best version for your sysem" and just a simple "Download Now", and all 3 linked to downloading a file named "InstallGenio.dmg", ~700k file.

Obviously, this is not a Flash Player installer, and I stayed the **** away from it. So it seems to be getting on to people's compuers insidiously, masquerading as Flash Player. This was my experience, anyway, and I emailed the admin of the WoWhead site to make sure they are aware that it is getting out through their site, as I expeced they were probably clueless as it likely hitched a ride in on one of their advertisers pieces of content displayed on the wowhead user pages.

Based on all the stories here, I'd imagine this thing is running rampant or at least near full on rampant all over the web due to the many different sources people obtained it from. Everyone had better sound the alarm and let their less savy and observant friends NOT to accept any Flash Player updates unless it's from Adobe's webpage itself, for now at least.

I just got a message telling me I needed to download Flash Player. It struck me as unusual, since I just recently downloaded a Flash Player update. When I attempted the download, I found an "Install Genieo" instead of a new Flash Player. I trashed it since I didn't know what it was. Seems phishy to me!

cobushmaster wrote:

I just got a message telling me I needed to download Flash Player.

So the first thing you need to ask yourself is, where is this message coming from. In this case it was almost certainly an advertisement you saw in your browser. These need to be almost universally ignored, but if you have any doubts go to either System Preferences->Flash Player and in the Updates section hit the "Check Now" button or go to http://www.adobe.com/software/flash/about/ and find out what version you have and the version you need.

When I attempted the download, I found an "Install Genieo" instead of a new Flash Player.

Lesson 2, never click the download link unless you are on the get.adobe.com web site or from System Preferences, if they ever fix it.

I kept getting flagged by an adobe flash update stating "i need to update to view this website" but it was a site ive used before and never had a problem and I would just close the pop up and go on abck to what I was doing with no problems. So I finally decided to go and download the update so the pop up would leave me alone and instead of adobe appearing it was the genieo zip. I closed before i actually downloaded the application or whatever it really is, but im just giving my two cents saying that it has been masked by other downloads of something actually significant, so that could be how it has been appearing on people's docks