What is Genieo and why did it appeared misteriosouly on my MacBook Pro?

BZ-LA wrote:

Did you check out the process I outlined near the beginning of this discussion?

I know that I did and you mentioned "I do not know if this will remove all Genieo files". I can report from my testing that it leave a number of files behind that have been tucked into various Library directories. Running the supplied uninstaller seemed to have taken care of all of them, including the preference file.

The web site above also includes instructions for fixing the search provider in Safari, as well as fixing Chrome and Firefox browsers, if users also have those.

Dante, use the uninstaller.

If anything, this says how good apps for OSX generally are. Most people arent even aware of the existance of uninstallers.

Also, read the thread. I think you'll find that your reasoning was used by another member and we had a little talk about it.

Finally, where did you get Genieo from, we literally had Genieo support on the thread a few pages back and they claimed to have taken down the website that it came from.. is it still masquerading, and could you tell us where?

Hi Dante,

Can you please let us know what did you download and from where so that we can trace it from this end?

We are sorry to hear that you want to uninstall Genieo.

Genieo is a personalized newspaper - style home page. It has the power of bringing you the news you want, from your favorite sources and offers many unique features that can enrich your browsing experience and keep you up to date with interesting articles and item in your topics of interest.

Genieo is 100% free, it’s totally private and requires zero managements.

Should you decide to remove, please visit our FAQ page http://www.genieo.com/faq#uninstall

And simply follow the instructions.

Once you are done, you can go to your browser settings and change the default homepage and search to match your decision.

Chrome: http://support.google.com/chrome/bin/answer.py?hl=en&answer=95421&topic=1735105& ctx=topic

IE: http://support.microsoft.com/kb/252464

FF: http://www.wikihow.com/Change-your-Start-Page-on-Mozilla-Firefox

Safari: http://browsers.about.com/od/safar1/ss/safarihomepage_3.htm

You have provided 2 different web sites.

The top one, zomebo, is downloading a flash player exe file so what ever you get from it will not work on mac.

Feel free to contact them for explanations.

The second one is saying that what you wanted does not work on your OS and suggest that you may be interested in downloading Genieo.

If you do and you download it, than its your prerogative, please do not blame others for your actions (regardless of what the product does or does not do)

If you do not download it, no harm done.

you couldn't follow the connection between the two sites... ?

so : site A falsely says Flashplayer isn't working, and links to site B which would have tried to palm off a dodgy 'flv player' but instead suggests the equally useful Genieo, since the particular flv player is PC only.

Genieo doesn't so much change the default browser search page, as hijack whichever one you choose to their own, even when Genieo app isn't running. Like Zeobit & Mackeeper, the only good thing is that the uninstaller removes it, bar a few inactive files. Given the links to known malware in their installer, & doubtful associations - I'd not trust any claims to protect personal information.

and while you're here - Thomas's question about the links to malware... any response ?.

I'm not seeing that first site redirect to anything Genieo-related this morning. It redirects through a chain of sites that ends up downloading a .exe file that I would guess is likely to be malicious.

As for the answer to my question, it was posted in a comment on my blog, and was rather unsatisfying:

"I can give you a full explanation on how and why its (disabled) in Genieo code.

Instead, we have removed it completely from our code and as we release new updates it will be deleted from all Genieo client out there (and will not be in new ones)."

I'm assuming the "can" was supposed to say "can't" as no full explanation was forthcoming. Removing the code to install malware after getting caught in the act is not a substitute for explaining why it was there in the first place.

Sorry I tryed several times and did not get from site A to site B.

But even if you are correct than the second one is saying very clearly that you are going to download Genieo if you click on the "Install".

There is no misleading information in the 2nd site

>>Removing the code to install malware after getting caught in the act is not a substitute for explaining why it was there in the first place.

Indeed - like being rumbled with jemmy & fraudulent id, then saying it's not in my bag now. Not necessarily guilty, but very suspicious.

Thomas,

I do not think that we need to explain every business decision we make.

If you examined the code you can see that the codec-m option is disabled in the code.

We did not give it any thought as we did not recognise it as a malwere.

Since there is a claim that this is a malwere and since we do not use it we decided to simply remove it.

The next Genieo update will not include it anymore.

I do not think that we need to explain every business decision we make.

Indeed, it is your right not to explain. There are consequences to your reputation that will come along with such a refusal, of course, but that's your call to make.

Somehow i downloaded this Genieo stuff, was not installed thankfully, don't really remember how i downloaded it, but today as i was running virrubarrier it was detected as a virus, went directly to quarantine and then was deleted from the disk. So as far as i am concerned this is a virus, this is not any kind of software, just a malicious virus

Yup, both Intego and Dr. Web added this to their definitions after my first blog post on the topic (Genieo adware downloaded through fake Flash updates) alerted them to the issue.

http://www.intego.com/mac-security-blog/another-problematic-softonic-installer-b rings-adware/

Sophos classified it as a PUA (potentially unwanted application) instead.

Personally, I think Sophos got it right, based on previous classification actions, which admittedly aren't terribly consistent. I'm sure there are a handful of users who appreciate the service Genieo provides and it's not that much different from what other ISP's have provided for years (AOL, Yahoo, Google, etc.).

The biggest issue is how they go about signing customers up. Users who either aren't very observant or who try it and don't know how to back out, probably think they were taken advantage of here. Their tactics aren't much different from those used by MacKeeper, especially in the early days, but MacKeeper is alive and well with plenty of unhappy uses, yet no formal classification as malware or PUA.

Then there's the matter of including the disabled Codec-M/FkCodec link. We don't know why Genieo chose to include it, but I can't imagine that it was done accidentally. I do feel Codec-M tactics were significantly worse than Genieo's in that they never told you what they were doing, always leading the user to believe this was something they needed to install in order to view certain videos (it was not) instead it hijacked the browser seach engine. About the only thing they had going for them was the un-installer that was included.

So, unless Genieo is somehow able to overcome their current situation, it goes in the books a malware, or PUA at best.

Genieo is a genius crapware for Mac. As somebody else mentioned - it quacks like Duck, it looks like Duck, it walks like Duck.... so it must be a duck.

Installation payload? Why in the world all apps except maybe MS Office for Mac use drag and drop and Genieo has a complex installation package? To invade your machine so that it will take more time to remove it than building a Taj Mahal.

See for yourself - here are copy of the installation instructions... including Set Homepage line and a lot of lines of Java applications which make me run for the exit ..

So don't say you are legit software because legit software doesn't need to do this stuff. If you track browsing habits - that wasn't part of the game. You said you are tracking searches. But there is no reason to hijack browser if you already are granted access to browser history.

The statements are all false - Genieo is malvare and should be flagged as such.

------

LSUIElement HKEY_CURRENT_USER\Software\Genieo\Components\Partner\active_partner genieo HKEY_CURRENT_USER\Software\Genieo\Components\Partner\default_partner genieo

HKEY_CURRENT_USER\Software\Genieo\set_homepage 0

HKEY_CURRENT_USER\Software\Genieo\set_searchProvider 0 HKEY_CURRENT_USER\Software\Genieo\state 0 HKEY_CURRENT_USER\Software\Genieo\installed_revision 14619 HKEY_CURRENT_USER\Software\Genieo\genieo_dmg_installer_url http://download.genieo.com/partner/genieo/mac_release/live/Genieo.dmg CFBundleName Genieo CFBundleIdentifier com.genieoinnovation.Genieo CFBundleVersion 1.0 CFBundleAllowMixedLocalizations true CFBundleExecutable Genieo CFBundleDevelopmentRegion English CFBundlePackageType APPL CFBundleSignature ???? CFBundleInfoDictionaryVersion 6.0 CFBundleIconFile GenericApp.icns Java JVMArchs i386 ppc jvmarches i386 VMOptions -d32 -Xmx192M -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=10 -XX:NewRatio=3 -XX:+DisableExplicitGC MainClass com.anabel.pp.main.JettyPersonalizationServerMain JVMVersion 1.6+ ClassPath $JAVAROOT/Engine/engine.jar $JAVAROOT/Engine/lib/signpost-core-1.2.1.1.jar $JAVAROOT/Engine/lib/commons-codec-1.6.jar $JAVAROOT/Engine/lib/commons-logging-1.1.1.jar $JAVAROOT/Engine/lib/httpclient-4.2.jar $JAVAROOT/Engine/lib/httpcore-4.2.jar $JAVAROOT/Engine/lib/apache-mime4j-0.6.jar $JAVAROOT/Engine/lib/httpmime-4.2.jar $JAVAROOT/Engine/lib/sqlite-jdbc-3.7.2-mac.jar $JAVAROOT/Engine/lib/lib/JDICplus.jar $JAVAROOT/Engine/lib/JDICplus_native.jar $JAVAROOT/Engine/lib/jdom.jar $JAVAROOT/Engine/lib/jericho-html-3.1.jar $JAVAROOT/Engine/lib/servlet-api-2.5.jar $JAVAROOT/Engine/lib/jetty-webapp-7.3.0.v20110203.jar $JAVAROOT/Engine/lib/json.jar $JAVAROOT/Engine/lib/log4j-1.2.15.jar $JAVAROOT/Engine/lib/slf4j-api-1.6.0.jar $JAVAROOT/Engine/lib/slf4j-log4j12-1.6.0.jar $JAVAROOT/Engine/lib/rome-1.0.jar $JAVAROOT/Engine/lib/modules-0.3.2.jar $JAVAROOT/Engine/lib/xstream-1.3.1.jar $JAVAROOT/Engine/lib/xpp3_min-1.1.4c.jar $JAVAROOT/Engine/lib/smtp.jar $JAVAROOT/Engine/lib/lucene-snowball-3.0.0.jar $JAVAROOT/Engine/lib/cssparser-0.9.5.jar $JAVAROOT/Engine/lib/sac.jar $JAVAROOT/Engine/lib/restfb-1.6.12.jar $JAVAROOT/Engine/lib/webkit2png-0.5.py $JAVAROOT/Engine/lib/ini4j-0.5.1.jar $JAVAROOT/Engine/lib/amazon_ad_api.jar $JAVAROOT/Engine/lib/protostuff-api-1.0.1.jar $JAVAROOT/Engine/lib/protostuff-core-1.0.1.jar $JAVAROOT/Engine/lib/protostuff-collectionschema-1.0.1.jar $JAVAROOT/Engine/lib/protostuff-runtime-1.0.1.jar $JAVAROOT/Engine/lib/JGoogleAnalyticsTracker-1.2.1-SNAPSHOT.jar

------------

about.url http://www.genieo.com/about ads.display false ads.gad.category.adname by_category ads.gad.partner ca-pub-9495238242790035 ads.notification.partner genieo ads.product.page.analyze false ads.profile.display false ads.providers.disabled Amazon,PPCBully,NbcSearch ads.video 0 bootstrap.inprogress.page bootstrap.target.time.idle -1 bootstrap.target.time.no.idle -1 browser.default.override browser.override.newtab.behavior true browser.searchprovider.queryparamname q browser.searchprovider.smalliconurl http://www.genieo.com/search_provider_icon.ico browser.searchprovider.suggesturltemplate {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} browser.searchprovider.suggesturltemplate.ff http://suggestqueries.google.com/complete/search?output=firefox&client=firefox&h l={moz:locale}&q={searchTerms} browser.searchprovider.suggesturltemplate.ie http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencodi ng={outputEncoding} browser.searchprovider.suggesturltemplate.opera http://suggestqueries.google.com/complete/search?q={SearchTerm}&client=opera browser.searchprovider.urlprefix search.genieo.com/results.html browser.searchprovider.urltemplate http://search.genieo.com/results.html?v=genieo&q= commercial.content.by.category true desktop.icon.file.name desktop.ico feed.prescore.threshold 60 feeds.preset.config.override.file $ANABEL_GENIEO_DATA_DIR$/feeds/preset_feeds_override2.json feeds.preset.config.override.url http://download.genieo.com/misc/preset_feeds_override2.json firsttime.registration.popup.enabled true freqsites.thumbnail.disable true help.badbootstrap.image.height 160 help.badbootstrap.image.url /img/bigHotItemIcon.png help.badbootstrap.image.width 250 help.badbootstrap.url http://www.genieo.com/faq/#empty-page help.url http://www.genieo.com/faq?partner=Genieo homepage.url http://search.genieo.com/?v=genieo homepage.url.prefix http://search.genieo.com/ homepage.verification.hours -1 homepageguard.enabled false hpg.manual true ie.commandbar.icon ie.commandbar.link itemheader.enabled false notification.aggregation.only false notification.header.enabled false notification.header.url $homepage.url$/item.html notification.initialstate.enabled true open.homepage.on.install.complete true open.homepage.on.install.complete.url.override http://www.genieo.com/firsttime/?p=genieo&u=http%3A%2F%2Fsearch.genieo.com%2F%3F v%3Dgenieo partner.birthday true partner.blog.feed.url http://www.genieo.com/category/blog-item/feed/ partner.disable.ui 0 partner.eula.hpcheckbox.display.name.mac Set as default homepage in Safari, FF and Chrome partner.eula.hpcheckbox.display.name.pc Set as default homepage in IE, FF and Chrome partner.eula.searchcheckbox.display.name.mac Set as default search provider in Safari, FF and Chrome partner.eula.searchcheckbox.display.name.pc Set as default search provider in IE, FF and Chrome partner.google-analytics.account UA-10350417-1 partner.install.uninstall.display.name Genieo partner.magazine true partner.manifest.base.url http://download.genieo.com/partner/genieo/ partner.manifest.file.name /live/manifest.xml partner.output.installer.file InstallGenieo partner.output.setup.file genieo_setup partner.support.languages.localization ; partner.uninstall.add.control.panel.entry true partner.version.build 508 partner.version.major 1 partner.version.minor 0 partner.webapp true preset.feeds.enabled true sensor.hidden.chrome false sensor.hidden.firefox false sensor.hidden.ie false sensor.hidden.opera false sensor.install.manual.chrome.disable true sensor.install.manual.safari.disable true sensor.shortcut.ie false settings.url $homepage.url$#l-s share.twitter.showpartnername true show.tray.icon true sidebar.default [] spg.enabled true sponsored.feeds.enabled false uninstall.url http://www.genieo.com/uninstall/local/ updater.components.blacklist websync.partnername genieo

Hi all I run VirusBarrier X6 10.7.5 and each time I had Genieo on my computer that somebody tried to instal but they dont have my pass code to install, when I scan my computer it tells me that it is bad software so if this say this its true. it puts it in the Quarantine folder then it gets deleted. I tried the uninstall software that ppl say here but VirusBarrier also say thats got maleware in it so I just let VirusBarrier sort it out and remove it.

VirusBarrier has saved my computer many times as it tells me if any bad software is downloaded or any mailware or crap is in my computer I use this for both sides of my MacBook Pro OX Mountain Lion and Windows 7 and Windows 8 all on the same laptop and this works with all 3 100%.

this software scans my iPhones, iPads, and all hard drive and SD cards every thing thats links to my laptop I give this 100% out of 100%

http://www.intego.com/Intego-mac-premium-bundle

This is the best I run and it works on all 3 my computers iMac 27" 1TB SSD + 4TB MacBook Pro 17" 1TB SSD and my wife MacBook Air 13" 512 Flash Drive.