Q: What is Genieo and why did it appeared misteriosouly on my MacBook Pro?

Thanks Thomas:

I tried your steps, but as I said its nowhere to be found, it may calling itself something else by now.

I got it from: firstrowus1.eu

careful now!

Leotio wrote:

 

I got it from: firstrowus1.eu

I've seen this site in a previous occurrance.

Download is "SportsApp_Mac_Installer.zip" which contains the a fake installer package "SportsApp_Mac_Installer.app" which contains "InstallGenieo.app" which looks to be a standard signed Genio installer including "Application", etc. dated August of this year.

The SportsApp Installer also contains what looks to be adware extensions for Chrome, Firefox and Safari and a "users.js" file to change some user preferences in Firefox. These all appear to be associated with "gophoto-it.crx" whatever that might be.

I just downloaded this, and this is definitely the most deceptive way that I have seen Genieo distributed before. Previously, all cases involved running a Genieo installer, even if the web site it was downloaded from called it something else.

In this case, the SportsApp_Mac_Installer is an application (not an Apple installer package, as it pretends to be) that installs Genieo. There is no indication that Genieo will be installed except for a single license agreement page that most users are likely to click right past. It also installs the adware GoPhoto.it.

Interestingly, this version of Genieo is slightly older, and appears not to install all the junk that more recent versions do. As far as I can tell, if you remove the Genieo and Uninstall Genieo apps and change your home page in your web browser, that should be sufficient to get rid of this variant of Genieo.

In the case of GoPhoto.it, you need to remove the extension from your browser. In addition, as MadMacs0 points out, Firefox users will have a JavaScript installed in their Firefox profile that will need to be removed. Go to the following folder:

~/Library/Application Support/Firefox/Profiles/

(If you aren't sure how to find that folder from its path, see Locating files from paths.)

Inside that folder, there will be a folder whose name consists of a string of random-seeming characters, ending in ".default" - open that folder. In that folder, if you see a file named users.js, remove it.

I will be updating my Adware Removal Guide with this information shortly.

Just a quick update to say that neither ClamXav nor Sophos detect anything, which is not surprising since most A-V software does not consider adware to be malware.

VirusBarrier Express identified 22 of 138 files as "OSX/Genio.A or .B". Not surprising as Intego decided several months ago to report it as documented in their blog here and in collaboration with Thomas A Reed, published this follow-up.

I have NO idea what Geneio is, but a 1st time scan of my MAC using Intego's VirusBarrier turned up 14 DMG Install Geneo apps which NetBarrier identified as "infected". Most are labeled as Install Genio A but there are one or two identified as "B" and as "C".

Now I have NEVER knowingly downloaded this APP DMG and I ONLY install software that I know and have selected. My "install" selection is the Apple Store PLUS "signed" software. I take solace that there were multiple attempts which MAY indicate it was never installed. NO IDEA at all.

Bye bye Geneio.

curtispsf wrote:

 

I have NO idea what Geneio is, but a 1st time scan of my MAC using Intego's VirusBarrier turned up 14 DMG Install Geneo apps which NetBarrier identified as "infected".

Wow, that's got to be some sort of record. I think Intego is the only A-V vendor that formally considers this to be malware. They apparently provide a service that a few users even seek out, with home pages similar to AOL, Yahoo and Google, but unfortunately they partner with other companies that will seemingly stop at nothing to trick you into installing that service with little warning. I presume that these companies are compensated by Genieo should you choose to install it.

You might want to take a look at TheSafeMac's Adware Removal Guide : Genieo in case something was left behind.

MadMAx, perhaps you work for Genio, or some PR shill firm they hire to troll the web and 'support' this P.O.C. malware... if so, then good for you.

The rest of us (those whose machines have been INFECTED by this P.O.S.) hate it.

Why you maight ask? Because SINGLEHANDEDLY (immediately after this P.O.S. software loaded onto my system, WITHOUT PERMISSION OR NOTIFICATION - and how do I know that? BECAISE I TRIED TO CANCEL IT!!), I 'lost' permission to a $1k suite of software that I use, and need to use, every working day of my life - thus LOCKING ME OUT of paying work, and creating several days of rooting this garbage completely out of the system, testing, reformatting, reloading, scanning, and restoring vital software.

Oh, that's not all. Within 1 week, I also lost a drive. Sure, maybe it was weak, but it went down hard - no recovery possible, just toasted. Which in my experience is rare (about 5%-10% of the time), but not unheard of -  yet GENIO's presence, with yet undetected kernels running rampant on my system at that same moment, tells me that drive had a lot of help 'failing'.

12 years with yes, a few lost drives yet NO virus problems of note whatsoever on ANY of my multiple Macs, yet within 7 days all THIS happens after "Genio" hotwires itself onto my system even though I tried to cancel install?

Yeah. That's some endorsement you have there. I'll believe it when Hades freezes over. Glad they're going to be paying you for it, "Mystery Shopper". Enjoy the view.

You installed it yourself, don't be so insulting to the people who are trying to help.

Pay attention to what you install in future.

NO, dude. Depending on WHERE this infection resides on the web, IT INSTALLS ITSELF regardless of what button or prompt you select. No 'choice' in that matter, depending on how the host software boots/jacks it... only a firewall with a "sacrificial computer"/honey pot at the front could save you in such an instance.

Happened to me. But hey, what do I know? I was just an IT tech/Broadcast Engineer at one of the largest television stations on the planet for 6 years. I maintained well over $15M worth of highly specialized computer-based hardware every singe day there. That was my JOB - not merely my 'opinion'.

During that time I fixed hundreds of systems. I saw dozens of virus and malware come and go, headaches yes but no real threat to our systems. This one is the worst, for Mac, that I have EVER seen in more than 20 years of tech support.

By a longshot. Call it what you want - it is a virus, it is malware. It is the WORST 'commercial" software I've ever seen for Mac in my entire life - and I've been around since the first release of Photoshop.

Oh - the "second paid shill" coming in to "vouche" for the first paid shill is an old, old ruse. Get something better or find another thread to spill garbage over. PR hacks are not needed in tech forums.

It does not, pay better attention next time you install anything, read the fine print and see what else is attached to the package you want.

Those who peddle dubious installers don't concern themselves about the 'fine print' being accurate, or even shown. Some may have no indication that anything other than the obvious is being installed, some have options that are all too easily overlooked; and some :  options that are ignored in any case, due to either deliberate or poor design.

I don't know how you managed to get put in charge of that much equipment, because your knowledge level is quite poor.

First, this software absolutely does not install itself. You installed it, one way or another. You probably downloaded something from Softonic, or somewhere similar, that includes Genieo in the installer. It's important to understand that every single installer containing Genieo that I've ever seen - and I've seen a lot of them - includes some text somewhere in the license that tells you Genieo will be installed. You need to pay more attention to what you're downloading.

Second, this software would not cause you to "lose permission" to a $1,000 piece of software or cause your hard drive to fail. Software cannot cause a hard drive to fail physically, which you should know, if you were qualified for the job you had.

Finally, you're being very rude to two people who don't like Genieo and help others get rid of it. That's not okay.

Is there a moderator on this thread?  Ad hominum attacks and personal questions about posters' credibility and knowledge are out of place on an informational forum.  Please take this sort of thing to private email and let's keep this thread to information related to the topic.  If information is irrelevant, please just ignore it.

I agree with lindsay fromleander:

Personal Attacks  HAVE AVSOLUTELY NO PLACE on Apple Forums. Yabbadoddy, we get it you're upset. And I have NO IDEA, ie 0 knowledge as to whether the problems experienced had anything or nothing todo with Geneio. But the fact thast some bad things happened does not mean that Geneio installation had anything to do with those occurences. It's like saying I had pancakes for the first time that day, and therefore pancakes caused the problem.

1) I had 14 downloads of the Geneio dmg app and not a single install. I comfirmed this by checking for certain plist and usr/dylibgen files known to be associated with this installation.

2)  I believe the non installation may have had something to do with my higher security settings on what could be installed and what was blocked.  I used TRUST 1] Only Apps from the Apple Store and at times, 2] App Store and Trusted Software.

3) No doubt Geneio came from Softonics. When I was on their site, I recall an immdiate "NEED FOR FLASH UPDATE" message which I refused to install.

4) Non access to files "might" have been cleared by deleting plists for the app and/or repairing permissions. If you received a no permission message, another option would have been to go in manually and change owenership permissions. I don't reccomend doing this unless you reserach the issue first to get some idea as to what valid permissions should be on the app.

5) If the drive was magnetic, any decent app such as Drive Genius or Tech Tool Pro would probably have given you warning that a drive was about to fail. I've got this warnings 4 times and was able to clone and replace the drives before failure.

It ***** that software you didn't ask for got installed...It ***** that you had problems. It's uncertain that there was any causal connection between the two..but there are things you can do from this point forward to protect yourself.

yabbadoody wrote:

 

MadMAx, perhaps you work for Genio, or some PR shill firm they hire to troll the web and 'support' this P.O.C. malware...

Nope and nothing I said should be taken as support for anything other than how to remove it. Everything I said is factual based on personal experience or second hand information from a trusted source. The only thing I would expect to get from Genieo is the threat of a suit for maligning them to the extent that I did. They have hired a "PR" person to do just that, so don't be surprised if he shows up to "discuss" your remarks.

I think others have adequately addressed the inappropriateness of your comments here, since you seemingly have contributed nothing to helping the OP, so I'll give you a chance to redeem yourself by telling us how we can get our hands on this installer that failed to tell you what it was doing. I can understand if you no longer have it, but if you know what it was called and the where you downloaded it from, that would be a great service to the community.