Q: What is Genieo and why did it appeared misteriosouly on my MacBook Pro?

Hey - sorry I am just getting back, I'm fighting a nasty cold and am trying to get some work done.

Assuming you guys were asking about my addition to the conversation - I've since deleted the installer but it was clearly labled as a Genieo .dmg file.

Per my wife, she clicked the download button on the installer from the java.com page and somewhat blindly clicked through the instructions that were provided. It was nto until the install was actually taking place that she realized that she was installing Genieo -

I asked her if she thought that maybe she had mistakenly downlaoded Genieo at some other time - she said anything is possible, but she really doesn't think so.

Just wanted to say that although I did find 14 instances of genio DMGs being downloaded, I was able to find that it was not actually installed on my system. I discovered this by doing a search for geneio through Google and found a site that pointed out the files one would find installed in the /usr folder of the home folder. Sorry, I can't out my finger on the site at this moment, but if I found it anyone can.

You would need to make your home folder's Library folder visible as necessary and then use Onyx to make the root files visible. Then you could search in the /usr folders. I conclude that the geneio dmgs were downloaded surreptitiously and never identified as being "geneiol" apps.

James, it's entirely possible that your wife clicked on a link that claimed to be at java.com but was a link to another site altogether.  I've seen weirdness of this sort.  A page may post a URL as the visible hyperlink text when the actual link is a URL to some other page altogether.  This is extremely underhanded, although probably not a criminal offense.  It would certainly be actionable in civil court were it to stick around long enough for Oracle to see it.

A link in google wouldn't do this, but you said that your wife "ended up" on a page with a visible URL supposedly at java.com.  Did she access a page from google which had this URL, or perhaps follow a chain of links to get to to a page with such a misleading link text?

No - according to her she googled "update java" then clicked on one of the google page results, which was for a page on java.com

When I tried to retrace her steps onher machien the afore mentioned link did show as having been visited previously.

I wish I had kept the installer. Are there any other relevant logs I can check?

Here's a link to an Intego site which discusses the relevant files to look for such as:

.usr/lib/libgenkit.dylid

http://www.intego.com/mac-security-blog/another-problematic-softonic-installer-b rings-adware/

TopSteve wrote:

 

thomas_r   I don't want to speek for anothere but I do not think andyBall_uk "requested" any information.  The way I read it he was just saying how to find some information.  As for the "installer" in my case it was named "install_genieo". 

I believe andy wanted feedback on where the installer came from. I know that's what Thomas wants to know.

The three ways I know of to install an app onto a MAC are.

Since we are talking about this being a potential Java update here (which is technicall not an app, I realize) the safest, most efficient way to update Java SE 7 is by going to System Preferences->Java and checking to see if an update is available. It will then direct you to the appropriate place.

Similarly, FlashPlayer should always be updated now by starting in System Preferences->Flash Player.

James Smutek wrote:

 

I asked her if she thought that maybe she had mistakenly downlaoded Genieo at some other time - she said anything is possible, but she really doesn't think so.

To me that is the most reasonable explanation. If the Java update was still on it's way into her download folder, then the previous download would still be showing in the dock, so if she double-clicked that, it could easily have been the Genieo installer image file that was mounted. We have many instances of users finding that file in their Download folder, without any idea what they clicked to have it show up there or having noticed that a download was taken place. Ever since they moved the Safari download indicator to the upper right corner of the address bar, it's been easy to overlook it.

Java.com should be safe (well, as safe as any Oracle-run site possibly can be), and I cannot find anywhere on that site that has a Genieo download available. I would guess that the Genieo installer must have come from somewhere else, and your wife is mistaken that it came from there. As curtispsf points out, it can be downloaded automatically by certain sites, and if she then found it lurking in the Downloads folder when she was expecting to find a .dmg file with a Java installer, and opened it mistakenly, that would explain the behavior you saw.

curtispsf wrote:

 

found a site that pointed out the files one would find installed in the /usr folder of the home folder. Sorry, I can't out my finger on the site at this moment, but if I found it anyone can.

As I recall Thomas worked with Intego to develop these instrucitions "Adware Removal Guide : Genieo". We will undoubtedly be visited again by "Genieo Support" who will tell you to use their uninstaller, but that has proven to be incomplete in the past.

MadMacs0 wrote:

 

James Smutek wrote:

 

I asked her if she thought that maybe she had mistakenly downlaoded Genieo at some other time - she said anything is possible, but she really doesn't think so.

To me that is the most reasonable explanation. If the Java update was still on it's way into her download folder, then the previous download would still be showing in the dock, so if she double-clicked that, it could easily have been the Genieo installer image file that was mounted. We have many instances of users finding that file in their Download folder, without any idea what they clicked to have it show up there or having noticed that a download was taken place. Ever since they moved the Safari download indicator to the upper right corner of the address bar, it's been easy to overlook it.

YES  the new download indicator is the top right is to easy OVERLOOKED!!! Esplisley as it's not there all the time. I'm leaving feedback on apples feedback site for safari to bring but the download list as a default.   Is there a way of displaying the old downloding list?  What with this and other changes for changes sack like the removing of CoverFlow in iTunes I am starting to loos fath in Apple.

TopSteve wrote:

 

Is there a way of displaying the old downloding list?

Clicking on the download indicator will give you the list, but I don't think there's any way to have it come up automatically or stay up when you click elsewhere, as it used to.

The Genieo app in the Mac Applications folder "cannot be deleted because the program is in use"...I got rid of it by going to Applications > Utilities > Activity Monitor ... select Genio and under View select Quit Process. Now you can drag the Genieo app to Trash.

Now you can drag the Genieo app to Trash.

...and you won't have removed any of it except for the app.

Proper removal instructions have been posted numerous times on this lengthy topic. For one such set of instructions, see:

http://www.thesafemac.com/arg-genieo

Now you can drag the Genieo app to Trash.

Do you plan on leaving the rest of it on your Mac?