What is Genieo and why did it appeared misteriosouly on my MacBook Pro?

See thread

Here

https://discussions.apple.com/thread/4816624?answerId=21272879022#21272879022

and uninstall Genieo

http://www.genieo.com/faq/#uninstall

If your uninstall is missing then down load it

here

On Mac:

• From the Applications folder, open "Uninstall Genieo" and follow the instructions.
• If from any reason the uninstall is missing you can download it from here.

Remove Genieo from your browser's home-page & default search:Once you completed uninstalling, you can remove Genieo from your homepage and search provider. Please refer to the instructions that matches your browser. We strongly advise you to restart your PC before taking these actions.

• Remove from Chrome
• Remove from Internet Explorer
• Remove from Firefox
  To change the default search please follow these instructions:
  • Type “about:config” into the address bar and click “Enter”.
  • Click the “I’ll be careful, I promise!” button.
  • Type “keyword.URL” into the search box that appears.
  • Right-click on the “keyword.URL” entry and click “Modify”
  • Delete the text in the box and click “OK”
• Remove from Safari, Safari 5.X

Thank you Thomas, sorry I'm so clumsy here. I edited my above post to do as you suggested and when I finished and clicked post, I was informed the Apple forums were being updated and my edit therefore wasn't saved, ha, what luck. So I had to make yet ANOTHER post to use the method suggested since apparently there's a limit to the number of edits I can make to one post, either a number of times or a time limit.

Sorry to make so many posts trying to do something that should have been so simple, I swear I'm not trying to spam this thread full of posts about this, lol. Thanks for your help Thomas 🙂

They work with seemingly dubious, or at best, highly misleading partners, and don't so much change the default browser search page, as hijack whichever one you choose to their own, even when Genieo app isn't running. Like Zeobit & Mackeeper, the only good thing is that the uninstaller removes it, bar a few inactive files. Given the links to known malware in their installer, & doubtful associations - I'd not trust their claims to protect any personal information.

http://zomebo.com/play.php?id=w55dMzeKqXg

http://softingo.com/nlp/e/mundomediai/flvplayer?p1=1&p3=bb185f4f84d438f5ef6d27e5da2191c1&utm_source=mundomediai&utm_medium=affiliate&utm_campaign=1&utm_content=flvplayer

http://download.genieo.com/partner/genSomM_16/mac_release/live/InstallGenieo.dmg?download_browser=safari&campaign=som1

the link recomended by thomas_r, which I'm sure is quite good otherwise, calls for you to first quit Genieo...which you cannot do in the normal fashion because it boots at startup and it won't let you "quit"

I'm not sure why you say that. My instructions even include a picture that shows how it's done:

Did this not work for you?

Note that I just took a look and downloaded the latest version of Mumble from its Sourceforge website. I see no indication of any kind of Genieo installer, though I didn't actually open the Mumble app.

More likely, you downloaded it from some other site that wrapped it in an adware installer, or you mistakenly pressed a "download" button that was on the download page, but was actually part of an ad... like this one, which I found on a page offering a Mumble download:

Csound1 wrote:

Please provide a link to one of these sites, thank you.

You can see them on Macworld, for instance, but note that you will need to disable any adware blocking extensions you use and the ads rotate, so you will need to keep reloading the page in order to see this:

Note carefully that it says on the left:

Version: Latest

OS: Mac OSX

Price: Free

But leaves it to your imagination as to what it is you are downloading for free. Is it DiskWarrior? Is it OS X?

If you read the fine print to the right it tells you:

This advertisement will lead you

to our website where you can

download Genieo

Clicking the big green button take you to

Jashue67 wrote:

I got it too. It was bundled to the video swiss army knife VLC (which I needed because Quicktime wouldn't play a specific video).

VLC is something I've used for years on various machines, but this is a new MBP so I needed to download the program. The first link on this morning's google search for VLC is the following:

http://vlc-media-player.macsoftware.com/download/file/id/1225260/os/mac/?lp=adwo rds&tg=us&kw=Vlc+mac&mt=e&ad=52633284779&pl=&ds=s&uid=141130552978639fbbf0529ff 9 e7dc7e9bf336214a&_ga=2127728944.1411301953&gclid=CLvi_OSy8sACFa5cMgodTT0AJQ

Check it out. There IS a mention of Geneio on that page, but if you don't look too closely, it's pretty easy to miss. I didn't see it and proceeded to download what I thought was just VLC. When my Safari home page was changed to Geneio, I pretty much freaked.

I've see the debate elsewhere as to weather or not this is malware, and by the letter of the definition, it might not be. But this practice is absolutely despicable. It makes me sick.

Then stop using crap sites to download from. VLC isn't malware, but you chose a 3rd party service to bundle malware with it.

What is wrong with using VLC's own site? VideoLAN - Official page for VLC media player, the Open ...

1st hit in Google.

Well, OBVIOUSLY I know VLC isn't malware. And yes I should have been more careful about the site from which I downloaded the program. My first hit on Google:

I guess I should have been tipped off by that nasty little "Ad" icon, but I hadn't yet finished my first cup of coffee and I suppose I was in too much of a rush.

None of this however, excuses Geneio and their partners. I had Geneio off my computer is a matter of minutes (reset my homepage. deleted the program, the Safari extension, and all cookies associated with this "service"). If this happened to my mom or dad who are elderly and not terribly computer literate? Forget about it! They wouldn't have had a clue about what to do.

There is also a form of malware that comes as a Flash Player Update under the name Genieo apparently. See this thread:

https://discussions.apple.com/thread/4763160?start=0&tstart=0

Make sure that nothing funny is happening on your browser.

PaXifica wrote:

I then ran Disk Utilities to clean up my mess.

Warning: SUID file "System/Library/CoreServic...nt" has been modified and will not be repaired.

Disk Utility's Repair Disk Permissions messages that you can safely ignore.

And I don't really see that there was any reason to use Disk Utility to fix the problem you described, in any case.

"Warning: SUID file "System/Library/CoreServic...nt" has been modified and will not be repaired."

This is a well known OS bug (for years !) ; apple support says to simply ignore warning messages from repair permission utility : http://support.apple.com/kb/TS1448

dyen12 wrote:

We got this deceptive annoying item also. It was hacked into our computer and we feel this was done by my child playing Mine Craft.

Anything is possible, but the only proven way to get it is by using an installer that clearly says "GenieoInstaller" or is included with an installer for some other product. Softonic is probably the primary source of such combined installers, so I just downloaded their Installer for MineCraft 1.7.5 and found that it will install Genieo. In any case it clearly displays a dialog requiring user approval to install Genieo. Many users overlook this dialog, thinking it's just part of whatever it is they intended to install, but we have not run across any that do not have this warning. If you find any other source for this please let us know where you obtained it from or make it available by other means so that others can be informed.

Also note that this conversation was started sixteen months ago and many things have changed since then, so it would be best to ignore what you have read here. For up-to-date information see thomas_r.'s Adware Removal Guide : Genieo or Linc Davis' update instructions here.

americagirl7 wrote:

This application downloaded itself while I was downloading another app

Yes, so to better understand what happened and how to avoid it in the future read John Galt's How to install adware.

GGATCC wrote:

Thomas, Symantec is really focusing on Genieo these days and they do label it as a "virus"....Are you still in favor of this stealth software?

Not sure where you are seeing this. All the references I see on the Symantec site refer to it as Potentially Unwanted App (PUA). That's about the lowest rating you can get.

Sorry, but I don't read anything in Thomas' explanation that would indicate he is in favor of this software. Several of us appealed to Apple when it first appeared to revoke Genieo's Apple DeveloperID, but so far they have not chosen to take such action. If Apple doesn't consider it to be malware, then who are we to make such a call?

If you are asking if users should be more careful in where they obtain downloads and what is being installed, I'd have to say absolutely. That's the only way users can control their environment. It's really up to the OS to protect us from stupidity. An educated user is a safe user.

For more ideas along these lines see John Galt's How to install adware.

Kilometerss wrote:

I should also mention that I got a pop-up to update my Adobe, which I installed from the pop-up (my bad 😝, now I know to do it from system preferences).

Depending on your settings and what the pop-up looked like, it could have been legit, but when in doubt you are smart to go to System Preferences.

4 days ago, my computer died, and a few hours after startup, a pop-up occurred saying "Application wants to install a helper tool. Please type your password".

That's a dialog box associated with InstallMac. The executable it uses is named "Application" which is what the OS uses in that dialog to inform you of what needs your permission for a helper tool.

Thats when I knew I had to take action. I did not touch the popup, I only moved it off the screen, so I could install Norton (without issue). Once I proceeded to the log-in stage of the app, however, *the pop-up overrode all text input. Anything I typed went into the Username or Password input box on the pop-up. After trying for a minute or two in vain to login to Norton, the pop-up started to immediately become the frontmost window. Not in the normal manner, but it would become behind the Norton login or Safari (when I clicked on it), then visibly jump right back in front. I could not do anything. I ended up clicking Cancel on the pop-up, beaten.

All perfectly normal. The dialog box itself comes from OS X any time an app requires admin privileges in order to proceed. You must deal with the dialog before you are allowed to do anything else.

As to the rest of you concerns, it is not unusual for A-V software to not find Adware since most do not consider it to be malicious, only annoying. Even those that do find the Genieo installer, won't remove anything for you since it is a legitimate application, signed with a valid Apple Developer ID. AdwareMedic is really the only app out there that will find and optionally remove all currently known adware. Apple does recognize a couple of Adware installers as being malware (FkCodec & Downlite), but I would not count on any A-V software to solve this problem. The best solution is to educate yourself. To understand why this happened and how to avoid it in the future see John Galt’s How to install adware.