mac os x virus: genio

You have some serious misconceptions about most all of this. thomas_r. has alerted you to some of it. Many of your issues have not been described adequately for me to respond to them, but I'll try a couple of them.

The reason you cannot delete the Installer is because you have the .dmg disk image file mounted on your desktop. That's why it appears in the list of devices. You will have to eject it first and then it can be deleted.

If your Safari history menu says you visited a site, then you have. There is no way to fake that. It's because Genieo changed your homepage (and your search engine) settings in order to expose you to their advertising. That's how they make all their money.

After you have finally gotten rid of everything, then the last thing you need to do is change those settings and you'll be done with it, as long as you stay away from download[dot]com, Softonic and all software piracy sites. Download only from the App Store or a developer's web site.

So its a good idea to remove it.

I have one file from it that i can find on this mac.

its GenieoExtra.framework

Geneio got put out of action with yosimite installed but will there still be files lurking around this mac even when i cant see them right off the bat?

And i did not even install genio.

I think it might sometimes slip itself in cause this macbook is quite new and i never even touched the app.

Note that this discussion is over two years old and Linc along with several others may no longer be monitoring here. Also, Linc rarely responds to "me too" requests, preferring that you start your own discussion.

Icedude_907 wrote:

So its a good idea to remove it.

It serves no purpose unless you are using their services, which they claim some users enjoy, but I've not found any.

I have one file from it that i can find on this mac.

its GenieoExtra.framework

Geneio got put out of action with yosimite installed but will there still be files lurking around this mac even when i cant see them right off the bat?

True. I believe Yosemite installation included a Malware Removal Tool run which probably picked up the active parts of Genieo, but did not remove all of them.

To learn what probably happened to you and how to avoid it in the future see John Galt's How to install adware.

I am not a guru, but from what you're describing, what came to mind was that the "uninstall" possibly 1) didn't close everything (files, settings, etc.) when it finished, 2) the uninstall is abysmally slow, 3) the "uninstall" doesn't really, but is still trying to send out information on you/your system/all the Defense and State Departments' secrets that it gathered when it used your MBP to hack into their servers... (just kidding on that last part, although it might be sending your info out.

A good antivirus app (ones already mentioned or ClamXav) is good, but this might be another good reason to consider "Little Snitch" for your Mac. I know some of the 'helpers' with all the stars here downplay use of Little Snitch (which monitors any applications or processes that try to 'dial out' in suspicious ways (unlike known apps that do this - e.g., browsers, Mac App Store, etc., and Little Snitch will, depending on how you set its parameters, ask you whether you want to authorize the app/process to do that, to allow it once, or until the app/process ends/quits, or forever. I reserve the last one there for apps which I know where I got them from, or from known good programs (such as Apple's apps, or programs downloaded from the Mac App Store). Little Snitch gives me a chance to know what's happening behind my back when I am in another app, and if you click on its "Details" button, it will try to look up what the site's name is that the app/process is trying to contact, which may tell you whether you know that site and trust the background app or not.

And definitely listen to the suggestions that Linc or thomasr gave you; they've given good suggestions/info at other places in the forums here (IMHO).

Jim (fellow MBP owner)

I'm sure you meant well, but eugen53 had this issue nineteen months ago, so I strongly suspect he's been able to fix it by now.