Previous 1 2 3 Next 61 Replies Latest reply: Feb 21, 2015 5:34 AM by MadMacs0 Branched to a new discussion.
firstbasesoftware Level 1 Level 1 (0 points)

January 18, 2013 I was hit with a Genio virus application that somehow got onto my Mac OS X 10.6.8 (MBP)

and installed itself into my login startup list.

 

This virus (we have to call it that as I did not ask for nor authorize it) must have been attached to

something else, though I am unsure how they did this. As a computer scientist and programmer,

I am extremely aware of downloading and running strange applications.

 

Perhaps the did this through a javascript snippet from a news organization?

 

It took me a good twenty minutes of concerted work to locate and remove all of the virus applications.

It even appeared that they had an Uninstall app, but I did not trust it. So I removed all I could find,

and proceeded with a few find(1) based searches of the disk to make very sure.

 

My listing here is done for two reasons: (1) to document that genio is

sending out virus (look up who to complain -- part of it is "orlaith.potter" --

this forum won't let me list it)

and (2) to ask the community for guidance in protecting

my Mac from further Genio (and other similar) intrusions.

 

I was able to remove the virus application from the /Applications folder, kill all the

Genio processes, and remove the startup commands they added in my login startup area.

 

However, any comments would be very appreciated.

 

Regards from me and my laptop.

 

--jpb

 

<Emails Edited By Host>

  • Linc Davis Level 10 Level 10 (146,960 points)

    Genieo is spyware/adware, but not a "virus" in the true sense and not malware, strictly speaking. At some point you clicked through a notification of some kind to install it. It's deceptive, but if you read the fine print, the user agreement tells you what it does.

  • thomas_r. Level 7 Level 7 (29,560 points)

    There is no malware for the Mac going by the name Genio. There is, however, an application called Genieo:

     

    http://www.genieo.com/

     

    I have no idea whether this application is decent or not. I suspect it's junk, but it's not malware. You may not have installed it yourself, but if that's the case, it would have been installed by someone else, or as a part of something else. Such things are sometimes bundled together with other software. What did you install around the same time Genieo appeared? Is there anyone else with access who might have installed Genieo?

     

    For proper removal, see:

     

    http://www.genieo.com/faq/#q20

  • firstbasesoftware Level 1 Level 1 (0 points)

    Thank You, Linc, and Thank You, Thomas. I appreciate your taking the time to answer my rant.

     

    As the only user of my MPB I am sure no one else was involved.

    And I found the .dmg file -- but there are not any other things I installed at

    the same time, and I certainly never agreed to have it take over my search

    engine or home page preferences.

     

    So, how it got here is still a mystery.

     

    Some files I removed had used  "genio" in their names, though the .dmg spells it "genieo".

     

    And you can call it spyware, but it certainly quacked like a duck so I will continue

    to call it a virus.

     

    In any case, thank you again for taking the time to answer my questions.

     

    Regards

     

    --jpb

  • thomas_r. Level 7 Level 7 (29,560 points)

    And you can call it spyware, but it certainly quacked like a duck so I will continue

    to call it a virus.

     

    You are welcome to call it what you like, but for the record (for those who will chance across this topic later), it is neither spyware nor a virus nor any other kind of malware. Crapware, yes, probably, from what I know about it. Would I install it and trust my personal information to them? No way! But there is absolutely no possibility that this somehow installed itself on your computer without assistance. And once installed, it's common for junk software like this to mess with your search engine and home page settings in your web browser.

  • helpfulperson Level 1 Level 1 (15 points)

    I got this too and found out that it was an ad I'd acidentally clicked on when torrenting a movie, you must have somehow managed to install it accidentaly; in which case the uninstall app should be fine. It is crapware and just junk really, theres nothing helpful about it.

  • watcoh Level 1 Level 1 (10 points)

    I got this garbage on my MBP, too. As far as I am concerned, any software that insinuates its way onto your computer, takes over your existing browser (Firefox) search preference, and then cannot be got rid of is malware. You can follow their "uninstall" process, but I simply does nothing. Quelle surprise!

  • petip Level 1 Level 1 (0 points)

    I had Genieo downloaded by http://lp.ncdownloader.com/ (on 27/2/’13)

                lp.ncdownloade browser pg says: 403Forbidden

    In Trash (at last) I got rid of Genieo. where it contains 751 (spy?) parts.

    Can anyone tell me about http://lp.ncdownloader.com/?

    On the net it;s called malicious!

  • conradjr54 Level 1 Level 1 (0 points)

    This "Application" tried to sneak into my Mac disguised as an update to Flash.  The logo for Adobe was missing and the screen did not look right.  I noticed a download for InstallGenieo.dwg was downloaded and queued up so I closed the dialog asking me to upgrade Flash and the url connection to Firefox.  It did not want to close but I insisted.  The Genieo application did not install itself on my machine and I killed it.

  • thomas_r. Level 7 Level 7 (29,560 points)

    This "Application" tried to sneak into my Mac disguised as an update to Flash.

     

    Yes, there are a lot of people seeing that sort of thing right now. It's not particularly well-executed as an attack, as the downloaded file isn't actually disguised as Flash in any way. However, you do need to be cautious with anything claiming to be a Flash update, and never install Flash downloaded from anywhere other than Adobe's site (or downloaded through Flash's auto-update mechanism).

     

    Note that there is still no anti-virus engine that identifies Genieo as malware at this time, to my knowledge, and if you do install it, the uninstall directions I posted above should work to remove it. I have tested Genieo on an isolated test system, and it doesn't seem to do anything sneaky, above and beyond what it is advertised to do.

     

    As always, Genieo still cannot install itself without your assistance.

  • CharlesJR Level 1 Level 1 (0 points)

    Genieo is a "download assistant" application.

     

    My copy tried to install when working with Minecraft add on packs (skins and texture packs).

     

    Just about every site we tried to download these from insisted on trying to install Genieo at first.

     

    This is how it got onto your computer ... you THOUGHT you were clicking to download something else and got this instead.

  • thomas_r. Level 7 Level 7 (29,560 points)

    It's actually an adware application, and really performs no other function.

     

    Things have changed a bit since this topic was begun over a year ago. A few anti-virus engines now detect Genieo as malware, or at least a PUA. For removal, see:

     

    http://www.thesafemac.com/arg-genieo/

     

    Do not use the uninstaller, as was originally recommended.

  • charig Level 1 Level 1 (0 points)

    I have Sophos for Mac free AV and it detected and cleaned up Genio.  It's probably the only time it's detected anything Mac related as it usually pics up Windows mail attachments.   

  • thomas_r. Level 7 Level 7 (29,560 points)

    I would still look at the removal instructions in my latest post. I don't know whether Sophos will remove all components of the adware or not.

  • eugen53 Level 1 Level 1 (0 points)

    I also installed Genieo accidentally. Before hitting upon your page I already called Uninstall Genieo and removed removed Genieo. I can't see whether unistallation has finished. When trying to destroy Uninstall Genieo, I get the message that uninstall_genieo_mac.jar and JavaApplicationStub are still in use. Are these programs used somewhere else, too, or may I destroy Uninstall Genieo safely?

Previous 1 2 3 Next