Bing redirect on the Safari Google Search Bar

vdotmatrix wrote:

OMG....so is a WINDOWS type invasion....in 3 years as a new and releived mac user this is the first time I have ever seen a WINDOWS type of drive by or infection

To technically qualify as a "Drive-By" infection it would have to infect your computer without requiring you to do anything other than view a web page. The only time this has happened with in-the-wild malware was a couple of years back when Flashback used a Java vulnerability to load itself onto the computer. From your description you had to agree to some sort of Java update which would indicate it's wasn't strictly a drive-by infection.

Genieo has partnership agreements in place with a number of third parties to assist in the distribution of their "product" which is a free news website that pays the bills through advertisement. Since many of us now use adblocking software to prevent us from having to see, let alone click-on these ads, advertisers are starting to resort to more invasive techniques to pay the bills. I'm afraid I don't see an end to this unless the internet is transformed into a pay for services environment. Something that is totally foreign to anybody that has ever used it. Google, Bing, Yahoo, etc. give you free searches to help rapidly research almost any topic. In return they gather information about your habits and attempt to present you with advertisements that fit your interests in hopes you will click on it and visit a vendor site. That vendor will pay the search engine provider for that click in hopes of selling you something. No advertising, no clicks, no money, so it's either come up with a way to work-around your adblocker or have you pay per search or per month or something like that in order not to go bankrupt.

Genie mostly arrives via their partnership agreements with C|Net's download.com and Softonics software download sites. When you click that big green download button, you get a custom installer that contains the software you wanted plus the Genieo adware. If you watch closely during the installation you'll be told that Genieo will be installed unless you opt-out by unchecking a box. We have seen a few instances when the warning does not appear, but instead is buried in some fine print you automatically agree to when you click that green button. In any case, they do just enough to stay above the law so you can't sue them for any damage, but plenty to annoy and trick you, then making it difficult to back out once installed. They do provide an installer, but it's been found to leave things behind, so has never been recommended here (except by one of their employees known as Genieo Support who may show up here eventually).

So download most of your software from the AppStore and when not there go to the developer site to get it. Last resort would be MacUpdate which has not found it necessary to resort to such tactics yet. Especially avoid Softonics, C|Net and all BitTorrent.

Thank you MUCHO a lot !

I was really miffed that while in FIREFOX, A notice came up that my JAVA was out of date and had to be updated to view whatever the heck it was, then the whole just didnt look quite right so I stopped the install and started deleting stuff left and right.....It was a deja vu kinda nightmare for me, running away from anything WINDOWS related...I dont even use Office any more...so screwed up....

But I thnk you for explaining this to us....

thank you

I have a similar issue, but I don't think it says mac.installer, and when I selected the line in the first forum reply, it said that it wasn't found in my finder. I've checked my default browser though, and it is indeed still Google. Please help!

the last solution resolved the issue.

Sent from my iPhone5 & Voice to text not always accurate. transcribed using Siri my apologies.

With all due respect to the helpful advice above, I think, there can be a quicker and simpler solution.

I noticed that search terms get redirected to http://search.strtpoint.com before they get further redirected to bing.com When you enter http://search.strtpoint.com in Safari's address bar and hit return or enter, you'll land on a simple search page that looks like this:

From the text links below, click "Remove InstallMac", the one I circled red. It will first download a disk image with an uninstaller. Find the uninstaller image in your Downloads folder, mount it using DiskUtility or by simply double-clicking it, then run the uninstaller. There are a couple more instructions, such as resetting Safari's preferences, i.e. not opening on bing.com as a homepage and if you got "Omnibar" Extension installed and activated, also make sure you reset the search engine being used to "default" instead of "Genieo". In my case, following the above procedure did it without needing to locate "hidden" directories and removing files using the command line tool, let alone back up and reinstall the system and such things.

Hope, this helps someone save some time....

With all due respect to the helpful advice above, I think, there can be a quicker and simpler solution.

I noticed that search terms get redirected to http://search.strtpoint.com before they get further redirected to bing.com When you enter http://search.strtpoint.com in Safari's address bar and hit return or enter, you'll land on a simple search page that looks like this:

From the text links below, click "Remove InstallMac", the one I circled red. It will first download a disk image with an uninstaller. Find the uninstaller image in your Downloads folder, mount it using DiskUtility or by simply double-clicking it, then run the uninstaller. There are a couple more instructions, such as resetting Safari's preferences, i.e. not opening on bing.com as a homepage and if you got "Omnibar" Extension installed and activated, also make sure you reset the search engine being used to "default" instead of "Genieo". In my case, following the above procedure did it without needing to locate "hidden" directories and removing files using the command line tool, let alone back up and reinstall the system and such things.

Hope, this helps someone save some time....

With all due respect to the helpful advice above, I think, there can be a quicker and simpler solution.

I noticed that search terms get redirected to http://search.strtpoint.com before they get further redirected to bing.com When you enter http://search.strtpoint.com in Safari's address bar and hit return or enter, you'll land on a simple search page that looks like this:

From the text links below, click "Remove InstallMac", the one I circled red. It will first download a disk image with an uninstaller. Find the uninstaller image in your Downloads folder, mount it using DiskUtility or by simply double-clicking it, then run the uninstaller. There are a couple more instructions, such as resetting Safari's preferences, i.e. not opening on bing.com as a homepage and if you got "Omnibar" Extension installed and activated, also make sure you reset the search engine being used to "default" instead of "Genieo". In my case, following the above procedure did it without needing to locate "hidden" directories and removing files using the command line tool, let alone back up and reinstall the system and such things.

Hope, this helps someone save some time....

It's not necessary to reply to everybody here. We got your message the first time.

A couple of comments should probably be made about your approach.

The instructions provided by Linc ten months ago were for the first version of Genieo not the current version 2. The hidden file that can brick your Mac is no longer included, so unless someone has been infected for several months or stumbles across an older Genieo installer, the first step is no longer needed.

I also need to point out that the "Reset Search" application they ask you to download actually contains the OmniBar Safari extension and an app named "Application", both of which are known components of Genieo adware which were detected when I downloaded it by ClamXav and a couple of other A-V scanners. You can see them inside the app:

It will also attempt to contact Genieo.com while it says it's resetting things.

If you were accidentally infected with Genieo by something you downloaded before, why would you download yet another app from an unknown source that could be doing even more damage to your Mac?

Sorry, but I'd much rather understand exactly what's going on than put my trust in something totally unknown like this.

If you honestly don't feel up to removing it manually, then at least download something like AdwareMedic, developed by this forum's malware guru and owner of TheSafeMac web site thomas_r. (also a colleague of mine). It will safely and efficiently identify and optionally remove all currently known adware.

Sorry, about the triple post, MadMacs0, I wasn't aware of that until just now.

Also, I hadn't fully realized that Genieo's unfavorable history was that long. I just noticed the annoying redirect after remembering that I downloaded a sync app, since iSync is no longer supported (I'm usually not a "freebie-grabber" or someone who needs to touch=install everything in order to learn about it). After downloading an app called SyncMate, the Bing.com-redirect was forced upon me when doing a search in Safari. For the record: I did follow Linc's instructions, which - in my case - didn't yield the result I had hoped for, i.e.: No, the redirect wasn't gone. But since I was able to catch the address of the site doing the actual forward to Bing.com, I found out about what I then suggested as a quick fix, again - being unaware of the long history of nuisance with Genieo.

Like I said before, no disrespect of any kind intended. And - I'm totally devastated about my post showing up three times... ugh... (consider me rolling up in a corner and trying hard to die... 😮)

renovatio11 wrote:

Sorry, about the triple post, MadMacs0, I wasn't aware of that until just now.

Just blame it on the Forum software, that's what I always do and most of the time I'm right ;-)

renovatio11 wrote:

After downloading an app called SyncMate, the Bing.com-redirect was forced upon me when doing a search in Safari. For the record: I did follow Linc's instructions, which - in my case - didn't yield the result I had hoped for

Yes, Linc has revised his list to cover version 2 now. That's often a problem when your search takes you to older posts.

I'm guessing you must have obtained SyncMate from a software aggregator such as C|Net's download.com or Softonic. Both include their own installers along with many 3rd party software offerings which include adware. They do flash a warning on the screen about it, usually with a check-box you have to uncheck in order to "opt-out". Always attempt to obtain your software from the App Store or the developer's web site. Places such as MacUpdate (which has not resorted to such tactics yet) should only be used as a last resort. For more on all this, John Galt's How to install adware is a good read.

MadMacs0 wrote: I'm guessing you must have obtained SyncMate from a software aggregator such as C|Net's download.com or Softonic. Both include their own installers along with many 3rd party software offerings which include adware.

I think, it was Softonic, indeed. And I think I recall them presenting me with all kinds of "offerings", which I thought I ignored (along with a checkbox I should have unchecked, apparently...:/ )

MadMacs0: Always attempt to obtain your software from the App Store or the developer's web site.

Like I said, I usually do exactly that. But since I haven't found a solution to sync my very dated "smart"phone - which is not an iPhone, no - with the data on my Mac, that SW seemed to be my last resort.

MacMacs0: For more on all this, John Galt's How to install adware is a good read.

Doing it, as I type. Thanks for sharing this!