Previous 1 2 3 Next 41 Replies Latest reply: Jan 24, 2015 11:54 PM by MadMacs0
PANDAPETRI Level 1 Level 1 (0 points)

How to remove virus genieo on a Mac?


MacBook Pro with Retina display
  • Kappy Level 10 Level 10 (252,630 points)

    The Safe Mac » Adware Removal Guide : Genieo

     

    Helpful Links Regarding Malware Protection

     

    An excellent link to read is Tom Reed's Mac Malware Guide.

    Also, visit The XLab FAQs and read Detecting and avoiding malware and spyware.

    See these Apple articles:

     

              Mac OS X Snow Leopard and malware detection

              OS X Lion- Protect your Mac from malware

              OS X Mountain Lion- Protect your Mac from malware

              About file quarantine in OS X

     

    If you require anti-virus protection I recommend using VirusBarrier Express 1.1.6 or Dr.Web Light both from the App Store. They're both free, and since they're from the App Store, they won't destabilize the system. (Thank you to Thomas Reed for these recommendations.)

  • Linc Davis Level 10 Level 10 (158,895 points)

    You installed the "Genieo" scam product. There is an uninstaller, but as the developer is not trustworthy, you shouldn't rely on it. I suggest the tedious procedure below to disable Genieo.

    Back up all data. You must know how to restore from a backup even if the system becomes unbootable. If you don't know that, stop here and ask for guidance.

     

    Quit the Genieo application, if it's running. Triple-click anywhere in the line below on this page to select it:

     

    /etc/launchd.conf

     

    Right-click or control-click the line and select

    Services Reveal in Finder (or just Reveal)

     

    from the contextual menu.

    If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select

    Go Go to Folder...

    from the menu bar, paste into the box that opens (command-V). You won't see what you pasted because a line break is included. Press return.

     

    A folder may open with a file selected, or the file may be absent, in which case you'll get a message that it doesn't exist. If it does exist, it's a configuration file created or replaced by the Genieo installer. Any software installer that does this should be considered ipso facto malware. Move the file to the Trash. You'll be prompted for your administrator password.

    IMPORTANT: If the launchd.conf file exists, you must move it to the Trash it before continuing. Otherwise the systemwill become unbootable. In that case, restore from your backup and start over. That's how badly Genieo has sabotaged your system.

     

    Repeat with each of these lines:

     

     

    /Applications/Genieo.app
    /Applications/Uninstall Genieo.app
    /Library/Frameworks/GenieoExtra.framework
    /Library/LaunchAgents/com.genieo.engine.plist
    /Library/LaunchAgents/com.genieoinnovation.macextension.plist
    /Library/LaunchDaemons/com.genieoinnovation.macextension.client.plist
    /Library/PrivilegedHelperTools/com.genieoinnovation.macextension.client
    /usr/lib/libgenkit.dylib
    /usr/lib/libimckit.dylib
    /usr/lib/libimckitsa.dylib

     

    Again, some of these items may be absent, in which case you'll get a message that the file doesn't exist. Skip that item and go on to the next one.

    Reboot. Your web browsers should now function normally, and you should be able to reset the home page and search engine. If not, stop here and post your results.

    From the Safari menu bar, select

            

    Safari Preferences Extensions

         

    Uninstall any extensions you don't know you need, including one called "Spigot" if it's present. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.

       

    The Genieo installer may also install the "Silverlight" web plugin from Microsoft. If you have no use for that plugin, you should remove it according to Microsoft's instructions. Don't remove it if you subscribe to "Netflix."

    This procedure may leave a few files behind, but it should deactivate Genieo. Make sure you don't repeat the mistake that led you to install it. Chances are you got it from one of the Internet's open sewers such as "Softonic" or "CNET Download." Never visit either of those sites again.

    Finally, be forewarned that when Genieo is mentioned on this site, the developer sometimes shows up under the name "Genieo support." If that happens, don't believe anything he says, but feel free to tell him what you think of his scam.

  • Genieo support Level 1 Level 1 (25 points)

    Please follow the uninstall instructions in the link below:

    http://www.genieo.com/faq/#uninstall

    Or contact support@genieo.com

  • andyBall_uk Level 7 Level 7 (20,495 points)

    Don't trouble with the genieo adware uninstaller - when tested, it has left active software behind that needs to be removed manually. The instructions posted earlier by Linc Davis should be effective.

     

    Sophos now also include genieo in  their threat list; in the category Viruses and Spyware : Trojan : Adware

    http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/OS X~Geonei-A/detailed-analysis.aspx

  • JoseFornari Level 1 Level 1 (0 points)

    Hi,

    Just another victm reporting here. When trying to download some OpenOffice extensions today (from OO official site) this malaware showed up and I mistekenly installed it thinking it was the extension I was looking for. Now I'm trying to get rid of this virus. I can't believe their site is still out there (www.genieo.com). It should be blacklisted ASAP. Thank you for all advices on removing this invasion.

  • curiousbernie Level 1 Level 1 (0 points)

    Tedious indeed but it works.thank you

  • thomas_r. Level 7 Level 7 (30,130 points)

    When trying to download some OpenOffice extensions today (from OO official site) this malaware showed up and I mistekenly installed it thinking it was the extension I was looking for.

     

    Can you point me to a specific page where this download can be found? If OpenOffice has started distributing Genieo, that's very concerning and should be documented.

  • JoseFornari Level 1 Level 1 (0 points)

    I tried to backtrack my steps but the link to genieo is not appearing now.

     

    Today I was trying to download the following extension:

    http://extensions.openoffice.org/en/project/readability-report

     

    When I hit on the "dowlond extension" green button, instead of appearing the extension window, a genieo window showed up, which I inadvertedly hit, thinking it was the extension I was looking for.

     

    Thanks,

  • thomas_r. Level 7 Level 7 (30,130 points)

    I see the problem immediately... On clicking the Download Extension button on that page, you are redirected to a Sourceforge page. The download begins immediately on reaching that page, but that's easy to miss, and if you do, you're likely to click on the download button displayed in a Genieo ad that sometimes loads on that page:

     

    Screen Shot 2014-02-04 at 3.27.54 PM.png

     

    Undoubtedly, you clicked that button, which would have taken you to another page, from which you would have downloaded Genieo. You'd still have to open the InstallGenieo.dmg file, then run the installer on that disk image, in order to install Genieo.

  • Lamna nasus Level 1 Level 1 (0 points)

    That link kinda sounds like the problem.. I only recently started using Mumble rather than Ventrilo.. and Mumble v1.2.4 had given me issues with a greyed out 'Quit 'button, requiring force quitting the app every time.. so I was keen to get the update to v1.2.5 when Mumble prompted me.. but I had problems with the update link.

     

    Frst couple of attempts the link just died.. then it appeared to do the install but left me with v1.2.4 still installed not v1.2.5.. so I manually went to Sourceforge and its just possible I hit the wrong download button.. but hey, that means the Genieo link is on the Sourceforge page with a big old download button, strategically placed!

    As soon as it started running and flagged the name Genieo, I was suspicious.. but sometimes these Apps are made by companies with a different name to the software (this includes many WoW add-ons) however as soon as it mentioned 'alterations that might take 10 mins', I realised it was not Mumble being installed and immediately pulled the plug with a Force Quit on the installer.. made no difference, it quietly continued the install anyway, only annoucing the fact when it had finished (lesson learned, next time I will force power down the Mac).

     

    Fairly sure I have now exterminated Genieo from the system, though.. thanks to advice on this thread.

  • Tigra2 Level 1 Level 1 (0 points)

    I have tried to use this advice to remove Genieo but when I click on services, reveal in finder I get the message;

    The operation can’t be completed because the item can’t be found.

    Help please?

  • MadMacs0 Level 5 Level 5 (4,555 points)

    Tigra2 wrote:

     

    I have tried to use this advice to remove Genieo but when I click on services, reveal in finder I get the message;

    The operation can’t be completed because the item can’t be found.

    You haven't told us who's advice you are following, but note that in Linc Davis' entry he says:

     

    "A folder may open with a file selected, or the file may be absent, in which case you'll get a message that it doesn't exist."

     

    So ignore it and keep working your way through all the steps.

  • Tigra2 Level 1 Level 1 (0 points)

    OK I'm using the advice in Linc Davis' entry. I'm not having any success and think it's because I'm not clear on exactly what I should be pasting in the Go To folder entry, particularly the first line.

    I have pasted each of the ten lines listed starting with "/Applications/Genieo.app" and the result is "this folder can't be found". But when I reboot the problem still exists. What exactly is the first line I should enter in the Go To folder?

    Thanks Kindly

  • MadMacs0 Level 5 Level 5 (4,555 points)

    Tigra2 wrote:

     

    I have pasted each of the ten lines listed starting with "/Applications/Genieo.app" and the result is "this folder can't be found".

    So Genieo must not be installed on your computer.

    But when I reboot the problem still exists.

    You have not described "the problem" so I don't know what to tell you.

Previous 1 2 3 Next