PANDAPETRI

Q: virus genieo

How to remove virus genieo on a Mac?

MacBook Pro with Retina display

Posted on Jan 27, 2014 12:35 PM

Close

Q: virus genieo

  • All replies
  • Helpful answers

first Previous Page 3 of 3
  • by hukuk,

    hukuk hukuk Mar 31, 2014 1:20 PM in response to MadMacs0
    Level 1 (0 points)
    Mar 31, 2014 1:20 PM in response to MadMacs0

    Thanks MadMacs0 - I did already.

  • by cheezychaser,

    cheezychaser cheezychaser May 1, 2014 7:53 PM in response to Linc Davis
    Level 1 (0 points)
    May 1, 2014 7:53 PM in response to Linc Davis

    I followed the instructions, but when I tried to move the last file listed to the trash it just got hung up. It shouldn't take several minutes for a fileto move to trash, should it???

    ,

  • by MadMacs0,

    MadMacs0 MadMacs0 May 1, 2014 8:57 PM in response to cheezychaser
    Level 5 (4,801 points)
    May 1, 2014 8:57 PM in response to cheezychaser

    cheezychaser wrote:

     

    It shouldn't take several minutes for a fileto move to trash, should it???

    No, it shouldn't. You have something else going on. Try this.

     

    Hold your option key down and click on the Finder icon in your dock (should be first on left) and select "Relaunch". Now try again when the menubar and Finder windows return.

     

    By the way, Genieo 2.0 is out and stores things in new places, so you might want to double-check with Adware Removal Guide : Genieo to make sure you got it all.

  • by thomas_r.,

    thomas_r. thomas_r. May 2, 2014 4:26 AM in response to cheezychaser
    Level 7 (30,929 points)
    Mac OS X
    May 2, 2014 4:26 AM in response to cheezychaser

    cheezychaser wrote:

     

    I followed the instructions, but when I tried to move the last file listed to the trash it just got hung up. It shouldn't take several minutes for a fileto move to trash, should it???

    ,

     

    You really should reboot the computer after deleting the launchd.conf file, but before removing any of the .dylib files. Linc's instructions don't say that, but if you don't do that, your system will freeze if you don't get it restarted quickly after deleting the .dylib files. You'll probably need to force restart (press and hold the power button until it shuts down, then press it again to restart).

     

    If you deleted the .dylib files without actually removing the launchd.conf file first, then your computer will not be able to restart. If this happens, see the recovery instructions here:

     

    http://www.thesafemac.com/arg-genieo/#recover

     

    I may receive some form of compensation, financial or otherwise, from my recommendation or link.  <Edited by Host>

  • by David Weiss,

    David Weiss David Weiss Dec 5, 2014 1:41 PM in response to Linc Davis
    Level 1 (29 points)
    Notebooks
    Dec 5, 2014 1:41 PM in response to Linc Davis

    Thanks much for this. I don't see any of the files listed, and I saw 's post about "Genieo 2.0" and the malware link, so I know that Genieo could still be lurking, etc. Like , I got to this from a Sourceforge page, and unfortunately I didn't catch all the steps I took, but I ended up on the page below, and I clicked on that big green button thinking I was downloading something else, and installed it. Doh!

     

    I noticed the problem when my browsers' start pages and search defaults changed, and I believe I ran the uninstall to remove it, then went in to both my browsers and changed my preferences. Again, sorry I didn't capture all the steps I took.

     

    Here's the situation: I think it's gone. However, about half the time, when I shut down, I see, for a fraction of a second, a message saying that I'm downloading MacFonts, and the choices are OK and Abort. Before I can react to it in any way, or even take a screenshot, the machine shuts down.

     

    Would a virus scan catch this, if there's still something "Genieo" on my computer? Is there a way to investigate that weird shutdown message?

     

    Thanks much!

     

     

    Screen Shot 2014-12-05 at 1.26.08 PM.png

  • by MadMacs0,

    MadMacs0 MadMacs0 Dec 5, 2014 1:54 PM in response to David Weiss
    Level 5 (4,801 points)
    Dec 5, 2014 1:54 PM in response to David Weiss

    That looks to be a simple "pop-under" web page that can't be blocked by "pop-up" blocking. It shows up as your browser pages are closed one-by-one when you quit the app or logout/shutdown.  It could be caused other advertising on a web site you frequent. There are several ad blocking extensions available that might be able to control this.

     

    In case there is something left over from Genieo and because this thread was started several months ago, a new tool has been developed for faster, more efficient identification and optional removal of all currently know adware called AdwareMedic, available free from thomas_r., owner of TheSafeMac blog and a colleague of mine.

  • by David Weiss,

    David Weiss David Weiss Dec 5, 2014 2:55 PM in response to MadMacs0
    Level 1 (29 points)
    Notebooks
    Dec 5, 2014 2:55 PM in response to MadMacs0

    Thanks! To clarify, that screenshot I posted was not the thing that was appearing when I shut down. That screenshot is of the actual web page I clicked through, and note the references to Genieo. What sometimes appears when I shut down is a simple window talking of a download process (and OK and Abort options), which flashes by too quickly to do anything about. I'll give AdwareMedic a try!

  • by David Weiss,

    David Weiss David Weiss Dec 5, 2014 3:07 PM in response to MadMacs0
    Level 1 (29 points)
    Notebooks
    Dec 5, 2014 3:07 PM in response to MadMacs0

    Wow. AdwareMedic found all this Genieo stuff I didn't find by manually searching. Thanks MadMacs0, thanks thomas_r.! I'll keep an eye out for anything amiss, like that shutdown thing!

  • by Dsylproductions,

    Dsylproductions Dsylproductions Dec 17, 2014 10:29 AM in response to Linc Davis
    Level 1 (0 points)
    Dec 17, 2014 10:29 AM in response to Linc Davis

    Thank you SOO much. (11 months later) I attempted to install a program "darwine - winebottler' from softonic and it gave me the same symptoms. Safari would not open and other browsers had their homepages and search engines changed.

    If this does not classify as malware I don't know what does!

     

    http://darwine-winebottler.en.softonic.com/mac

  • by thomas_r.,

    thomas_r. thomas_r. Dec 17, 2014 10:41 AM in response to Dsylproductions
    Level 7 (30,929 points)
    Mac OS X
    Dec 17, 2014 10:41 AM in response to Dsylproductions

    The problem is not the program you tried to download, but where you downloaded it from. Softonic is a known adware distributor. They take other people's software and, without permission, wrap it in an adware installer. This isn't done with all programs, only the ones they seem to be able to get away with: small-time, open-source apps and the like. Please boycott Softonic, and spread the word to everyone you know!

  • by miguelfromlaredo,

    miguelfromlaredo miguelfromlaredo Jan 24, 2015 8:28 PM in response to PANDAPETRI
    Level 1 (0 points)
    Jan 24, 2015 8:28 PM in response to PANDAPETRI

    I have a program called ClamXav installed on my macbook pro. It definetely does it's job and finds unwanted programs on my mac. Just scanned my mac and noticed it captured this file. I always search up the file before deleting to guarantee its existence to be needed or its actually a bug. This is obviously a virus so I have already done away with the file. ClamXav is not from the AppStore but I have not had any issues with the program thus far and would highly recommend it. Hope this helps.

  • by MadMacs0,

    MadMacs0 MadMacs0 Jan 24, 2015 11:54 PM in response to miguelfromlaredo
    Level 5 (4,801 points)
    Jan 24, 2015 11:54 PM in response to miguelfromlaredo

    Since I provide uncompensated tech support on the ClamXav Forum, I'm certainly glad it caught this one for you. I assume it was the installer, as that's what usually is found by A-V scanners, but if you think you might have used it to install Genieo then I would encourage you to use either the instruction for manually removing it or AdwareMedic, both from thomas_r. who posted above, to make sure you got it all.

first Previous Page 3 of 3