I have Sophos Anti-Virus program and it detected OSX/Geonei-A after I tried downloading something off the internet. I deleted the file I had downloaded (it was called something like mac_installer). Is there anything else I need to do? How does this affect my computer? My Sophos Anti-Virus is stuck "calculating" a scan and doesn't seem to be working properly. Please help, thanks!
MacBook Air (13-inch Mid 2011), Mac OS X (10.7.5)
You installed the "Genieo" scam product. There is an uninstaller, but as the developer is dishonest, you shouldn't use it. I suggest the tedious procedure below to disable Genieo.
Back up all data. You must know how to restore from a backup even if the system becomes unbootable. If you don't know how to do that, or if you don't have any backups, stop here and ask for guidance.
Quit the Genieo application, if it's running. Force quit if necessary.
Triple-click anywhere in the line below on this page to select it:
/etc/launchd.conf
Right-click or control-click the line and select
Services ▹ Reveal in Finder (or just Reveal)
from the contextual menu.
If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select
Go ▹ Go to Folder...
from the menu bar, paste into the box that opens (command-V). You won't see what you pasted because a line break is included. Press return.
A folder may open with a file selected, or the file may not exist, in which case you'll get a message that it can't be found. If it does exist, it's a configuration file created or replaced by the Genieo installer. Any software installer that does this should be considered ipso facto malware. Move the file to the Trash. You'll be prompted for your administrator password.
IMPORTANT: If the launchd.conf file exists, you must move it to the Trash it before continuing. Otherwise the system will become unbootable. In that case, restore from your backup and start over. That's how badly Genieo has sabotaged your system.
Repeat with each of these lines:
/Applications/Genieo.app /Applications/Uninstall Genieo.app /Library/Frameworks/GenieoExtra.framework /Library/LaunchAgents/com.genieo.engine.plist /Library/LaunchAgents/com.genieoinnovation.macextension.plist /Library/LaunchDaemons/com.genieoinnovation.macextension.client.plist /Library/PrivilegedHelperTools/com.genieoinnovation.macextension.client /usr/lib/libgenkit.dylib /usr/lib/libimckit.dylib /usr/lib/libimckitsa.dylib
Again, some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.
Reboot and empty the Trash. Don't try to empty the Trash until you have rebooted.
Your web browser(s) should now function normally, and you should be able to reset the home page and search engine. If not, stop here and post your results.
From the Safari menu bar, select
Safari ▹ Preferences... ▹ Extensions
Uninstall any extensions you don't know you need, including one called "Spigot" if it's present. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.
The Genieo installer may also install the "Silverlight" web plugin from Microsoft. If you have no use for that plugin, you can remove it according to Microsoft's instructions. Don't remove it if you subscribe to "Netflix" or any other video-streaming service that uses it.
This procedure may leave a few files behind, but it should deactivate Genieo. Make sure you don't repeat the mistake that led you to install it. Chances are you got it from one of the Internet's open sewers such as "Softonic" or "CNET Download." Never visit either of those sites again. You might also have downloaded it from an ad in a page on some other site.
Finally, be forewarned that when Genieo is mentioned on this site, the developer sometimes shows up under the name "Genieo support." If that happens, don't believe anything he says, but feel free to tell him what you think of his scam.
You installed the "Genieo" scam product. There is an uninstaller, but as the developer is dishonest, you shouldn't use it. I suggest the tedious procedure below to disable Genieo.
Back up all data. You must know how to restore from a backup even if the system becomes unbootable. If you don't know how to do that, or if you don't have any backups, stop here and ask for guidance.
Quit the Genieo application, if it's running. Force quit if necessary.
Triple-click anywhere in the line below on this page to select it:
/etc/launchd.conf
Right-click or control-click the line and select
Services ▹ Reveal in Finder (or just Reveal)
from the contextual menu.
If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select
Go ▹ Go to Folder...
from the menu bar, paste into the box that opens (command-V). You won't see what you pasted because a line break is included. Press return.
A folder may open with a file selected, or the file may not exist, in which case you'll get a message that it can't be found. If it does exist, it's a configuration file created or replaced by the Genieo installer. Any software installer that does this should be considered ipso facto malware. Move the file to the Trash. You'll be prompted for your administrator password.
IMPORTANT: If the launchd.conf file exists, you must move it to the Trash it before continuing. Otherwise the system will become unbootable. In that case, restore from your backup and start over. That's how badly Genieo has sabotaged your system.
Repeat with each of these lines:
/Applications/Genieo.app /Applications/Uninstall Genieo.app /Library/Frameworks/GenieoExtra.framework /Library/LaunchAgents/com.genieo.engine.plist /Library/LaunchAgents/com.genieoinnovation.macextension.plist /Library/LaunchDaemons/com.genieoinnovation.macextension.client.plist /Library/PrivilegedHelperTools/com.genieoinnovation.macextension.client /usr/lib/libgenkit.dylib /usr/lib/libimckit.dylib /usr/lib/libimckitsa.dylib
Again, some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.
Reboot and empty the Trash. Don't try to empty the Trash until you have rebooted.
Your web browser(s) should now function normally, and you should be able to reset the home page and search engine. If not, stop here and post your results.
From the Safari menu bar, select
Safari ▹ Preferences... ▹ Extensions
Uninstall any extensions you don't know you need, including one called "Spigot" if it's present. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.
The Genieo installer may also install the "Silverlight" web plugin from Microsoft. If you have no use for that plugin, you can remove it according to Microsoft's instructions. Don't remove it if you subscribe to "Netflix" or any other video-streaming service that uses it.
This procedure may leave a few files behind, but it should deactivate Genieo. Make sure you don't repeat the mistake that led you to install it. Chances are you got it from one of the Internet's open sewers such as "Softonic" or "CNET Download." Never visit either of those sites again. You might also have downloaded it from an ad in a page on some other site.
Finally, be forewarned that when Genieo is mentioned on this site, the developer sometimes shows up under the name "Genieo support." If that happens, don't believe anything he says, but feel free to tell him what you think of his scam.
How do you backup data? I don't have an external drive at the moment.
How does this scam product affect my computer? Right now I'm not noticing any signs.
Thanks so much for your help!
Shut down the computer. Don't turn it on again until you have at least one external hard drive (preferably two) and are ready to back up. Then see below.
Safsmacbookair wrote:
How does this scam product affect my computer? Right now I'm not noticing any signs.
Then it's doubtful that you actually installed it. If it's just one file and it's sitting in your Downloads folder, then trash it and you should not hear an more about it.
Signs of it being installed are a change in your home page to Genieo and / or your search engine to Bing. You also may experience unexplained crashes of Safari or other browsers. You might have a toolbar you don't recall having been there. You might find yourself being re-directed to advertised sites, instead of the one you were looking for.
I don't know why Sophos is stuck.
I am in total agreement with Linc on the need for a backup. Your hard drive will fail, it's just a matter of when.
Ok thanks. Sophos detected a threat (which needed manual cleanup) and I immediately stopped the installation and deleted the file in my Downloads file. I don't see any of the signs you mentioned, so I hope I'm in the clear!
Thanks I will backup my computer!
Thank you SO much! That helped! I really appreciate your time and help in removing the genieo malware
THANK YOU SO MUCH!!
Hi Linc, I was looking for some plugins for wordpress and accidentally downloaded the .dmg file. It look suspicious so I moved the file to my trash and I never installed it. Sophos detected it and seems to have succesfully cleaned it. Are there any other checks to run to see if I'm safe or just another virus scan?
Update: I'm sorry but I guess I originally missed @MadMacs0 post which essentially answers my question.
Another "Genieo" issue here--I tried to install a Flashplayer at the suggestion of Amazon in order to view videos on my Mac Air--when I went to the site--at least I thought it was the official Flashplayer site--I clicked on download--my antivirus Sophos program detected a "threat," which I tried to delete manually. I'm not sure if I did it correctly. (I custom scanned and went to option and selected cleanup--then I ran the scan--is that correct?)
I ran the complete scan and it's showing no threats but indicates there are "issues"--is this a problem?
How do I know that I got rid of the threat? And if it was quarantined in Sophos am I still at risk/
Many thanks!
First of all, if it was in fact Genieo, it's not malware, just annoying adware, so even if you managed to install it, there is no danger to your computer.
gwsw wrote:
Another "Genieo" issue here
Never a good idea to post a "Me Too" since the only people that might still be monitoring it are already here. Nobody currently on-line will see it, so always post a new discussion item. And some of the instructions above no longer apply to Genieo version 2.0.
That's just how this forum works best.
my antivirus Sophos program detected a "threat," which I tried to delete manually. I'm not sure if I did it correctly. (I custom scanned and went to option and selected cleanup--then I ran the scan--is that correct?)
That's normally the way Sophos takes care of things. You select the Quarantine Manager button at the bottom of the window, highlight the finding and choose what you want to do with it.
I ran the complete scan and it's showing no threats but indicates there are "issues"--is this a problem?
Can you be more specific. Either post the exact words or take a screen shot and use the camera icon in the toolbar of a reply to post it.
How do I know that I got rid of the threat? And if it was quarantined in Sophos am I still at risk/
Again, it's not a threat. If Sophos quarantined it that means you won't be able to open it. It flagged it because most people don't want to use it, but apparently a few users find it useful.
Check your Download folder to see if it's still there. If so drag it to your Trash Can and empty it.
If it wasn't in Download, check your Trash Can to see if it was moved there by Sophos. If so, just empty it.
I down loaded genie inadvertently 8th may and thought i got rid of it or so I was told by apple support. Yesterday it came down again apparently as a Trojan on BBC i-player but this time it was picked up by Norton antivirus whose support seemingly got rid of it. But an manual antiviral scan revealed four infected files . My instinct is to delete these but as an ordinary elderly computer user I have not a clue. Can you tell me if this is safe . I have a screen shot of the details Thanks
MagLit wrote:
manual antiviral scan revealed four infected files .
You still have the installer disk images mounted on the desktop for both BBC iPlayer Downloads and Genieo. Eject both and move on. If you don't know how, just log out and back in.
Thanks for replying . The Genieo has gone the norton adviser removed it but I still have these files . Are they safe to delete? Another problem has arisen. When I did a viral scan on the i-player it cloned itself all over my desktop together with Silverlight and something called installer. I think this problem is related to genieo though the viral scan said there were no problems
I feel very angry. As far as I know iI did nothing to bring this on. I use my computer is a very standard way downloading from established sites. Yet neither apple support nor the bbc have been of help arguing it was my responsibility. I also read on Wikipedia Geneio has been sold for $34 million dollars. There is no justice in this world
MagLit wrote:
Thanks for replying . The Genieo has gone the norton adviser removed it but I still have these files . Are they safe to delete?
I have no idea. I don't know what they are and you'll have to check with Norton to see what the infections are.
The first one with the .exe file extension name would appear to be a Windows only infection.
When I did a viral scan on the i-player it cloned itself all over my desktop together with Silverlight and something called installer. I think this problem is related to genieo though the viral scan said there were no problems
Silverlight should be OK (from Microsoft) if you need it for something. I know that Netflix has required it in the past. The installer appears to have been what installed Genieo. Download sites such as C|Net's download.com and Softonic are well know for including such things in their downloads. Try to use the AppStore or a developer's web site for all you third party software. MacUpdate is still reliable and hasn't resorted to such adware yet.
Hello,
Sophos detected a threat on my computer last night, and it seems to have been attached to a flash installer. I found the old installers in my downloads and trashed them, but Sophos is telling me on that end that a manual cleanup is required.
So far I've found one of the files that was listed and tried to trash it, but the trash is saying the file is in use, although it's not showing as running in my open applications.
Here is a screen shot of the Sophos diagnosis. Initially, there were 2 files and now there are 4.
here's the trash contents:
I already created the custom scan to get rid of the files, and nothing is working, it seems.
At this point, I've read this thread and it appears my browser hasn't been effected, I've had no redirects YET, and Sophos won't clear it out for me. Is there anything more I can do to get rid of this trojan? This is a brand new computer and we're not really doing anything more than emailing and editing photos on it. I can't even figure out how we would've got it in the first place!
Any suggestions or info on what I can do next to save the computer would be greatly appreciated.
Threat detected: OSX/Geonei-A. What do I do?
