Is there a way to completely remove this? Or is reinstalling Mavericks the only solution? Do files get infected? Also, even after removal, will it still spy on user's web-browsing activities like banking, emails, etc?
You may have installed the "Genieo" scam product. There is an uninstaller, but as the developer is dishonest, you can't use it. I suggest the tedious procedure below to disable Genieo.
Back up all data. You must know how to restore from a backup even if the system becomes unbootable. If you don't know how to do that, or if you don't have any backups, stop here and ask for guidance.
Triple-click anywhere in the line below on this page to select it:
/etc/launchd.conf
Right-click or control-click the line and select
Services ▹ Reveal in Finder (or just Reveal)
from the contextual menu.
If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select
Go ▹ Go to Folder...
from the menu bar, paste into the box that opens (command-V). You won't see what you pasted because a line break is included. Press return.
A folder may open with a file selected, or the file may not exist, in which case you'll get a message that it can't be found. If it does exist, it's a configuration file created or replaced by the Genieo installer. Any software installer that does this should be considered ipso facto malware. Move the file to the Trash. You'll be prompted for your administrator password. Then restart, empty the Trash, and continue as below.
IMPORTANT: If the launchd.conf file exists, you must move it to the Trash and restart before continuing. Otherwise the system may become unbootable. In that case, restore from your backup and start over. That's how badly Genieo has sabotaged your system. If you're not completely sure you can complete this step, stop here and ask for guidance.
Once you have trashed the launchd.conf file and restarted, or verified that the file doesn't exist, quit the Genieo application, if it's running. Force quit if necessary.
Move each of these items to the Trash in the same way as above:
/Applications/Genieo.app /Applications/Uninstall Genieo.app /Library/Frameworks/GenieoExtra.framework /Library/LaunchAgents/com.genieo.engine.plist /Library/LaunchAgents/com.genieoinnovation.macextension.plist /Library/LaunchDaemons/com.genieoinnovation.macextension.client.plist /Library/PrivilegedHelperTools/com.genieoinnovation.macextension.client /usr/lib/libgenkit.dylib /usr/lib/libimckit.dylib /usr/lib/libimckitsa.dylib
There's no need to restart after each one. Again, some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.
Restart and empty the Trash. Don't try to empty the Trash until you have restarted.
Your web browser(s) should now function normally, and you should be able to reset the home page and search engine. If not, stop here and post your results.
From the Safari menu bar, select
Safari ▹ Preferences... ▹ Extensions
Uninstall any extensions you don't know you need, including ones called "Genieo" or "Omnibar," and any that have the word "Spigot" in the description. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.
The Genieo installer may also install the "Silverlight" web plugin from Microsoft. If you have no use for that plugin, you can remove it according to Microsoft's instructions. Don't remove it if you subscribe to "Netflix" or any other video-streaming service that uses it.
This procedure may leave a few files behind, but it should deactivate Genieo. Make sure you don't repeat the mistake that led you to install it. Chances are you got it from one of the Internet's open sewers such as "Softonic" or "CNET Download." Never visit either of those sites again. You might also have downloaded it from an ad in a page on some other site.
Finally, be forewarned that when Genieo is mentioned on this site, the developer sometimes shows up under the name "Genieo support." If that happens, don't believe anything he says, but feel free to tell him what you think of his scam.
Wow. This is really complicated. I'll just tell my friend to erase the partition, and reinstall Mavericks.
Is it bad for hard drive if you erase and reinstall partition over and over again? This will be like 4th time my friend is erasing a partiton to reinstall an OS.
Your friend is making a lot of bad decisions.
Where exactly is etc folder located?
She said none of these folders you listed is on the computer:
/Applications/Genieo.app
/Applications/Uninstall Genieo.app
/Library/Frameworks/GenieoExtra.framework
/Library/LaunchAgents/com.genieo.engine.plist
/Library/LaunchAgents/com.genieoinnovation.macextension.plist
/Library/LaunchDaemons/com.genieoinnovation.macextension.client.plist
/Library/PrivilegedHelperTools/com.genieoinnovation.macextension.client
/usr/lib/libgenkit.dylib
/usr/lib/libimckit.dylib
/usr/lib/libimckitsa.dylib
If that's true, then just remove the Safari extensions with "Spigot" in the description.
Thank you! I had fallen victim to the MacInstall app that I somehow installed along with the Genieo scripts on my computer. I was so mad --and yes it was the Softonic website. They use to be reliable, years ago. I think I was reinstalling Chrome, because I was invaded by an email message I'd inadvertantly clicked. That sent me to tryin to clean up all potential walware entries.
This year has been a HORRIFIC year for invasions, from email sites, unwanted apps, suggestions for Java use... you name it, I've fallen victim to it. I thought I was savvy and careful. HA!
Getting off genieo scripts, however, is a success story. Thanks to YOU, Linc Davis. I appreciate the paths and directions for ridding tem. Not all were there, but many of the files had remained after I'd used their uninstalll. I feel a bit better that I've cleaned up my computer. I do hope I didn't do damage by using the uninstall,
I've eliminated all plugins...
I've found your guidance and advice golden. When I see your name solving an issue, I tune in... always glad I do.
Best wishes and thanks for keeping us safer.
Thanks for the kind words.
She said none of these folders you listed is on the computer:
Although Spigot has been seen in some cases being installed alongside Genieo, that is certainly not always the case. All those files are things belonging to Genieo. If you don't actually have Genieo installed, you won't find any of those.
To remove the Spigot adware, see the link that dominic23 gave.
Thank you very much Linc,
At a first glance it appeared quite complicated but with your clear and easy to follow guidance I have been successful in riding my Mac of this malware. I initially installed an anti virus program (Virus Barrier) to eliminate Genio and also it taking me to Bing as a search engine. This got rid of less than half and the other half I used your directions. Thanks again.
P.S.
Should I use an anti-virus software and if so which one.
Jon
Linc,
I have been a victim also, but have removed all the files you mentiuoned. However, the file "com.spigot.ApplicationManager" is still being called by "com.apple.launchd" with "the file cannot be found". Am on OSX 10.68 as am not a fan of any of the later OSes. I deledted all the older com.apple.launchd and restarted but the spigot file is still being called. How to fix this?
See Dominic's link.
Thanks Eric,
However, I've done all that his linked post mentioned. Consol still reports message: com.apple.launchd.peruser.501[127] (com.spigot.ApplicationManager[1800]) posix_spawn("/Users/chrisg/Library/Application Support/Spigot/ApplicationManager", ...): No such file or directory ... over and over
The com.apple.launchd.peruser.501[127] file was created yeterday after I trashed the older versions. All of the files I could find mentioned anywhere to remove have been removed.
Removing Spigot malware
