Alright so I was downloading a torrent and I accidentaly downloaded this Mac_Installer virus.
The program is nothing but it is always open thus not being able to shut down my computer as I can't even close the program.
This is what it looks like:
Notice how I can't quit it?
I want to uninstall this program but I can't figure out how.. thanks for the reading!
Mac Pro
You installed the "Genieo" search-hijacking rootkit. The product is a fraud, and the developer knowingly distributes an uninstaller that doesn't work. I suggest the tedious procedure below to disable Genieo.
Back up all data. You must know how to restore from a backup even if the system becomes unbootable. If you don't know how to do that, or if you don't have any backups, stop here and ask for guidance.
Step 1
Triple-click anywhere in the line below on this page to select it:
/etc/launchd.conf
Right-click or control-click the line and select
Services â–¹ Reveal in Finder (or just Reveal)
from the contextual menu.
If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select
Go â–¹ Go to Folder...
from the menu bar and paste into the box that opens (command-V). You won't see what you pasted because a line break is included. Press return.
A folder may open with a file selected, or the file may not exist, in which case you'll get a message that it can't be found. If it does exist, it's a configuration file created or replaced by the Genieo installer. Any software installer that does this should be considered ipso facto malware. Move the file to the Trash. You'll be prompted for your administrator password. Then restart, empty the Trash, and continue as below.
IMPORTANT: If the launchd.conf file exists, you must move it to the Trash and restart before continuing. Otherwise the system may become unbootable. In that case, restore from your backup and start over. That's how badly Genieo has sabotaged your system. If you're not completely sure you can complete this step, stop here and ask for guidance.
Some variants of Genieo don't include the launchd.conf file. The absence of that file doesn't mean that Genieo is not installed.
Step 2
Quit the Genieo application, if it's running. Force quit if necessary.
Move each of these items to the Trash in the same way as above:
/Applications/Genieo.app
/Applications/Uninstall Genieo.app
/Library/Frameworks/GenieoExtra.framework
/Library/LaunchAgents/com.genieo.engine.plist
/Library/LaunchAgents/com.genieoinnovation.macextension.plist
/Library/LaunchDaemons/com.genieoinnovation.macextension.client.plist
/Library/PrivilegedHelperTools/com.genieoinnovation.macextension.client
/usr/lib/libgenkit.dylib
/usr/lib/libgenkitsa.dylib
/usr/lib/libimckit.dylib
/usr/lib/libimckitsa.dylib
There's no need to restart after each one. Again, some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.
Restart and empty the Trash. Don't try to empty the Trash until you have restarted.
Your web browser(s) should now function normally, and you should be able to reset the home page and search engine. If not, stop here and post your results.
Step 3
From the Safari menu bar, select
Safari â–¹ Preferences... â–¹ Extensions
Uninstall any extensions you don't know you need, including ones called "Genieo" or "Omnibar," and any that have the word "Spigot" or "InstallMac" in the description. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.
This procedure may leave a few files behind, but it will deactivate any version of Genieo that I know of. Make sure you don't repeat the mistake that led you to install it. Chances are you got it from one of the Internet's open sewers such as "Softonic" or "CNET Download." Never visit either of those sites again. You might also have downloaded it from an ad in a page on some other site.
Finally, be forewarned that when Genieo is mentioned on this site, the developer sometimes shows up under the name "Genieo support." If that happens, don't believe anything he says, but feel free to tell him what you think of his scam.
How do you back up your data first?
When I copy this:
/etc/launchd.conf
It says it can't find that folder.
How do you back up your data first?
I assume that you already figured that out, since you continued with the instructions, or tried to.
It says it can't find that folder.
As I wrote above, the file may be absent. If you're sure it's not there, skip it and continue. However, if it is there and you fail to delete it, be prepared to restore from a backup and start over.
Hi Linc, I think I have the same problem.
Whenever I try to access a torrent, a file "mac_install.zip" is downloaded. If this is unzipped, a mac_installer applicaton is created.
If I open the application, I see this:
I X the window.
I've gone throught your procedure, but none of the files that you mention are found. There is no Genieo task to kill, nor are there any of the mentioned extensions. If none of those are there then the procedure boils down to restarting - which I've tried, to no avail.
Any ideas? Are there other places to look for those files?
And, btw, do you happen to know what is Genieo doing to my machine?
Any and all help is sincerely appreciate.
Thanks,
Paul.
This installer is known to install Genieo, GoPhoto.it, Downlite and Jollywallet - all adware that should be removed.
However, if you are stopping the installation at the window shown, you shouldn't have any of those actually installed. It would probably be wise to check for all of them, using my Adware Removal Guide, to make sure.
As to how this got on your machine... well, you downloaded it via a torrent. Using torrents or websites to download illegal materials is one of the most common ways to get infected with this kind of adware these days. Unless you want to constantly have adware/malware problems, you need to stop engaging in that kind of behavior.
Think about it... the people making illegal materials available via torrent are criminals. Do you really trust them enough to open whatever they give you?
(Fair disclosure: The Safe Mac is my site, and contains a Donate button, so I may receive compensation for providing links to The Safe Mac. Donations are not required.)
Thanks for the info Thomas. Your website is awesome. But....
I went through the removal instructions for Genieo, GoPhoto.it, Downlite and Jollywallet, and found that none of the files mentioned, or extensions mentioned, were present on my machine. So I ask myself, "well, am I really infected with something?"
I believe I am, but my only proof is what happens when I try to access torrent files (any torrent file from any torrent site, either from Firefox or Safari (I don't use Chrome)). While I realize that this is likely the source of my infection, it's also the only concrete test I have that something is amiss.
This is what happens:
Let's try to get a torrent of ubuntu 13.10. Going to isohunt.to, I can search and find like this:
Lovely, looks like it. Ratings are mostly positive. Lots of seeders and leechers. Size is about right.
If I select the torrent I would expect to see utorrent pop up with the selected torrent. But what I now see the following count-down page (5 second):
When that expires, the following window appears.
From here on, it is as I mentioned in my first posting. It is always the same, regardless of the torrent I choose to access. So I'm sure something is not right.
Am I seeing more ads? Only notice one, which was an ad telling me that I should clean my mac.
For what it's worth, I'm relatively new to macs, but an old hat at windows and linux. The command line does not intimidate me. 🙂
So, what next? I'm at a dead end. Any guidance would be appreciated.
Cheers,
Paul.
Since you say you didn't allow the installer to proceed, I'm not that surprised that you didn't find anything.
As for the problems you're having with isohunt.to... that is a crap site. I just went there, and it pops open all kinds of pornographic chat scams, ads for the fraudulent app MacKeeper, redirects to other scam sites (such as vube.com), etc. These kinds of sites are a dime a dozen... they promise you all kinds of tempting things to download, but in the end, all they deliver is adware and scams.
Let's try to get a torrent of ubuntu 13.10.
There is no need to use a Torrent site (and suffer all the stuff that comes in with illegal downloads) to get legitimate copies of software such as Ubuntu.
isohunt.to tricked you, first links in search result is "Sponsored" and leads to malware (Gophoto.it - Trojan.DownLoad3.32428)
Downloaded "Mac_Installer" Virus
