Want to highlight a helpful answer? Upvote!
Did someone help you, or did an answer or User Tip resolve your issue? Upvote by selecting the upvote arrow. Your feedback helps others! Learn more about when to upvote >
Did someone help you, or did an answer or User Tip resolve your issue? Upvote by selecting the upvote arrow. Your feedback helps others! Learn more about when to upvote >
A few weeks ago I was downloading flipshare onto my mac book air and genies appeared on my mac and now it is on my safari and I CANNOT get it off. I have tried EVERYTHING! How to I remove genieo off my mac book air for good?
MacBook Air, OS X Mavericks (10.9)
You installed the "Genieo" rootkit. The product is a fraud, and the developer knowingly distributes an uninstaller that doesn't work. I suggest the tedious procedure below to disable Genieo. This procedure may leave a few small files behind, but it will deactivate any version of the rootkit that I know of.
Back up all data. You must know how to restore from a backup even if the system becomes unbootable. If you don't know how to do that, or if you don't have any backups, stop here and ask for guidance.
Step 1
Triple-click anywhere in the line below on this page to select it:
/etc/launchd.conf
Right-click or control-click the line and select
Services ▹ Reveal in Finder (or just Reveal)
from the contextual menu.
If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.
A folder may open with a file selected, or the file may not exist, in which case you'll get a message that it can't be found. If it does exist, it's a configuration file created or replaced by the Genieo installer. Any software installer that does this should be considered ipso facto malware. Move the file to the Trash. You'll be prompted for your administrator password. Then restart, empty the Trash, and continue as below.
IMPORTANT: If the launchd.conf file exists, you must move it to the Trash and restart before continuing. Otherwise the system may become unbootable. In that case, restore from your backup and start over. That's how badly Genieo has sabotaged your system. If you're not sure you can complete this step, stop here and ask for guidance.
Some installations of Genieo don't include the launchd.conf file, perhaps because it has already been removed. The absence of that file doesn't mean that Genieo is not installed.
Step 2
Quit the Genieo application, if it's running. Force quit if necessary.
Move each of these items to the Trash in the same way as above:
/Applications/Genieo.app
/Applications/Uninstall Genieo.app
/Library/Frameworks/GenieoExtra.framework
/Library/LaunchAgents/com.genieo.completer.update.plist
/Library/LaunchAgents/com.genieo.engine.plist
/Library/LaunchAgents/com.genieoinnovation.macextension.plist
/Library/LaunchDaemons/com.genieoinnovation.macextension.client.plist
/Library/PrivilegedHelperTools/com.genieoinnovation.macextension.client
/usr/lib/libgenkit.dylib
/usr/lib/libgenkitsa.dylib
/usr/lib/libimckit.dylib
/usr/lib/libimckitsa.dylib
~/Library/Application Support/com.genieoinnovation.Installer
If there are other items with a name that includes "Genieo" or "genieo" alongside any of those listed above, move them as well. There's no need to restart after each one. Again, some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.
Restart and empty the Trash. Don't try to empty the Trash until you have restarted.
Step 3
From the Safari menu bar, select
Safari ▹ Preferences... ▹ Extensions
Uninstall any extensions you don't know you need, including ones called "Genieo" or "Omnibar," and any that have the word "Spigot" or "InstallMac" in the description. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.
Your web browser(s) should now be working, and you should be able to reset the home page and search engine. If not, stop here and post your results.
Make sure you don't repeat the mistake that led you to install this undesirable software. Chances are you got it from one of the Internet's open sewers such as "Softonic" or "CNET Download." Never visit either of those sites again. You might also have downloaded it from an ad in a page on some other site. Typically the ad is a large green button labeled "Download Now" in white letters. The button is designed to mislead people who want to download something else on the same page. If you ever download a file that isn't obviously what you expected, delete it immediately.
You may be wondering why you didn't get a warning from Gatekeeper about installing software from an unknown developer, as you should have. The reason is that the Genieo developer has a codesigning certificate issued by Apple, which causes Gatekeeper to give the installer a pass. Apple could revoke the certificate, but as of this writing, has not done so, even though it's aware of the problem. It must be said that this failure of oversight is inexcusable and has seriously compromised the value of Gatekeeper and the Developer ID program. You cannot rely on Gatekeeper alone to protect you from harmful software.
Finally, be forewarned that when Genieo is mentioned on this site, the developer sometimes shows up under the name "Genieo support." If that happens, don't believe anything he says, but feel free to tell him what you think of his scam.
You installed the "Genieo" rootkit. The product is a fraud, and the developer knowingly distributes an uninstaller that doesn't work. I suggest the tedious procedure below to disable Genieo. This procedure may leave a few small files behind, but it will deactivate any version of the rootkit that I know of.
Back up all data. You must know how to restore from a backup even if the system becomes unbootable. If you don't know how to do that, or if you don't have any backups, stop here and ask for guidance.
Step 1
Triple-click anywhere in the line below on this page to select it:
/etc/launchd.conf
Right-click or control-click the line and select
Services ▹ Reveal in Finder (or just Reveal)
from the contextual menu.
If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.
A folder may open with a file selected, or the file may not exist, in which case you'll get a message that it can't be found. If it does exist, it's a configuration file created or replaced by the Genieo installer. Any software installer that does this should be considered ipso facto malware. Move the file to the Trash. You'll be prompted for your administrator password. Then restart, empty the Trash, and continue as below.
IMPORTANT: If the launchd.conf file exists, you must move it to the Trash and restart before continuing. Otherwise the system may become unbootable. In that case, restore from your backup and start over. That's how badly Genieo has sabotaged your system. If you're not sure you can complete this step, stop here and ask for guidance.
Some installations of Genieo don't include the launchd.conf file, perhaps because it has already been removed. The absence of that file doesn't mean that Genieo is not installed.
Step 2
Quit the Genieo application, if it's running. Force quit if necessary.
Move each of these items to the Trash in the same way as above:
/Applications/Genieo.app
/Applications/Uninstall Genieo.app
/Library/Frameworks/GenieoExtra.framework
/Library/LaunchAgents/com.genieo.completer.update.plist
/Library/LaunchAgents/com.genieo.engine.plist
/Library/LaunchAgents/com.genieoinnovation.macextension.plist
/Library/LaunchDaemons/com.genieoinnovation.macextension.client.plist
/Library/PrivilegedHelperTools/com.genieoinnovation.macextension.client
/usr/lib/libgenkit.dylib
/usr/lib/libgenkitsa.dylib
/usr/lib/libimckit.dylib
/usr/lib/libimckitsa.dylib
~/Library/Application Support/com.genieoinnovation.Installer
If there are other items with a name that includes "Genieo" or "genieo" alongside any of those listed above, move them as well. There's no need to restart after each one. Again, some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.
Restart and empty the Trash. Don't try to empty the Trash until you have restarted.
Step 3
From the Safari menu bar, select
Safari ▹ Preferences... ▹ Extensions
Uninstall any extensions you don't know you need, including ones called "Genieo" or "Omnibar," and any that have the word "Spigot" or "InstallMac" in the description. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.
Your web browser(s) should now be working, and you should be able to reset the home page and search engine. If not, stop here and post your results.
Make sure you don't repeat the mistake that led you to install this undesirable software. Chances are you got it from one of the Internet's open sewers such as "Softonic" or "CNET Download." Never visit either of those sites again. You might also have downloaded it from an ad in a page on some other site. Typically the ad is a large green button labeled "Download Now" in white letters. The button is designed to mislead people who want to download something else on the same page. If you ever download a file that isn't obviously what you expected, delete it immediately.
You may be wondering why you didn't get a warning from Gatekeeper about installing software from an unknown developer, as you should have. The reason is that the Genieo developer has a codesigning certificate issued by Apple, which causes Gatekeeper to give the installer a pass. Apple could revoke the certificate, but as of this writing, has not done so, even though it's aware of the problem. It must be said that this failure of oversight is inexcusable and has seriously compromised the value of Gatekeeper and the Developer ID program. You cannot rely on Gatekeeper alone to protect you from harmful software.
Finally, be forewarned that when Genieo is mentioned on this site, the developer sometimes shows up under the name "Genieo support." If that happens, don't believe anything he says, but feel free to tell him what you think of his scam.
Note that Genieo 2.0, which was released last week uses a much different installation pattern, with a new application "Completer", the purpose of which is still no known. The only items in common with the older version are the Genieo and Uninstall Genieo apps, along with the OmniBar Safari extension. None of the other .plists or .dylibs or launchd.conf files are deployed to /etc/, /Library/ or /usr/lib/ locations.
Instead, there are two new directories in ~/Library/Applications Support/ named "com.genieoinnovation.Installer" and "Genieo". Lastly, an additional app is installed in /Applications/ named "Uninstall IM Completer". thomas_r. has updated his Adware Removal Guide : Genieo to include these changes.
God Bless You!🙂
>>The only items in common with the older version are the Genieo and Uninstall Genieo apps
I installed it here on 10.8.5; & /Library/LaunchDaemon & PrivilegedHelperTools were still installed + not removed by either uninstaller.
I have just been on to Apple. This is just annoying but nothing to worry about. Go to Safari, Preferences, Homepage and change to Google or whatever you want. that should be the end of it.
That definitely will not remove the genieo adware from any computer. If Apple told you that, call back & tell them they're wrong. It is a necessary step, but not the only one.
I did not have house icon on top right of screen. Does this mean that the full program was not installed/ running?
DerryIreland wrote:
I did not have house icon on top right of screen. Does this mean that the full program was not installed/ running?
Difficult to say for certain as there are two versions and several variants of what get's installed. If I'm understanding you correctly, something changed your home page to Genieo so it had to have been an active process. Best bet is to look in all the places mentioned in Adware Removal Guide : Genieo to make certain that you didn't install additional Genieo components. It's entirely possible that you have one of the many other adware infections covered on that site.
Thanks for drawing my attention to the fact that it was not removed properly. I contacted Apple again and another Advisor took me through the necessary steps to remove it.
Thank you so much for the reply but I have seen these steps before and did not understand them..... Any way you could explain them without all of the abbreviations and slashes and dashes?
Thank you. I have done this but it still worries me that it is still on my computer..
I have seen these before but they are very complex and confusing. I did not understand them. Anyway you could explain it in a better way?
Biagigirl wrote:
Any way you could explain them without all of the abbreviations and slashes and dashes?
I really don't see any way to make it simpler. Not sure what abbreviations you are speaking of, but the slashes and dashes are the only thing that the Finder will understand when you right-click or control-click on it to take you to each location. Since some of those places have been hidden from you, it won't be possible to navigate to all of them.
The best advice I can give you if you don't understand these instructions is to take it to an Apple Store Genius Bar or a friend who knows Macs and can give you a hand. Mac User Groups usually have many such "friends" if there's one near by.
Thank you. I will try t use these instruction again. And if all else fails i will take it to a genius bar at the applle store. Thanks again
Thank you so much!!! I've been trying to get rid of that horrid thing for weeks, and my only annoyance left was that no matter what I did, my searches were automatically Genieo instead of Google.
THIS WORKS, just follow the instructions carefully. So grateful for this, as I'm headed to college in just days' time and really did not need computer problems in that mix.
Thanks again!
How do I remove genieo off my mac book air for good?
