can't find Genieo virus on my Mac, but it shows in anti-virus scan

okaren wrote:

How do you bring up the Downloads folder?

It's in your home folder. Fastest way to open it would be to select "Downloads" from the Finder's Go menu. It should also be located next to the Trash Can on the left of your Dock.

I set it up to delete downloads after I shut off my computer (to save space on my computer if that saves space).

I'm unaware of any such setting. How are you able to do that?

I see AppleScript Editor under Today in search box, but no TSmart.zip.

Then you probably have elected to open safe downloads and it already decompressed TSMART.zip, so you should be looking for the folder or app called TSM Adware Removal Tool.

Also, my computer screen often goes black and does not come back on if I hit keys. It freezes black so I have to press the power button to restart my computer. Is this what a browser crash is?

That's something different than a browser crash. If you see this

it's a Kernel Panic (your system crashed). Otherwise it's probably a hardware problem.

How do I fix this problem?

Start a new topic with a different subject and describe the problem. You'll get help faster from the right troubleshooters that way.

If you suspect hardware run the Apple Hardware Test while you are waiting.

I thought thomas_r. might drop by, but it looks like he hasn't been around today. If he doesn't notice this I'll drop him a line in case he wants to provide a built-in solution for this.

I don't see any easy way to give the Guest User admin privileges, so for now it looks like manual removal is your only choice. Instructions for that are at Adware Removal Guide - Genieo.

Since you have already run the tool in your admin account, all the common files should be gone already so the only ones you need to worry about are the ones in Step 3 on that start with ~/Library/ which can be found by holding down the <Option/Alt> key down while selecting "Library" from the Finder's Go menu. The only other thing to do is check any browsers used by the Guest for extensions and settings in Steps 5 & 6.

okaren wrote:

See, I am using a titled guest account instead of the administrator account. I use both accounts, but I accidentally downloaded the genieo on the guest account. I was able to run the TSM Adware Removal Tool on the administrator account, but not the guest account.

You shouldn't have been able to install it on the Guest account. Even if you could authenticate to an admin user to install software from the Guest account, any components installed in the Guest user folder would be removed as soon as you log out. Are you actually using a standard (non-admin) account that you have named Guest?

In the case of a standard account where you authenticated to admin for the purpose of installing the adware, that's a situation that never occurred to me. I'm honestly not sure how to handle that, as far as the Adware Removal Tool is concerned. Some of the components can only be removed with root permissions, which can only be achieved from an admin account with AppleScript. However, if you log in as a different user, you don't get to remove the files from the other user's folder. I'm going to have to carefully consider how to handle this.

In the meantime, as MadMacs0 says, you'll have to remove those items manually.

BTW, this is a perfect illustration of how using a non-admin account is not really much more secure - since you managed to authenticate to install something nasty with root permissions anyway - and can introduce some pretty serious inconveniences.

okaren wrote:

It was another user account I added that is not the administrator account.

Sorry, I should have asked yesterday, but since you used the word "Guest" I took that too literally or I would have suggested you do exactly what you did.

When I tried connecting to the Internet, a message appeared to enter the keychain password. I have no idea what that is.

It's always the same as one's Login password unless you choose to change it to something else.