blairnoel
Level 1 (0 points)

Q: Removing Genieo Files

So today I decided to run a scan of my computer files and so downloaded Clamxav. The scan returned a couple of Genieo files, which I don't recall ever installing. A bit of research showed these to likely be malware, and so I would like to get rid of them.

 

I referenced the Adware Removal Guide: Genieo on The Safe Mac (http://www.thesafemac.com/arg-genieo/) and attempted to follow the step-by-step removal process. However, I've hit a number of roadblocks.

 

The biggest "problem," if you could call it that, is that most of the files mentioned on the list are not showing up on my computer, either through manual path following or via terminal.

 

Clamxav returned only three results: Completer.app, Application.app (which is within Completer.app), and a Safari extension called Omnibar. Looking up each of the files specified on The Safe Mac guide, all I can find are:

 

~/Library/Application Support/com.genieoinnovation.Installer/

~/Library/LaunchAgents/com.genieo.completer.download.plist

~/Library/LaunchAgents/com.genieo.completer.update.plist

and also the "my-homepage.xml" listed in ~/Library/Application Support/Firefox/Profiles/

 

According to The Safe Mac guide, it's possible that Genieo isn't actually installed on my computer, but rather that some of the files were downloaded but, for one reason or another, were never installed. If those four files (plus Omnibar) are all that are present, then I should be able to delete them without any issues.

 

The reason I began this process in the first place was that I got a sudden pop-up warning on Safari saying that malware may have been installed. However, the pop-up itself seemed somewhat fishy, as it prevented me from doing anything on Safari. I was forced to quit Safari in order to do anything again, but I haven't noticed any changes or problems. I did find Omnibar under the Extensions category of Sarari Preferences, but I simply clicked to uninstall it and it went away without a fuss.

 

It's worth mentioning that all of the Genieo files I can find were last modified in July of this year, indicating that that's when they were downloaded and that they've been inactive since then.

 

So, after all that, my questions are twofold:

 

1. Is it safe to delete these few files from my computer? Since I can't find the noteworthy /private/etc/launchd.conf file mentioned on The Safe Mac it should be okay, but even so I figured I'd check first.

 

2. Are there any more potential problems I should be looking for?

 

All this fuss is due to the repeated warnings I've seen that failing to properly delete Genieo files in the correct order could permanently freeze my computer. I've already been through one broken hard drive, and I'm not looking to repeat the experience.

 

Thanks in advance for any help.

MacBook Pro, Mac OS X (10.6.8)

Posted on Sep 6, 2014 12:44 PM

Close
blairnoel

Q: Removing Genieo Files

  • All replies
  • Helpful answers

  • by Kappy,

    Kappy Kappy Sep 6, 2014 12:49 PM in response to blairnoel
    Level 10 (271,850 points)
    Desktops
    Sep 6, 2014 12:49 PM in response to blairnoel

    6 Ways to Delete Genieo - wikiHow

    Remove Genieo(InstallMac) on Mac | Fix-KB

    You installed the "Genieo" scam product.


    Helpful Links Regarding Malware Problems

     

    If you are having an immediate problem with ads popping up see The Safe Mac » Adware Removal Guide and The Safe Mac » Adware Removal Tool.

     

    Open Safari, select Preferences from the Safari menu. Click on Extensions icon in the toolbar. Disable all Extensions. If this stops your problem, then re-enable them one by one until the problem returns. Now remove that extension as it is causing the problem.

     

    An excellent link to read is Tom Reed's Mac Malware Guide.

    Also, visit The XLab FAQs and read Detecting and avoiding malware and spyware.

    See these Apple articles:

     

      Mac OS X Snow Leopard and malware detection

      OS X Lion- Protect your Mac from malware

      OS X Mountain Lion- Protect your Mac from malware

      OS X Mavericks- Protect your Mac from malware

      About file quarantine in OS X

     

    If you require anti-virus protection Thomas Reed recommends using ClamXAV. (Thank you to Thomas Reed for this recommendation.)

     

    From user Joe Bailey comes this equally useful advice:

     

    The facts are:

     

    1. There is no anti-malware software that can detect 100% of the malware out there.

    2. There is no anti-malware that can detect everything targeting the Mac.

    3. The very best way to prevent the most attacks is for you as the user to be aware that

         the most successful malware attacks rely on very sophisticated social engineering

         techniques preying on human avarice, ****, and fear.

    4. Internet popups saying the FBI, NSA, Microsoft, your ISP has detected malware on

        your computer is intended to entice you to install their malware thinking it is a

        protection against malware.

    5. Some of the anti-malware products on the market are worse than the malware

        from which they purport to protect you.

    6. Be cautious where you go on the internet.

    7. Only download anything from sites you know are safe.

    8. Avoid links you receive in email, always be suspicious even if you get something

        you think is from a friend, but you were not expecting.

    9. If there is any question in your mind, then assume it is malware.

  • by Linc Davis,

    Linc Davis Linc Davis Sep 6, 2014 3:46 PM in response to blairnoel
    Level 10 (208,044 points)
    Applications
    Sep 6, 2014 3:46 PM in response to blairnoel

    1. Yes.

     

    2. There are always potential problems. If you don't have any other actual problems, just make sure you never download anything like Genieo again.

  • by MadMacs0,

    MadMacs0 MadMacs0 Sep 6, 2014 7:17 PM in response to blairnoel
    Level 5 (4,801 points)
    Sep 6, 2014 7:17 PM in response to blairnoel

    blairnoel wrote:

     

    The biggest "problem," if you could call it that, is that most of the files mentioned on the list are not showing up on my computer, either through manual path following or via terminal.

    The list shown contains files from at least two versions of Genieo, so it is extremely unlikely that any user will find all of them.

    According to The Safe Mac guide, it's possible that Genieo isn't actually installed on my computer, but rather that some of the files were downloaded but, for one reason or another, were never installed.

    Based on the locations of what you did find, it had been installed. If not there would only have been one file, the installer itself.

    It's worth mentioning that all of the Genieo files I can find were last modified in July of this year, indicating that that's when they were downloaded and that they've been inactive since then.

    No. That indicates the date it was compiled by the developer (Genieo). They activate immediately, so it was probably installed the same day you first noticed the pop-ups. To understand where it came from and how to avoid it in the future read John Galt's How to install adware.

    Since I can't find the noteworthy /private/etc/launchd.conf file mentioned on The Safe Mac it should be okay, but even so I figured I'd check first.

    That was a version 1 file which is no longer installed with version 2. I suspect the primary reason they came up with the new version was because of all the problems caused when users tried to remove the initial version.