“I let my brother use my MacBook Pro, and it came back with a Genieo toolbar adware installed on it.“
This kind of comment has been a common occurrence amongst Mac users in recent months. There have been a growing number of concerns regarding a software package called Genieo. This software can cause many headaches, by preventing users from changing browser search engines, leading to pop up advertisements and warnings.
However before starting any extraction methods you may need to close all the pop-up windows that are open. Sometimes your Mac may be inundated with pop ups to the point where it is not functional. Here are some steps to follow to get around this problem:
- If a pop-up on your Mac includes a “Don’t show more alerts from this webpage” check box, make sure to select that option if possible.
- If a Block Alerts button shows after dismissing a pop up on your iPhone, iPad, or iPod touch, choose the option to stop showing alerts from that webpage.
- If a pop-up refuses to close:
- Use the Force Quit option and the next time you open Safari or Firefox, hold down the Shift key while opening the browser. This prevents the browser from automatically opening windows.
- If you are on an iPhone, iPad, or iPod touch, use the Force Quit option to get out of the browser. But to prevent Safari or Firebox from automatically opening windows at launch, go to Settings > Safari or Firefox, then choose the Clear History and Website Data option, this feature also removes your browser history and cookies.
Genieo is malicious software that causes pop up ads and in-texts on infected browsers. Genieo is also difficult to remove and its components can stay on your PC even after attempted extractions without the user noticing. After the software installs itself onto a computer it is extremely difficult for users to remove. Genieo will hijack the browser and track browser usage with the intention of mining users’ information.
In order to remove this software completely, you will need to look for and find all suspicious files and then make sure to remove them including all the hidden files. For good measure, a full scan with your antivirus application to make sure all suspicious files are cleaned is a good idea.
Genieo… What Exactly Is It?
Genieo is a “content recommendation engine,” that allows custom search results and targeted advertising to be presented on a homepage; this process is managed by a browser extension. The goal is to track what you do as well as guide your searches and activity to relevant commercial sites and deals. Genieo Innovation is an Israeli company, which specializes in producing unwanted software including advertising and user tracking software. This type of software is commonly referred to as: potentially unwanted program, privacy-invasive software, grayware, or malware.
This method is similar to what home pages like Google, Bing, Yahoo, or Facebook do, they offer their own recommendations, ads, and other details based on your Internet activity and history. The difference between Genieo and the home pages is that Genieo tracks Internet activity via a software download where the home pages perform this process by having users login to an online account.
The Genieo engine and installer are currently available on the Genieo website, and although the original intention behind Genieo may have started out as a legitimate effort, the engine has been recently used in ways with the following suspicious behaviors associated with it:
- Genieo has been found in software packages disguised as fake Flash Player installers or as other legitimate installers. This method of software distribution is usually considered a malicious process.
- Once Genieo is downloaded, it is not easy to remove. Although this software comes with an uninstaller, using it does not remove all of the installed files.
How to Check if You Have Genieo on Your Mac
If you think you may have Genieo installed on your Mac but you are not sure, you can check for the following things:
- Files that include the prefix, “com.genieo…” located in:
- Macintosh HD > Library > LaunchAgents
- “Genieo.app” in the Applications folder
- Status menu bar shows a small house icon
- Cannot change the browser home page
- Cannot change the default search engine setting
- “Genieo” folder located in:
- Home folder > Library > Application Support folder
- You can access the Library by getting to:
- The Finder, then the Go menu and hold down the Option key, this will cause the Library option to show in the drop down menu.
- If you are still not sure if Genieo is present on your Mac, you can run an anti-malware scan, many utilities include malware definitions that identify Genieo application files as malicious.
How to Remove All Traces of Genieo
If you have detected the presence of Genieo on your computer you can follow these steps to remove all traces of the application files:
- Log in to the admin account for your computer
- Go to the Applications folder and remove these items:
- “Uninstall Genieo.app”
- “Uninstall UM Completer.app”
- Go to the Macintosh HD > Library > LaunchAgents folder and remove any file with the prefix, “com.genieo” including the following:
- Go to the Macintosh HD > Library > LaunchDaemons folder and remove any file with the prefix, “com.genieo”
- Go to the Macintosh HD > Library > PrivelegedHelperTools folder and remove any file with the prefix, “com.genieo”
- Go to the Macintosh HD > Library > Frameworks folder and remove the file:
After the previous steps have been completed you will now have to remove the more deeply embedded files as well as any changes made to the system. One of the changes that Genieo makes to the system is, it modifies the system’s launcher parameters in order to allow the appending of dynamic libraries, adding executable extensions to applications.
This process creates a system launcher configuration file that has a custom setting, and this file is read when the system launcher is loaded by the OS X kernel, allowing the dynamic libraries to load in addition to the programs that are launched.
A standard OS X installation does not come with any pre-configured launcher files, so unless you have created a configured launcher file, you can remove all that are present without affecting the performance of your Mac.
You can follow these steps to remove these files:
- Go to the Finder and choose the “Go” menu
- Enter “/etc” in the pop up field
- Find the “launchd.conf” file in the folder that pops up and move it to the trash
- It is recommended that you can make a copy of this file to the desktop, in case it contains a legitimate modification implemented by another software package you use.
- After this file is removed, select the Go menu, and enter “/usr/lib” in the available field to open this hidden folder. In this folder remove the following files, if they are present:
After this step is completed, you will need to remove all the modifications Genieo made to each user’s home folder on the operating system.
To complete this, log into each user account, and perform the following:
- Choose the “Library” from the Go menu in the Finder by holding down the Option key
- Go to the Application Support folder and remove any directories with the following names:
Then go to the “LaunchAgents” folder and remove any files with the prefix “com.genieo” in their name.
Finally, the last step is to undo any changes that were made to your Web browsers, such as, removing extensions and resetting the default search engine.
These steps can be completed in Safari by following the next steps:
- Go to the Extensions section of Safari preferences and remove any extension you did not install yourself.
- Change the default search engine in the General section of the Safari preferences.
These same changes can also be applied to Chrome, Firefox, Opera, and other browsers using their preference settings.