Now Trending:
iPhone We Now Cover iphone Tips and Tricks Find out More
Home
How to Remove Genieo Malware from Infected Macs

How to Remove Genieo Malware from Infected Macs

July 3, 2019 Mac No Comments

When it comes to obnoxious apps on Mac, perhaps nothing is more annoying than those that push too hard to users trying to be useful. Israel-based Download Valley, for examples, has built their business around apps like these, creating infamy with a business model that isn’t quite illegal but is highly annoying and feels like it might not be entirely legal. Even when these apps appear useful or unassuming, they start pushing their services to an extent that becomes so obnoxious these apps become less a convenience and more a nuisance.

 

One Download Valley app that’s been particularly aggressive for Mac users is Genieo, an app that creates a “newspaper-styled homepage” tailored to the user’s search and browsing history that supposedly provides information pertinent to the user on first opening the Mac. This sounds useful, but in practice, this app can become extremely irritating. This app draws a particular ire from Mac users, so this article will both inform about what Genieo is and how it works and provide solutions as to how to remove the program from infected Macs.

 

Genieo’s Installation Issues

 

One of the biggest problems with Genieo is that its installation is often combined with other apps which can include programs which you trust and willingly download, including Adobe updates and other commonly used programs. When these programs are downloaded, unless opted out of, which is not always clearly presented to the user as an option just as the inclusion of Genieo in the download is not always presented clearly to the user, Genieo is automatically downloaded as well.

 

It also installs features that can be incredibly damaging to users’ internet browsers. This includes an extension called an Omnibar which is added when the user downloads Genieo to Firefox, Safari, or Google Chrome. This Omnibar extension manipulates the user’s preferences without their knowledge, automatically opening Genieo instead of the homepage dictated by the user’s preferences.

 

This allows the app to show particular adds on their pages and create targeted monetisation directed at the users. This means that sponsored ads are directly fed to their users rather than the user preferences which would normally be featured in these targeted ads. While Genieo has received strong negative feedback on their shady usage of these extensions and their installation techniques as far back as 2013, they seem unaffected by the criticism and no changes seem to have been made to their tactics.

How Genieo works

 

Most recently, the Genieo app has manifested, starting approximately in mid-2018, in a file known as the MRT.app, which appears in anti-malware programs downloaded by Mac users. It may appear as MacOS:BitCoinMiner-AS Trojan, or MacOS:Genieo-FM, following the path /System/Library/CoreServices/MRT.app/Contents/MacOS/MRT, and the affected process is /usr/libexec/xpcproxy.

 

This suggests that the Genieo app is now becoming imbedded in Apple’s own anti malware tool, meaning it will infect a far larger number of devices and will be far harder to remove from these Mac. There is also the possibility that the malware entity has a cryptocurrency mining feature in order to more effectively diversify the creator of the apps’ monetary rewards from the app.

 

More plausibly, however, is that this anti malware app is not actually carrying the Genieo virus, but malware programs are instead identifying an error from a prior update to the macOS. This suggests that the anti malware devices are instead mistaking the wrong apps as the Genieo virus, making the virus itself extremely hard to locate and therefore remove from infected devices. This provides an extreme inconvenience to users and exposes potential flaws in the Mac’s malware identification programs.

 

Genieo, however, also has built into their systems programming which is designed to resist traditional techniques for removal. Deleting the Omnibar extension does not fix the issue and going through the website’s uninstaller file will only create further malfunctions and problems for the users. However, there is a way to remove the Genieo software from the Mac, which requires a specialised and targeted techniques to circumvent Download Valley’s intensely persistent software.

 

How to Manually Remove Genieo from Mac

 

While some apps may respond to deletion of the extension or even a resetting of the browser, something which would be effective is done on a Windows computer, the Genieo virus will not respond to these methods. However, this article lays out a manual solution that will remove Genieo from the browser.

 

  1. Log in as an administrator. This technique will not be effective from a guest or secondary account.
  2. Quit the app. From a more recent Mac update where apps can be found in the dock, right click the image of the app until the options appear, in which case you can press quit. Alternatively, if the app is open, click on the grey bar above the screen which, in bold, will read “Genieo”. This will be right next to the app’s “File” tab. At the bottom of the options shown, there will be one that reads “Quit Genieo”.
  3. Find and delete the file marked launchd.conf. You can find it by searching the file in the Finder app, or by searching for the path at /private/etc/launchd.conf. Do not empty the trash yet after you’ve completed this step. If you cannot find the file, do not delete any of the items listed in step 4 with the .dylib format.
  4. Find the following files, as many of them as you can find, and move them to the trash. You may not be able to find them all, but simply delete as many as you can. Keep the trash full—do not empty it yet.

/Applications/Genieo

/Applications/Uninstall Genieo

/Library/LaunchAgents/com.genieoinnovation.macextension.plist

/Library/LaunchAgents/com.genieoinnovation.macextension.client.plist

/Library/LaunchAgents/com.genieo.engine.plist

/Library/PrivilegedHelperTools/com.genieoinnovation.macextension.client

/usr/lib/libgenkit.dylib

/usr/lib/libgenkitsa.dylib

/usr/lib/libimckit.dylib

/usr/lib/libimckitsa.dylib

  1. Make sure your Mac is backed up and then reboot it by restarting the computer. You can do this either by clicking on the apple symbol in the grey tab and pressing restart, or by simply doing a hard reset by holding down the power button. Once your computer is back on, make sure you log into the administrator account once again.
  2. Delete the file /Library/Frameworks/GenieoExtra.framework. Now you can delete the trash.
  3. Uninstall the Omnibar extension. Here’s how to do so for the aforementioned browser:

Firefox: Find the Tools tab, then click through Add-ons then extension. Remove Omnibar, the option for this is next to the Omnibar name.

Safari: On the Safari app, click the Safar tab on the grey bar next to the file button then open preferences. Select the extensions tab and remove Omnibar.

Chrome: Access the Chrome menu then find tools and then extensions. There’s a trash button next to Omnibar which you can now click.

  1. On whichever browser you used, reset the homepage to your original home page of choice. You should now have Genieo removed from your Mac

 

How to fix an Affected Browser

 

Resetting Firefox: This reset is relatively simple. Open Firefox then find the help tab, then find “troubleshooting information.” On the main troubleshooting page, you will find a button off to the side labeled “reset Firefox”. Simply click on this button and you are all set.

Resetting Safari: On the grey tab above the screen on the Safari app, click the Safari tab, once again found next to the File tab, and open Preferences once again. Find the tab labelled “Privacy” and then click the button found in the middle of the tab labelled “Remove all website data”. You will then be met with a pop-up screen asking you if you would like to remove the data, simply click “Remove Now”. Alternatively, you could click on the smaller button underneath “Remove all website data” and choose which website data you would like to delete. This may be useful as removing the data may log you out of certain services, but for safety reasons you may want to “remove all” regardless.

 

Resetting Chrome: Open Chrome for Mac and click on the Chrome tab on the grey bar above the screen, next to the File tab. Click on Preferences, which will open a new tab of Chrome and Google settings. Scroll all the way to the bottom and click “Advanced”, then scroll all the way to the bottom again. From here you will find a button under the ta “Reset settings” marked “restore settings to their original defaults”. Clicking on this button will bring up a popup asking if you would like to restore settings. Click “Restore” and the reset is complete.

 

Alternative Freshmac Removal Method

 

There is another method of removing Genieo which involves a specifically designed cleaner for your Mac, an application called Freshmac. This will clean your Mac of unnecessary applications and malware and keeps your privacy settings protected and your storage at as maximum capacity as possible.

  1. Download the installer, which you can find rather easily by searching for the application in your web browser, then download the file to start the installation. Press continue and enter your password in order to install the application.
  2. Once the app is installed, it will start a scan automatically.
  3. The completed scan will offer a report of problems found on your Mac, which you can resolve by pressing the “Fix Safely” button found at the top of the screen.
  4. Check whether or not Genieo has been removed. If it hasn’t, go to the Uninstaller tab on Freshmac, find an application you think may be harbouring the virus, and fix that safely to uninstall the application manually.
  5. On the Temp and Startup App tabs on Freshmac, you can also delete repetitive items or any other apps you may be worried about, and this should fix the issue.

 

Conclusion

 

The Genieo malware may be incredibly annoying, but that does not mean it is unfixable. While this app is incredibly persistent and difficult to remove, there are in fact several ways to uninstall the malware.

 

Make no mistake, while this application might not be explicitly illegal, the Download Valley creators have no interest in catering to the interests of their users and have consistently ignored negative press, making this application as difficult to use and remove as possible.

 

As this is the case, it is important to familiarize yourself with the methods of removal and resetting the browsers so you can continue to keep your Mac device as safe as possible.

Related Posts

About The Author

brian

Leave a Reply