[Catalist] How to detect and remove Genieo for Mac?

Wed Jan 17 15:37:50 AEDT 2018

Mike,

I’ve used Macs for 33 years. Other than ransomware, I have never come across any seriously destructive malware that runs under Macintosh operating systems. For protection against ransomware I have a suite of frequent offline full backups.

Genieo can be classed as annoyware, originating in Israel, so immediate remediation is probably not essential. It hijacks your browser and tracks browser usage with the intention of mining information.

However, it's a good idea to remove all of its tentacles as soon as you have several spare moments.

Description: https://en.wikipedia.org/wiki/Genieo

Basic removal:

1 Make a full offline backup of the hard-disk on which your System lives.

2 Open a Finder widow.

3 Choose File>Find

4 On the left side of the Finder window, choose Other… from the first drop-down menu.

5 Put tick marks for both ‘System files’ and ‘File visibility’.

6 Then build up a search over all disks that has the following parameters:

a Name contains 'Genieo’
b System files ‘are included’.
c File visibility set to ‘Visible and Invisible’.

7 from the search results choose all files that are obviously related to Genieo and trash them.

8 Then cycle only the name parameter in your search parameters to the following. The files you want to delete follow each parameter. Note that these files may not exist in the first place:

a ‘Name contains “libgenkit”. If found, delete libgenkit.dylib
b ‘Name contains “libimckit”. If found, delete libimckit.dylib
bc ‘Name contains “libimckitsa”. If found, delete libimckitsa.dylib

9 In all of your browsers uninstall any extensions you know you don’t need, including one called ‘Spigot' if it's present.

10 Restart.

11 If you are happy that you have eliminated all annoyware then overwrite, with a fresh backup, the offline backup [step 1] of the hard-disk on which your System lives. That’s to kill off the annoyware on your backup.

12 Promise yourself that in future you will never again visit the Internet's open sewers such as "Softonic" or "CNET Download."

> On 17 Jan 2018, at 09:37, Michael McGarry <mmcgarry44 at gmail.com> wrote:
> 
> Greetings Science Colleagues,
> 
> My Trend Micro Antivirus [TMA] for Mac has detected and quarantined Genieo on my MacBook Pro [Late 2013].
> 
> Have any colleagues found Genieo programs on their Macs? TMA has been unsuccessful in cleaning Genieo from my MacBook Pro.
> 
> This MAC-ISSUES website URL: https://www.macissues.com/2014/04/23/how-to-detect-and-remove-genieo-for-mac/ provides ‘complicated' removal advise.
> 
> I am reluctant to fully follow the complicated removal advice from MAC-ISSUES as I have not experienced any adverse effects from Genieo on my MacBook Pro.
> 
> Should I ignore ‘quarantined' Genieo on my MacBook Pro?
> 
> Thanks and Best Wishes,
> 
> Michael John McGarry
> 
> _______________________________________________
> Catalist mailing list
> Catalist at lists.stawa.net
> http://lists.stawa.net/mailman/listinfo/catalist_lists.stawa.net

Regards,

Ray Forma
50 Harvest Road, North Fremantle WA 6159, Australia
Tel +61 (0) 428 596 938