Sunday, September 7, 2014

How to remove Adware, Spyware and Trojan like Genieo, Conduit, Downlite or Spigot from Mac Browsers?Check your Browser Today because 90% of the Mac is infected.

Those days have gone when people used to say " Mac does not get infected from Viruses, Malwares or Spywares".You should better check your browser right now to see if it is also infected with one of those threats.I bet your browser might be infected with Israeli Adware cum Spyware called Genieo ( and InstallMac, another name for the same software ), the most prolific Adware at this time.It has been in active distribution since January, 2013, with a very active Israeli company behind it. Although the installer is available through the company’s web site, it has also been seen numerous times being distributed through installers that pretend to be something they are not, such as fake Adobe Flash Player installers. This behavior has been blamed on third-party “partners” each time it has been observed.The uninstaller that comes with Genieo has never worked and is useless, it appears to remove the software but it leaves behind many active component in the system which keeps running in the background all the time and affected systems will be actively tracked for browsing behaviors, and legitimate Web sites will be hijacked with ad banners and other content that attempts to lure you into clicking it.

Genieo is a search engine program that will change your personal and default browser settings upon installation. Genieo is not usually considered a virus or malware program (although seventeen security solutions list the Mac version as adware), but uses the keywords you enter into the Genieo search engine to generate an excessive number of sponsored links and ads mixed in with your search results.

Adware has become a major issue on all operating systems, regardless of their vendor, mostly because potentially unwanted applications are frequently bundled with very popular freeware programs.

Most adware, Malware and spyware infections happen when Mac or PC users install computer programs developed by third-party programmers, called "freeware," and some examples are video downloaders, file converters or PDF-file generators.You might also have downloaded it from an ad in a page on some other site. The ad has a large green button labeled "Download" or "Download Now" in white letters. The button is designed to confuse people who intend to download something else on the same page. If you ever download a file that isn't obviously what you expected, delete it immediately.

Identification

If your system is infected with Genieo, your browser would have a homepage of Genieo search engine and would look something like shown in the following pictures.
Pic-33(a)

or your Mac would have a small home icon in the top menu bar as shown in the Picture below.

Pic-33(b)
or you would see an InstallMac's home page as shown in the Picture below.
Pic-33(c)

More and more Mac OS X users are falling victim to various adware and spyware infections.Genieo is not the only Malware, there are plenty of these out there with different names some of these famous names are as following.


  • Awesome Screenshot
  • ChatZum
  • ClickAgent
  • Conduit
  • Codec-M
  • Deal Finder
  • Downlite
  • Delta-Search.com
  • FkCodec
  • Genieo
  • GoPhoto.it
  • Jollywallet
  • MacDeals
  • MacSter
  • Omnibar
  • PalMall, MacVX, MacShop, MacSmart, News Ticker Remover
  • Rvzr-a.akamaihd.net
  • Savekeep, saVe keeep, suave keepo, or anything similar
  • Searchme, Slick Savings, Amazon Shopping Assistant and/or Ebay Shopping Assistant 
  • Spigot
  • Trovi
  • Vidx, Viddxx, Vidox, Viidax, ViiDDx, or anything similar
  • Yontoo and/or Torrenthandler

If your Mac is infected with any of the above Malwares, Don't worry you just need to Run a small Adware Removal Tool and they all will be gone.
The best Adware Removal Tool is TSMART  from thesafemac.com which can be downloaded from http://www.thesafemac.com/art/ or Click here to Download


This tool is an AppleScript application designed to remove all known Mac adware.

How to use TSMART Adware Removal Tool

Step 1. Using this script is pretty easy, once you have opened it from download folder after downloading it. It pretty much does everything for you, with just a few questions along the way.I recommend to quit it from menu bar first because it is always running actively in the background so click on the Home icon in the menu bar on the upper right corner and select
Pic-33(d)


Step 2. So now download it and then go to the Download folder in Finder.Open Folder TSM Adware Removal Tool it contains file TSM Adware Removal Tool.app.

Pic-33(e)

Pic-33(f)


First, the script will check for updates. If there’s a newer version of the script, you will be directed to download it. You can choose to continue using the script you already have, but should be aware that it’s probably always going to be in your best interests to use the most up-to-date version of the script.

Pic-33(g)

Step 3. Next, you will be asked if you’re okay with closing your web browser(s). If you’re right in the middle of a lengthy post on some forum about the evils of adware and don’t want to lose it, you can opt out at this point, and run the script again later. If you’re okay with the script closing your browser(s), it will close them for you.

Pic-33(h)
Step 4. From here, the script will begin removing any adware it finds. Adware components will be moved to the trash, rather than deleted outright, so that you can have the final say about deleting it.

Pic-33 (i)

Pic-33(j)

Steps 5. Once it has cleaned all the Adware found then it would ask you either to empty the recycle bin or restart the computer to complete the removal process so take the action accordingly.
Pic-33(K)

Step 6. There are just a couple cases where the script will need to ask you how to proceed. In the case of GoPhoto.it, your Firefox preferences file (prefs.js) may be infected with hundreds of kilobytes of GoPhoto.it-related JavaScript code. Deleting it is required to get rid of this adware, but this will cause you to lose some of your Firefox preferences. Thus, the script will ask you what to do. If you choose not to delete the prefs.js file, you can always run the script again later to remove it, or you can restore a clean file from backup or remove the malicious code manually.

delete launchd.conf? Some variants of the Genieo adware install files that, if removed improperly, can cause the  machine to freeze and to be unable to restart. Thus, if the primary culprit – the launchd.conf file – is found, and if it contains a malicious Genieo-related setting, the script will proceed cautiously. It will ask you if you want to delete this file. You can either choose to delete the file, or choose not to and edit it manually. Either way, you will need to restart the computer afterwards to make the change take effect. (The script will do this for you, after asking if that’s okay, if you choose to let it take care of removing this file.) After doing this, you can run the script a second time to remove the remaining components, which cannot be safely deleted while an infected launchd.conf file remains in the system.
Pic-33(l)

Bottom line – pay attention to the messages you see, rather than just skipping past them, and you’ll be okay.

Method 2. ( Manual Removal )

WARNING: If you do not follow these directions exactly, you could cause your computer to freeze and it probably will not be able to restart and it is always advisable to back up all data. You must know how to restore from a backup even if the system becomes unbootable and if you don't know how to do this, follow the instructions mentioned on Apple support site on How to backup and restore your file.

Steps

1. First of all make sure you are logged in as an Administrator account.If the Genieo is installed you would see the “house” icon in the menu bar.Quit it by clicking on the house icon and then selecting Quit Genieo. Some variants of Genieo do not include a Genieo app, in which case this step is unnecessary.

Oic-33(m)

If the app will not quit, or you do not see the house icon, open the Activity Monitor application (found in the Utilities folder in the Applications folder) and find the Genieo app. Select it, then click the toolbar button with a stop sign with an X in the middle to force it to quit.
Pic-33(n)

2. Now delete /private/etc/launchd.conf file by moving it to trash.If you found it successfully and deleted this file, make sure you do NOT empty the trash at this point. In case you couldn’t find it, restrain from deleting any of the .dylib files listed in step 4.Failure to properly remove this file, if it is present, will result in your computer freezing and becoming unable to start up!

If you have run the Genieo uninstaller you won’t find the launchd.conf file because it removes the launchd.conf file and it is fine to move on to the next step.The launchd.conf file

3. If the launchd.conf file was found and deleted, restart the computer. Otherwise, proceed without restarting.

4. Now delete the following items by moving or dragging them to the trash. Some of them, including the Genieo application, may not be present; remove the ones that you do find.

/Applications/Genieo
/Applications/InstallMac
/Applications/Uninstall Genieo
/Applications/Uninstall IM Completer.app
~/Library/Application Support/com.genieoinnovation.Installer/
~/Library/Application Support/Genieo/
~/Library/LaunchAgents/com.genieo.completer.download.plist
~/Library/LaunchAgents/com.genieo.completer.update.plist
/Library/LaunchAgents/com.genieoinnovation.macextension.plist
/Library/LaunchAgents/com.genieoinnovation.macextension.client.plist
/Library/LaunchAgents/com.genieo.engine.plist
/Library/LaunchAgents/com.genieo.completer.update.plist
/Library/LaunchDaemons/com.genieoinnovation.macextension.client.plist
/Library/PrivilegedHelperTools/com.genieoinnovation.macextension.client
/usr/lib/libgenkit.dylib
/usr/lib/libgenkitsa.dylib
/usr/lib/libimckit.dylib
/usr/lib/libimckitsa.dylib


5. Now restart the computer and move the following item to the trash, if present.
/Library/Frameworks/GenieoExtra.framework
and now it is safe to empty the trash so clean it up.

6. Remove Omnibar extension- Now open Safari and go to Safari menu from top menu bar and select Reset Safari.And then click preferences under Safari menu.Click on extension tab and then select omnibar from left and click uninstall to remove Omnibar as shown in the picture-33(o).

Pic-33(m)
Pic-33(o)

7. Reset the Home Page, and possibly default search engine for your browser as shown in the picture-33(p).

Pic-33(p)

Method 3 : Deleting Genieo from Mac OS X (Automatically)


1. Download the free removal tool from Bitdefender's website.

Bitdifender Adware removal for Mac
Pic-33(q)

2. Open the tool and follow the simple instructions. This will delete all Genieo files and reset Safari, Chrome and Firefox automatically.

3. If required, restart your Mac.Reset the Home Page, and possibly default search engine for your browser.

******************************************

Sources and Citations:
http://www.thesafemac.com/arg-genieo/



Reactions:

0 comments:

Post a Comment