Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

Genieo

Genieo

Updated:
November 08, 2016
Name:
Genieo
Publisher:
Genieo
Risk Impact:
Low
Systems Affected:
Mac

Behavior

Genieo is a potentially unwanted application that installs a browser extension in order to change the browser's default search engine.

Antivirus Protection Dates

  • Initial Rapid Release version October 02, 2014 revision 022
  • Latest Rapid Release version March 08, 2017 revision 005
  • Initial Daily Certified version July 10, 2014 revision 009
  • Latest Daily Certified version March 08, 2017 revision 008
  • Initial Weekly Certified release date July 16, 2014
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
When the program is executed, it creates the following files:
  • /Application/Genieo.app
  • /Applications/Uninstall Genieo.app
  • ~/Library/Application Support/com.genieoinnovation.Installer/Completer.app
  • ~/Library/LaunchAgents/com.genieo.completer.download.plist
  • ~/Library/LaunchAgents/com.genieo.completer.update.plist
  • ~/Library/Safari/Extensions/Omnibar.safariextz
  • ~/Library/Application Support/Genieo/
  • /tmp/GenieoInstall.dmg
  • /tmp/tmpinstallmc.dmg

Next, the program changes the default search engine and homepage to the following domain:
search.genieo.com

The program then installs the following browser extension:
~/Library/Safari/Extensions/Omnibar.safariextz

When the user inputs a search query it will appear to be carried out using Google Search but the results will be from genieo.com.



The following instructions pertain to all current and recent Symantec antivirus products for Macintosh.
  1. Update the virus definitions.
  2. Run a full system scan and repair or delete all the files detected.
For specific details on each of these steps, read the following instructions.

1. To update the virus definitions
To obtain the most recent virus definitions run LiveUpdate: These virus definitions are posted to the LiveUpdate servers regularly. To determine whether definitions for this threat are available by LiveUpdate, refer to the Virus Definitions (LiveUpdate) .

2. To scan for and delete the infected files
  • Start your Norton AntiVirus or Symantec Endpoint Protection for Macintosh program and make sure that it is configured to scan all files.
  • Run a full system scan.
  • If any files are detected, click Repair (if available) or Delete.
Writeup By: Kaoru Hayashi