Neo Download

Those days have gone when people used to say " Mac does not get infected from Viruses, Malwares or Spywares".You should better check your browser right now to see if it is also infected with one of those threats.I bet your browser might be infected with Israeli Adware cum Spyware called Genieo ( and InstallMac, another name for the same software ), the most prolific Adware at this time.It has been in active distribution since January, 2013, with a very active Israeli company behind it. Although the installer is available through the company’s web site, it has also been seen numerous times being distributed through installers that pretend to be something they are not, such as fake Adobe Flash Player installers. This behavior has been blamed on third-party “partners” each time it has been observed.The uninstaller that comes with Genieo has never worked and is useless, it appears to remove the software but it leaves behind many active component in the system which keeps running in the background all the time and affected systems will be actively tracked for browsing behaviors, and legitimate Web sites will be hijacked with ad banners and other content that attempts to lure you into clicking it.

Genieo is a search engine program that will change your personal and default browser settings upon installation. Genieo is not usually considered a virus or malware program (although seventeen security solutions list the Mac version as adware), but uses the keywords you enter into the Genieo search engine to generate an excessive number of sponsored links and ads mixed in with your search results.

Adware has become a major issue on all operating systems, regardless of their vendor, mostly because potentially unwanted applications are frequently bundled with very popular freeware programs.

Identification

If your system is infected with Genieo, your browser would have a homepage of Genieo search engine and would look something like shown in the following pictures.

Remove malware,spyware and trojan like Genieo, Conduit, Downlite-Pic-33(a)

or your Mac would have a small home icon in the top menu bar as shown in the Picture below.

Remove malware,spyware and trojan like Genieo, Conduit, Downlite-Pic-33(b)

or you would see an InstallMacs home page as shown in the Picture below.

Remove malware,spyware and trojan like Genieo, Conduit, Downlite-Pic-33(c)

More and more Mac OS X users are falling victim to various adware and spyware infections.Genieo is not the only Malware, there are plenty of these out there with different names some of these famous names are as following.

• Awesome Screenshot
• ChatZum
• ClickAgent
• Conduit
• Shopify
• Codec-M
• Deal Finder
• Downlite
• Delta-Search.com
• FkCodec
• Genieo
• GoPhoto.it
• Jollywallet
• MacDeals
• MacSter
• Omnibar
• PalMall, MacVX, MacShop, MacSmart, News Ticker Remover
• Rvzr-a.akamaihd.net
• Savekeep, saVe keeep, suave keepo, or anything similar
• Searchme, Slick Savings, Amazon Shopping Assistant and/or Ebay Shopping Assistant 
• Spigot
• Trovi
• Vidx, Viddxx, Vidox, Viidax, ViiDDx, or anything similar
• Yontoo and/or Torrenthandler
• yahoo powered search

If your Mac is infected with any of the above Malwares, Dont worry you just need to Run a small Adware Removal Tool and they all will be gone.
The best Adware Removal Tool is TSMART  from thesafemac.com which can be downloaded from http://www.thesafemac.com/art/ or Click here to Download


This tool is an AppleScript application designed to remove all known Mac adware.

How to use TSMART Adware Removal Tool

Step 1. Using this script is pretty easy, once you have opened it from download folder after downloading it. It pretty much does everything for you, with just a few questions along the way.I recommend to quit it from menu bar first because it is always running actively in the background so click on the Home icon in the menu bar on the upper right corner and select

Remove malware,spyware and trojan like Genieo, Conduit, Downlite-Pic-33(d)

Step 2. So now download it and then go to the Download folder in Finder.Open Folder TSM Adware Removal Tool it contains file TSM Adware Removal Tool.app.

Remove malware,spyware and trojan like Genieo, Conduit, Downlite-Pic-33(e)

Remove malware,spyware and trojan like Genieo, Conduit, Downlite-Pic-33(f)

First, the script will check for updates. If there’s a newer version of the script, you will be directed to download it. You can choose to continue using the script you already have, but should be aware that it’s probably always going to be in your best interests to use the most up-to-date version of the script.

Remove malware,spyware and trojan like Genieo, Conduit, Downlite-Pic-33(g)

Step 3. Next, you will be asked if you’re okay with closing your web browser(s). If you’re right in the middle of a lengthy post on some forum about the evils of adware and don’t want to lose it, you can opt out at this point, and run the script again later. If you’re okay with the script closing your browser(s), it will close them for you.

Remove malware,spyware and trojan like Genieo, Conduit, Downlite-Pic-33(h)

Step 4. From here, the script will begin removing any adware it finds. Adware components will be moved to the trash, rather than deleted outright, so that you can have the final say about deleting it.

Remove malware,spyware and trojan like Genieo, Conduit, Downlite-Pic-33 (i)

Remove malware,spyware and trojan like Genieo, Conduit, Downlite-Pic-33(j)

Steps 5. Once it has cleaned all the Adware found then it would ask you either to empty the recycle bin or restart the computer to complete the removal process so take the action accordingly.

Remove malware,spyware and trojan like Genieo, Conduit, Downlite-Pic-33(K)

Step 6. There are just a couple cases where the script will need to ask you how to proceed. In the case of GoPhoto.it, your Firefox preferences file (prefs.js) may be infected with hundreds of kilobytes of GoPhoto.it-related JavaScript code. Deleting it is required to get rid of this adware, but this will cause you to lose some of your Firefox preferences. Thus, the script will ask you what to do. If you choose not to delete the prefs.js file, you can always run the script again later to remove it, or you can restore a clean file from backup or remove the malicious code manually.

delete launchd.conf? Some variants of the Genieo adware install files that, if removed improperly, can cause the  machine to freeze and to be unable to restart. Thus, if the primary culprit – the launchd.conf file – is found, and if it contains a malicious Genieo-related setting, the script will proceed cautiously. It will ask you if you want to delete this file. You can either choose to delete the file, or choose not to and edit it manually. Either way, you will need to restart the computer afterwards to make the change take effect. (The script will do this for you, after asking if that’s okay, if you choose to let it take care of removing this file.) After doing this, you can run the script a second time to remove the remaining components, which cannot be safely deleted while an infected launchd.conf file remains in the system.

Remove malware,spyware and trojan like Genieo, Conduit, Downlite-Pic-33(l)

Bottom line – pay attention to the messages you see, rather than just skipping past them, and you’ll be okay.
Method 2. ( Manual Removal )

WARNING: If you do not follow these directions exactly, you could cause your computer to freeze and it probably will not be able to restart and it is always advisable to back up all data. You must know how to restore from a backup even if the system becomes unbootable and if you dont know how to do this, follow the instructions mentioned on Apple support site on How to backup and restore your file.

Steps

Remove malware,spyware and trojan like Genieo, Conduit, Downlite-Pic-33(m)

4. Now delete the following items by moving or dragging them to the trash. Some of them, including the Genieo application, may not be present; remove the ones that you do find.

/Applications/Genieo
/Applications/InstallMac
/Applications/Uninstall Genieo
/Applications/Uninstall IM Completer.app
~/Library/Application Support/com.genieoinnovation.Installer/
~/Library/Application Support/Genieo/
~/Library/LaunchAgents/com.genieo.completer.download.plist
~/Library/LaunchAgents/com.genieo.completer.update.plist
/Library/LaunchAgents/com.genieoinnovation.macextension.plist
/Library/LaunchAgents/com.genieoinnovation.macextension.client.plist
/Library/LaunchAgents/com.genieo.engine.plist
/Library/LaunchAgents/com.genieo.completer.update.plist
/Library/LaunchDaemons/com.genieoinnovation.macextension.client.plist
/Library/PrivilegedHelperTools/com.genieoinnovation.macextension.client
/usr/lib/libgenkit.dylib
/usr/lib/libgenkitsa.dylib
/usr/lib/libimckit.dylib
/usr/lib/libimckitsa.dylib


5. Now restart the computer and move the following item to the trash, if present.
/Library/Frameworks/GenieoExtra.framework
and now it is safe to empty the trash so clean it up.

6. Remove Omnibar extension- Now open Safari and go to Safari menu from top menu bar and select Reset Safari.And then click preferences under Safari menu.Click on extension tab and then select omnibar from left and click uninstall to remove Omnibar as shown in the picture-33(o).

Remove malware,spyware and trojan like Genieo, Conduit, Downlite-Pic-33(m)

Remove malware,spyware and trojan like Genieo, Conduit, Downlite-Pic-33(o)

7. Reset the Home Page, and possibly default search engine for your browser as shown in the picture-33(p).

Remove malware,spyware and trojan like Genieo, Conduit, Downlite-Pic-33(p)

Method 3 : Deleting Genieo from Mac OS X (Automatically)

1. Download the free removal tool from Bitdefenders website.

Remove malware,spyware and trojan like Genieo, Conduit, Downlite-Pic-33(q)

2. Open the tool and follow the simple instructions. This will delete all Genieo files and reset Safari, Chrome and Firefox automatically.

3. If required, restart your Mac.Reset the Home Page, and possibly default search engine for your browser.



Sources and Citations:
http://www.thesafemac.com/arg-genieo/