Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Manually removing the OSX_GEONEI adware

    • Updated:
    • 16 Sep 2014
    • Product/Version:
    • Trend Micro Antivirus for Mac 2015.All
    • Trend Micro Security for Mac 2.0
    • Platform:
    • Macintosh Leopard
    • Macintosh Lion
    • Macintosh Mavericks
    • Macintosh Mountain Lion
    • Macintosh Snow Leopard
    • Macintosh Yosemite
Summary
Mac users are getting continuous detections of OSX_GEONEI and the Trend Micro program is unable to delete the detected files.
Learn how to manually remove the OSX_GEONEI adware.
Details
Public
OSX_GEONEI is an adware detection for Genieo application. It checks if the user is searching through search engines like Google, Yahoo or Bing. It extracts the user's queried strings in the URL and forwards the queries to a remote server.
The Genieo application could be running or the file could have been locked during the detection causing the inability to completely remove its components. Moreover, the file path of the detected component is in the Volume folder which could be a shared folder or another hard drive that may need user permissions.
To remove the OSX_GEONEI.A:
  1. Scan using Trend Micro product and take note of the detected path.
  2. If the detected file is mounted, eject the corresponding volume:
    1. In the Finder’s menu bar, click Go > Computer.
    2. In the opened window, right-click on the volume where detection was seen.
    3. Select Eject Installer.
  3. Identify and terminate the running .app process using the noted path in the previous step.
    1. Open the terminal by clicking Applications > Utilities > Terminal or typing “Terminal” in the spotlight.
    2. Type the following in the terminal:
      ps –A
    3. Look for the detected file (commonly named as Installer.app) and take note of its PID. If the detected file is not found to be running, proceed to the next step.
    4. In the same terminal, type the following:
      kill {PID}
  4. Remove the detected files.
    In the same terminal, type the following and press Enter:
    • sudo rm –R {grayware path and filename}.dmg
    • sudo rm –R {grayware path and filename}.app
  5. Scan your computer with your Trend Micro product to delete files detected as OSX_GEONEI.A.
Visit Trend Micro Threat Encyclopedia to know more about OSX_GEONEI.A threat.
Premium
Internal
Rating:
Category:
Remove a Malware / Virus
Solution Id:
1105141
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.