Back in October of 2013 I wrote the post, “Beware of Genieo Adware on Apple Computers.” This was the first time someone in our family accidentally installed an adware/malware program on one of our Mac laptops. Today at school, one of our staff members was searching for free Christmas card templates, and ended up installing Genieo inadvertantly on his iMac. The English WikiPedia article states Genieo owns & operates “InstallMac which distributes additional ‘optional’ search modifying software with other applications.” We think that is what he installed to get Genieo malware. He knew he had something unwanted on his computer because all his web browsers (Safari, Chrome and Firefox) all had their start pages redirected to an unfamiliar (and unwanted) search page:

Norton’s website explains about Genieo further:

Genieo is a content recommendation engine, that you might have accidentally installed when it masqueraded itself as a necessary update to an existing extension or flash player without your interaction. Genieo changes the behavior of your browsers to allow custom searches and targeted advertising to be presented on a home page, managed through a browser extension. It also tracks what you do and guides your searches and activity to relevant commercial sites and deals.

Here are the steps I followed to remove Genieo from his computer and restore all three web browsers to their normal functionality.

1 – Run Anti-Malware for Mac

After reviewing the “Adware Removal Guide” on, I downloaded Malwarebytes Anti-Malware for Mac. It identified and removed several files included with Genieo. While the software’s website provides a link for a business/enterprise version, only the home version is currently available.

After restarting the computer, the browser redirects were still present, so I did several other things.

2- Delete Unwanted LaunchAgents and Application Support Files

While Malwarebytes Anti-Malware software removed some of the Genieo files, it didn’t get them all. This article on about removing “mykotlerino” explains how to remove several more.

In the Finder choose Go To Folder, then paste in this path:


I deleted all the files in that folder. Next, I used the same Finder Go To Folder menu item, and entered this path:

~/Library/Application Support

I then deleted the files which referenced “pronto,” which evidently was part of the software program which the user remembered installing that led to this problem.

3- Change Homepage in Settings

Last of all, I needed to change the default/saved homepage in each of the three web browsers.

After that, Genieo seemed to be removed entirely from the computer, and the web browsers functioned normally.

It’s certainly frustrating that after years of watching Windows users struggle and fight against an onslaught of malware, viruses, worms, trojan horses, and adware, Mac users are now susceptible to some similar threats. While the malware threat is MUCH less for Mac users than it is for folks still running variants of the Windows operating system, there are still far fewer threats “out there” for Apple users.

Keep in mind I’m writing this post in mid-December 2015, and the creators of this Genieo malware program and others like it will probably continue to change their software to avoid malware scanners. This means these instructions may not work for you, depending on when you have similar problems and how the malware creators change their code.

Have you removed Genieo from an Apple computer or similar malware program(s)? If you have any tips or suggestions for better ways to address these problems, please let me know via a tweet to @wfryer or a comment on this post.

If you enjoyed this post and found it useful, subscribe to Wes' free newsletter. Check out Wes' video tutorial library, "Playing with Media." Information about more ways to learn with Dr. Wesley Fryer are available on

On this day..

Tagged with →  
Share →
Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 Unported License.

Sharing from Matthews, North Carolina! Connect with Wes on Mastodon.