Avast WEBforum

Consumer Products => Avast Mac Security => Topic started by: mrshl on September 07, 2018, 02:54:45 PM

Title: Genieo FM MRT
Post by: mrshl on September 07, 2018, 02:54:45 PM
Hi!

I've done a quick search and couldn't see anything so I wondered if anyone can help.

I have continual popups from Avast saying Infection: MacOS:Genieo-FM has been blocked. I've ran Malwarebytes and it hasn't found anything, I can't actually find anything called Genieo-FM on my computer and the file it leads to is MRT.APP/Contents/MacOS/MRT. I searched Apple forums and didn't see anything there either!

Can anyone offer any insight on how to remove? Google leads me to believe MRT is Apple's Malware Removal Tool but I'm not sure?

Hi!

I've done a quick search and couldn't see anything so I wondered if anyone can help.

I have continual popups from Avast saying Infection: MacOS:Genieo-FM has been blocked. I've ran Malwarebytes and it hasn't found anything and I can't actually find anything called Genieo on my computer. The file it leads to is MRT.APP/Contents/MacOS/MRT. I searched Apple forums and didn't see anything there either!

Can anyone offer any insight on how to remove? Google leads me to believe MRT is Apple's Malware Removal Tool but I'm not sure if its an issue or a false positive for Avast.

(http://i64.tinypic.com/jg5rfp.png)
Title: Re: Genieo FM MRT
Post by: SamueldeChamplain on September 07, 2018, 03:05:35 PM
I got the same pop-ups today! and another issue es that the Avast SecureLine VPN  app is open by default...
Title: Re: Genieo FM MRT
Post by: holt.andreas on September 07, 2018, 03:47:03 PM
I got the exact same pop up a few minutes ago! Was quite worried as it kept spamming and popping up again.
Title: Re: Genieo FM MRT
Post by: tonyg5003 on September 07, 2018, 04:35:46 PM
Same issue here.  The file is getting quarantined, but I believe this is a crucial MAC system file.  From other reading, it sounds like Avast might be picking this up as a false positive, because MRT has it listed in the app.

I tried to restore it, but got a message that the file already exists.

Then browsed to the file in Library, the file remains. Right clicked on it to get into, and Avast went crazy with pop-up warnings.
Title: Re: Genieo FM MRT
Post by: ekfritz on September 07, 2018, 04:39:39 PM
getting same popups.. what gives??
Title: Re: Genieo FM MRT
Post by: tonyg5003 on September 07, 2018, 04:43:07 PM
I submitted a report to Avast's "false positive" page, and put the URL of this thread in the website field. (There's no "file" to upload.)

https://www.avast.com/en-us/false-positive-file-form.php
Title: Re: Genieo FM MRT
Post by: unnikrishnan.a on September 07, 2018, 04:53:37 PM
I am getting same popup. I've disabled the file shield for now.
Title: Re: Genieo FM MRT
Post by: Martha5 on September 07, 2018, 05:02:13 PM
Same here.
Title: Re: Genieo FM MRT
Post by: weekend345 on September 07, 2018, 05:15:50 PM
Same here. Is this a false positive or a real threat?
Title: Re: Genieo FM MRT
Post by: AQwZhtqfeyJBdDnF on September 07, 2018, 05:53:40 PM
I'm also having this problem! It's slowing down my system. Running macOS 10.14 (18A384a).
Title: Re: Genieo FM MRT
Post by: JeyTruss on September 07, 2018, 06:10:47 PM
I got the same notification. By disabling and enabling the "file shield" it solved the issue ;-)
Title: Re: Genieo FM MRT
Post by: Philip4k on September 07, 2018, 06:23:45 PM
Hello! I just got the same pop-ups, got real worried but couldn't find the file. Is this a false positive or should i be worried? I have a school exam to write and can't be dealing with these type of problems right now :S
Title: Re: Genieo FM MRT
Post by: Michael1519 on September 07, 2018, 06:28:42 PM
I too am having this same problem. I tried to delete the files in Virus Chest but they continue to reappear as well as the pop ups. Online solutions didn't work because the Genieo app does not exist on my Mac. It appears from all the other comments here today as well as the fact that Avast updated the Mac version to 13.9 that it is likely a glitch in the latest AVAST release. Very frustrating that the application you paid for to protect your Mac is causing problems and false positives. I am not a power user so this really caused me great distress this morning feeling like I had a virus. Need some better QA before a new release I think.
Title: Re: Genieo FM MRT
Post by: Philip4k on September 07, 2018, 06:30:21 PM
Well I feel a bit better now, but does anyone know how to get rid of these pop-ups? I can't write in my Word document and having these things pop up every 5 seconds :/! Or do I have to wait until avast fixes the glitch?
Title: Re: Genieo FM MRT
Post by: CiaranHK on September 07, 2018, 06:35:08 PM
Same situation here. Was running MacOS 10.13.5 - have now updated to 10.13.6 and so far it appears solved.
Suspect a false positive.


My Process:

Got lots of quarantine messages for the same 'MacOS:Genieo-FM MRT [Adw]' filename mentioned in other posts here, located in /System/Library/CoreServices/MRT.app/Contents/MacOS/MRT. Clicked the messages away and they popped up again, probably about 3-4 messages a minute. Frustratingly spammy!

I looked up the named file and learnt about Genieo - apparently it's adware. Didn't download any uninstaller for it as apparently these can add even more adware. Checking the Mac and browsers I couldn't find the application, and both Safari and Firefox had no extensions running. My search only led me to the MRT folder, which I didn't click on or attempt to explore further.

Phoned Apple for support. They got me to check safari for extensions again (nothing there, as mentioned), then recommended I download Malwarebytes and run a scan.

(Regarding Malwarebytes quickly - It is free and legit and fine. I saw it recommended elsewhere when searching for solutions, but when I first entered the site it automatically started downloading so had assumed it was some more dodgy malware and ran a mile! This isn't the case, and the Apple support chap said it was the only third party software they recommend for problems like this. You just go to the download now button which gives you a free 30 day trial. I'm think I'm going to wait till it runs out before deleting it - might come in handy if the problem comes back before then!)

Malwarebytes scan showed all clear. We restarted the Mac and scanned again. Still all clear.
Apple chap recommended I update the MacOS from 10.13.5 to 10.13.6, as the system has its own security processes built in that might be able to clear up whatever it was.


My Solution:

Updated the OS around 4.30 pm, computer restarted - got 2 more quarantine notifications that appeared to have been before the restart (4.25), and have had none since (it is now 5.45 - or 6.45 according to the forum times here) so all clear for about an hour. Fingers crossed it's been solved. Will update if it comes back!

The Apple support chap discussed the possibility of it being a false positive, and was going to recommend that I get in contact with Avast if it didn't sort itself out. It seems like I haven't needed that stage.


My Conclusion:

The apparent lack of visible Genio anywhere on my system, and the explicit details in the filename (see below) lead me to suspect that Avast has mistaken the Mac's own security system's definition of the adware as the adware itself.

The file name I encountered: 'MacOS:Genieo-FM MRT [Adw]' is short, highly structured and very explicit in describing a Mac operating system, the name of the adware, 'FM' (possible firmware?) , 'MRT' (name of Mac's Malware Removal Tool) and '[Adw]' - presumably an added note/detail to classify Genio as Adware (Adw). It strikes me as a name used to classify a virus, rather than the name of a virus itself. Most virus names (in my experience) are either slightly fake-sounding app names or seemingly random combinations of letters and numbers.

That's my tuppence, hopefully this has been helpful!

(I notice that the OP posted this at 2.54pm and the clock in the screenshot says 1.35pm. My first quarantined message was at 2.30pm exactly (GMT-0 + British Summer Time, I'm in the UK - apparently 1 hour behind the time listed in this forum). When did everyone else start getting the messages? Might help work out if it's an Avast/false-positive thing that might have happened when some definitions changed.)

Michael1519's message about an Avast update would seem to support the likelihood of a false positive
Quote
I too am having this same problem. I tried to delete the files in Virus Chest but they continue to reappear as well as the pop ups. Online solutions didn't work because the Genieo app does not exist on my Mac. It appears from all the other comments here today as well as the fact that Avast updated the Mac version to 13.9 that it is likely a glitch in the latest AVAST release.
Title: Re: Genieo FM MRT
Post by: Johanna18 on September 07, 2018, 06:36:37 PM
I have the same problem too. Pop-ups appear every 10 seconds it's very annoying and low-key worrying. I disabled the pop-up for now but I can still see the files multiply like crazy in my virus chest. I also don't have the Genieo app installed. My app is up to date for now so I guess they haven't patched this issue up yet :/
Title: Re: Genieo FM MRT
Post by: CiaranHK on September 07, 2018, 07:04:51 PM
So to all those who have the pop-ups but apparently none of the Genio app, extensions or files, try this:

1. Disabling then re-enabling the File Shield: Open Avast, click on Preferences, then Shields, click Disable on the File Shield, then wait a short while and click Enable.

(get rid of all pop-ups and wait a while to see if popups continue)

2. Restart computer (in safe mode if you want)

(get rid of all pop-ups and wait a while to see if popups continue)

3. Update your MacOS

(get rid of all pop-ups and wait a while to see if popups continue)

If you need a quick way of avoiding the issue rather than dealing with it, just turn off the pop-ups: Go to Preferences, Popups, and adjust the sliders for Warnings and Alerts (I don't know which one this pop-up is) all the way to the left-hand 'off' position. Just remember to change them back once you've got through your project and actually SOLVED the problem, otherwise you might miss other genuine warnings and alerts!
Title: Re: Genieo FM MRT
Post by: Philip4k on September 07, 2018, 07:27:31 PM
I just updated my macbook to the latest os and the "glitch" is no longer active. So that worked for me!
Title: Re: Genieo FM MRT
Post by: Johanna18 on September 07, 2018, 07:43:28 PM
I didn't do anything but it seems like the problem has stopped (on my apps at least)
Title: Re: Genieo FM MRT
Post by: mrshl on September 07, 2018, 07:56:53 PM
So I'm not alone! I've turned off popups for now, it must be a false positive. Thanks everyone!
Title: Re: Genieo FM MRT
Post by: LukasJ on September 07, 2018, 10:59:22 PM
Hi guys,
detection was fixed today at 8:30 pm

Lukas
Title: Re: Genieo FM MRT
Post by: drake145 on September 08, 2018, 12:52:22 AM
Hi All,

I am still getting the pop-up.

Running a scan also flags a private/var file (in the screenshot). Which I believe is also an FP:

https://www.virustotal.com/#/file/b1e9981ca51035b30fbb2d202a0f79b182f5e690707d8e448e2cc99a2e4fa8fa/detection

edit:
I have turned of the file shield as it is flagging a lot of files (same file over and over)
No new VPS available
Re-scanning the private/var file still finds an infection
Title: Re: Genieo FM MRT
Post by: theherb95 on September 08, 2018, 01:19:11 AM
Ran Avast system scan.  Cascade of Genieo-FM alerts stopped. Couldn't find the Genieo file on the computer.   Must be a glitch in Avast. 
Title: Re: Genieo FM MRT
Post by: drake145 on September 08, 2018, 01:42:22 AM
I turned the file shield back on and re-started. It detected it once, but has not triggered again.

I re-scanned the var/ file, and it still finds an infection.

I cannot locate the System/Library/Coreservices file to re-scan, so I am assuming it doesn't exist and it is a glitch.

Edit:

It just popped up again for the System/Lib file.
Title: Re: Genieo FM MRT
Post by: drake145 on September 08, 2018, 04:20:32 PM
Good day all,

After dowloading the latest VPS, everything is back to normal.
Title: Re: Genieo FM MRT
Post by: tlisanti on September 08, 2018, 05:38:12 PM
I had the same problem this morning on my Macbook Pro (10.13.6). Restarted machine several times, still got popups. Malwarebytes reported no issues. Running Avast 13.9. Do not have this problem on my Imac which is running same version of Avast but MacOs 10.12.6

I just started up my Macbook pro again, got the popups, clicked off all the popups and they have not returned. Restarted the computer and no popups! Has Avast fixed this.? Do I need to restore the quarantined MRT file???
Title: Re: Genieo FM MRT
Post by: Asyn on September 08, 2018, 06:11:33 PM
Has Avast fixed this.?
Yes, see Reply #20 from Lukas.
Title: Re: Genieo FM MRT
Post by: tlisanti on September 08, 2018, 08:53:41 PM
Thanks. Still wondering if I need to restore the quarantined file?
Title: Re: Genieo FM MRT
Post by: Vladimirz on September 10, 2018, 11:32:48 AM
Thanks. Still wondering if I need to restore the quarantined file?
Hi, yes restore mrt binary file from quarantine.

Problem was on Apple's side too - Malware Removal Toll MRT contains unencrypted strings of malware/adware definitions in one case Avast create the same string and cause Aplle doesn't encrypted its definitions (exactly for prevent this situations) Avast  mark this file as adware.
Sory to all.
Title: Re: Genieo FM MRT
Post by: Jordy HRO on September 10, 2018, 11:50:43 AM
Thanks. Still wondering if I need to restore the quarantined file?
Hi, yes restore mrt binary file from quarantine.

Problem was on Apple's side too - Malware Removal Toll MRT contains unencrypted strings of malware/adware definitions in one case Avast create the same string and cause Aplle doesn't encrypted its definitions (exactly for prevent this situations) Avast  mark this file as adware.
Sory to all.

So I got the same popup today on both my macs. How do I restore this file, because when I use the restore button in the virus chest it says 'Cannot extract the item in the virus chest' and 'File already exists'. So what todo next? Ignore, delete??
Title: Re: Genieo FM MRT
Post by: Vladimirz on September 10, 2018, 01:01:46 PM
Thanks. Still wondering if I need to restore the quarantined file?
Hi, yes restore mrt binary file from quarantine.

Problem was on Apple's side too - Malware Removal Toll MRT contains unencrypted strings of malware/adware definitions in one case Avast create the same string and cause Aplle doesn't encrypted its definitions (exactly for prevent this situations) Avast  mark this file as adware.
Sory to all.

So I got the same popup today on both my macs. How do I restore this file, because when I use the restore button in the virus chest it says 'Cannot extract the item in the virus chest' and 'File already exists'. So what todo next? Ignore, delete??
+If file /System/Library./../MacOS/MRT exists in its path, you can ignore file in quarantine.