Author Topic: Genieo FM MRT  (Read 9068 times)

0 Members and 1 Guest are viewing this topic.

Offline mrshl

  • Newbie
  • *
  • Posts: 2
Genieo FM MRT
« on: September 07, 2018, 02:54:45 PM »
Hi!

I've done a quick search and couldn't see anything so I wondered if anyone can help.

I have continual popups from Avast saying Infection: MacOS:Genieo-FM has been blocked. I've ran Malwarebytes and it hasn't found anything, I can't actually find anything called Genieo-FM on my computer and the file it leads to is MRT.APP/Contents/MacOS/MRT. I searched Apple forums and didn't see anything there either!

Can anyone offer any insight on how to remove? Google leads me to believe MRT is Apple's Malware Removal Tool but I'm not sure?

Hi!

I've done a quick search and couldn't see anything so I wondered if anyone can help.

I have continual popups from Avast saying Infection: MacOS:Genieo-FM has been blocked. I've ran Malwarebytes and it hasn't found anything and I can't actually find anything called Genieo on my computer. The file it leads to is MRT.APP/Contents/MacOS/MRT. I searched Apple forums and didn't see anything there either!

Can anyone offer any insight on how to remove? Google leads me to believe MRT is Apple's Malware Removal Tool but I'm not sure if its an issue or a false positive for Avast.


Offline SamueldeChamplain

  • Newbie
  • *
  • Posts: 1
Re: Genieo FM MRT
« Reply #1 on: September 07, 2018, 03:05:35 PM »
I got the same pop-ups today! and another issue es that the Avast SecureLine VPN  app is open by default...

Offline holt.andreas

  • Newbie
  • *
  • Posts: 1
Re: Genieo FM MRT
« Reply #2 on: September 07, 2018, 03:47:03 PM »
I got the exact same pop up a few minutes ago! Was quite worried as it kept spamming and popping up again.

Offline tonyg5003

  • Newbie
  • *
  • Posts: 2
Re: Genieo FM MRT
« Reply #3 on: September 07, 2018, 04:35:46 PM »
Same issue here.  The file is getting quarantined, but I believe this is a crucial MAC system file.  From other reading, it sounds like Avast might be picking this up as a false positive, because MRT has it listed in the app.

I tried to restore it, but got a message that the file already exists.

Then browsed to the file in Library, the file remains. Right clicked on it to get into, and Avast went crazy with pop-up warnings.

Offline ekfritz

  • Newbie
  • *
  • Posts: 1
Re: Genieo FM MRT
« Reply #4 on: September 07, 2018, 04:39:39 PM »
getting same popups.. what gives??

Offline tonyg5003

  • Newbie
  • *
  • Posts: 2
Re: Genieo FM MRT
« Reply #5 on: September 07, 2018, 04:43:07 PM »
I submitted a report to Avast's "false positive" page, and put the URL of this thread in the website field. (There's no "file" to upload.)

https://www.avast.com/en-us/false-positive-file-form.php

Offline unnikrishnan.a

  • Newbie
  • *
  • Posts: 1
Re: Genieo FM MRT
« Reply #6 on: September 07, 2018, 04:53:37 PM »
I am getting same popup. I've disabled the file shield for now.

Offline Martha5

  • Newbie
  • *
  • Posts: 1
Re: Genieo FM MRT
« Reply #7 on: September 07, 2018, 05:02:13 PM »
Same here.

Offline weekend345

  • Newbie
  • *
  • Posts: 1
Re: Genieo FM MRT
« Reply #8 on: September 07, 2018, 05:15:50 PM »
Same here. Is this a false positive or a real threat?

Offline AQwZhtqfeyJBdDnF

  • Newbie
  • *
  • Posts: 1
Re: Genieo FM MRT
« Reply #9 on: September 07, 2018, 05:53:40 PM »
I'm also having this problem! It's slowing down my system. Running macOS 10.14 (18A384a).

Offline JeyTruss

  • Newbie
  • *
  • Posts: 1
Re: Genieo FM MRT
« Reply #10 on: September 07, 2018, 06:10:47 PM »
I got the same notification. By disabling and enabling the "file shield" it solved the issue ;-)

Offline Philip4k

  • Newbie
  • *
  • Posts: 5
Re: Genieo FM MRT
« Reply #11 on: September 07, 2018, 06:23:45 PM »
Hello! I just got the same pop-ups, got real worried but couldn't find the file. Is this a false positive or should i be worried? I have a school exam to write and can't be dealing with these type of problems right now :S

Offline Michael1519

  • Newbie
  • *
  • Posts: 1
Re: Genieo FM MRT
« Reply #12 on: September 07, 2018, 06:28:42 PM »
I too am having this same problem. I tried to delete the files in Virus Chest but they continue to reappear as well as the pop ups. Online solutions didn't work because the Genieo app does not exist on my Mac. It appears from all the other comments here today as well as the fact that Avast updated the Mac version to 13.9 that it is likely a glitch in the latest AVAST release. Very frustrating that the application you paid for to protect your Mac is causing problems and false positives. I am not a power user so this really caused me great distress this morning feeling like I had a virus. Need some better QA before a new release I think.

Offline Philip4k

  • Newbie
  • *
  • Posts: 5
Re: Genieo FM MRT
« Reply #13 on: September 07, 2018, 06:30:21 PM »
Well I feel a bit better now, but does anyone know how to get rid of these pop-ups? I can't write in my Word document and having these things pop up every 5 seconds :/! Or do I have to wait until avast fixes the glitch?
« Last Edit: September 07, 2018, 06:34:36 PM by Philip4k »

Offline CiaranHK

  • Newbie
  • *
  • Posts: 2
Re: Genieo FM MRT
« Reply #14 on: September 07, 2018, 06:35:08 PM »
Same situation here. Was running MacOS 10.13.5 - have now updated to 10.13.6 and so far it appears solved.
Suspect a false positive.


My Process:

Got lots of quarantine messages for the same 'MacOS:Genieo-FM MRT [Adw]' filename mentioned in other posts here, located in /System/Library/CoreServices/MRT.app/Contents/MacOS/MRT. Clicked the messages away and they popped up again, probably about 3-4 messages a minute. Frustratingly spammy!

I looked up the named file and learnt about Genieo - apparently it's adware. Didn't download any uninstaller for it as apparently these can add even more adware. Checking the Mac and browsers I couldn't find the application, and both Safari and Firefox had no extensions running. My search only led me to the MRT folder, which I didn't click on or attempt to explore further.

Phoned Apple for support. They got me to check safari for extensions again (nothing there, as mentioned), then recommended I download Malwarebytes and run a scan.

(Regarding Malwarebytes quickly - It is free and legit and fine. I saw it recommended elsewhere when searching for solutions, but when I first entered the site it automatically started downloading so had assumed it was some more dodgy malware and ran a mile! This isn't the case, and the Apple support chap said it was the only third party software they recommend for problems like this. You just go to the download now button which gives you a free 30 day trial. I'm think I'm going to wait till it runs out before deleting it - might come in handy if the problem comes back before then!)

Malwarebytes scan showed all clear. We restarted the Mac and scanned again. Still all clear.
Apple chap recommended I update the MacOS from 10.13.5 to 10.13.6, as the system has its own security processes built in that might be able to clear up whatever it was.


My Solution:

Updated the OS around 4.30 pm, computer restarted - got 2 more quarantine notifications that appeared to have been before the restart (4.25), and have had none since (it is now 5.45 - or 6.45 according to the forum times here) so all clear for about an hour. Fingers crossed it's been solved. Will update if it comes back!

The Apple support chap discussed the possibility of it being a false positive, and was going to recommend that I get in contact with Avast if it didn't sort itself out. It seems like I haven't needed that stage.


My Conclusion:

The apparent lack of visible Genio anywhere on my system, and the explicit details in the filename (see below) lead me to suspect that Avast has mistaken the Mac's own security system's definition of the adware as the adware itself.

The file name I encountered: 'MacOS:Genieo-FM MRT [Adw]' is short, highly structured and very explicit in describing a Mac operating system, the name of the adware, 'FM' (possible firmware?) , 'MRT' (name of Mac's Malware Removal Tool) and '[Adw]' - presumably an added note/detail to classify Genio as Adware (Adw). It strikes me as a name used to classify a virus, rather than the name of a virus itself. Most virus names (in my experience) are either slightly fake-sounding app names or seemingly random combinations of letters and numbers.

That's my tuppence, hopefully this has been helpful!

(I notice that the OP posted this at 2.54pm and the clock in the screenshot says 1.35pm. My first quarantined message was at 2.30pm exactly (GMT-0 + British Summer Time, I'm in the UK - apparently 1 hour behind the time listed in this forum). When did everyone else start getting the messages? Might help work out if it's an Avast/false-positive thing that might have happened when some definitions changed.)

Michael1519's message about an Avast update would seem to support the likelihood of a false positive
Quote
I too am having this same problem. I tried to delete the files in Virus Chest but they continue to reappear as well as the pop ups. Online solutions didn't work because the Genieo app does not exist on my Mac. It appears from all the other comments here today as well as the fact that Avast updated the Mac version to 13.9 that it is likely a glitch in the latest AVAST release.
« Last Edit: September 07, 2018, 07:10:22 PM by CiaranHK »