Genieo False Positive?

  • 29 December 2016
  • 6 replies

Userlevel 1
Scan is showing two Threats:  OSX.Genieo.1.r and PUA.OSX.TuneUpMyMac.1.r.  These threats only show up on the time machine backup drive, not the system hard drive.
Having read these forums, it seems as though these are false positives.  However, a Webroot response of a long time ago stated
"The reason that we are detecting these apps is because Apple did not encrypt their software properly and they both have malicous strings in them. We have pushed an update to our system with will ignore those two files..."
That would suggest that the software should properly account for these files if they are no threat.  Can anyone shed light on this?
If it helps, the details show:
/Macintosh HD/System/Library/CoreServices/  and
/Macintosh HD/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
PS:  My Mac is 4 years old and this is the first time running scanning software such as this.

Best answer by Ssherjj 29 December 2016, 21:29

View original

6 replies

Userlevel 7
Badge +56
Hello John and Welcome to the Webroot Community!
The detections look like PUA's to me so see if you can remove them yourself and here is instructions for Windows and I will ping @ our Mac expert for more information!
Also you can Submit a Support Ticket and they will help you remove them as well!
Daniel 😉
Userlevel 7
Badge +62
Hello RangerVA,
Welcome to the Webroot Community,
Webroot recommends changing your settings so that you do not scan mounted drives with WSA. In some cases, Webroot will detect a threat that is located on your backup, such as Time Machine. If the file are in the backup, then they cannot hurt your system. You would have to restore the files from the backup to get them on the system, and at that point the Real Time Shield in Webroot would find and remove them. Even though Webroot cannot remove these files, as space for newer backups is needed the older backups will be deleted. This will delete the threats from the backup as well.  Another option available to Time Machine users is to exclude the files and folders from being backed up by the Time Machine. You can add them to the exclusion list which will permanently block the files/folders from being backed up in the future. By doing this, the infected file will eventually be deleted from the backup over time and prevent it from ever getting re-introduced to the drive should it be installed on the computer again.
Please have a look at the Mac PC User Guide
If you have concerns about these files then you can always Submit a Support Ticket and they can confirm if these files are indeed False Positives or not. This is a free service with an active Webroot subscription.
Hope this helps?
Userlevel 1
Thanks for the excellent and fast response!
Userlevel 7
Badge +62
Hi RangerVA,
You are most welcome!:D
Hello, apologies for writing on an older thread. I just activated WebRoot, through Luma. I look forward to using the application; it seems to have a lot of positive reviews!
I also have MacOS/MRT showing up as a threat, named "OSX.Genieo.1.r". WebRoot can't remove it. I am not scanning any external backup drives, so I am pretty sure it's on the main iMac hard drive.
Can someone explain to me if this is really a threat? And if so, how do I get it off my machine, since WebRoot cannot? Or is the fact it is currently set to "Block" on the "Block / Allow Files" list good enough?
Much thanks for any assistance.
Userlevel 7
Badge +62
Hello kalimotxo,
Welcome to the Webroot Community,
My best advice is to Submit a Support Ticket and they can check this out for you free of charge withan active Webroot subscription. The Support Team can verify if this is a False Positive or not.
You can also Contact by calling Support here during business hours.
Mon - Fri 7:00 AM to 7:00 PM (MST)
Tel: https://tel:+18666124268
Hope this helps?