Click on screenshot to zoom
Danger level 7
Type: Browser Hijackers
Common infection symptoms:
  • Hijacks homepage
  • Changes default search engine is yet another browser hijacker for Apple’s Mac computers. It is set to hijack your browser’s homepage and replace it with its search engine. Therefore, you should remove it as soon as you can. Furthermore, our research has shown that this browser hijacker has the ability to include promotional links in its search results. We believe that some of those promotions may be misleading and even deceptive because they come from unknown sources. We have also found that this hijacker was created by a known malware developer that specializes in dishonest online promotions and web monetization. So we highly recommend reading this whole article if your browser has been affected by this infection. is a clone of another browser hijacker called that we have written about not so long ago. However, we believe that both of these hijackers are somehow related to, another browser hijacker that was developed by a company called Genieo Innovation Ltd. This Israel-based company is widely known for its deceptive advertising strategies, so we were not surprised to find a link between these two hijackers.

This company was started in 2008 by Sol Tzvi and Jacob Tenenboem. It mission was to develop a personalization platform that natively resides on the user’s computer and enables desktop program providers to add personalization capabilities without having to compromise the users privacy. This was achieved with some success as they created a platform based on the concepts of behavioral targeting, personalization algorithms, and text mining. The purpose of this platform was to manage and filter feeds according to the user’s preferences. In 2009, this company released its first dynamic homepage that uses the aforementioned personalization platform to create a newspaper-like homepage on the user’s browser. This, however, requires an application that does not seem to carry.

According to this hijacker’s About Us subpage, its accompanying program enables you to “Install applications the easy way and without the hassle, using the Otwexplain downloader.” We have not had the opportunity to test its downloader, but given its developer’s background, we would not be surprised to find out that it collects information for advertising purposes.

While doing our research, we have found that is being distributed using malicious installers distributed by Genieo. This install is known as a fake codec package required for playing video files. Furthermore, the installed software may also gather information about you, but unfortunately we have yet to get a sample for testing. However, its accompanying program is not that important although it should also be removed when discovered.

We are more concerned with the fact that’s installer is set to access your computer and inject this browser hijacker into the browser. Note that it can hijack Safari, Mozilla Firefox, and Google Chrome. This hijacker functions like a search engine. It has its search bar in which you can type something, and it will give you the results. At the same time, it will collect your search queries, among other information, and send it to the developers for processing. As previously mentioned, it is set to display commercial advertisements and promotional links. Now you may be surprised to learn that redirects its searches to However,’s search results are modified to accommodate the rather intrusive and unasked-for promotion links. Also, we are concerned with the fact that this hijacker can promote websites and software that might perform some mildly malicious activities. So this hijacker spells nothing but trouble for you if it is left unchecked, so let us get to the removal part of this article.

If you want to get rid of, but are struggling to do so, then you have come to the right cyber security blog since we have prepared a step-by-step removal guide that should help you get rid of this infection. Keep in mind that it will collect information about you and subject you to annoying and possible misleading promotions if you decide to keep it installed. Changing the homepage address and removing its accompanying program should be sufficient, but it depends on the program this hijacker comes with. We will include a guide for deleting the commonly found Genieo program since it is quite likely that this hijacker will come with it.

Remove from the browser


  1. Open Safari and go to Preferences.
  2. Click General and enter a new homepage address in the Homepage line.
  3. Click New windows open with menu and then choose Homepage.
  4. Click New tabs open with menu and then choose Homepage.

Mozilla Firefox

  1. Open Firefox.
  2. Click the menu button and then click help.
  3. Select Troubleshooting Information.
  4. Click the Refresh Firefox.
  5. In the dialog box click Refresh Firefox.
  6. Click Finish.

Google Chrome

  1. Open Chrome.
  2. Click the Chrome menu.
  3. Select Settings.
  4. Click Show advanced settings and locate Reset browser settings.
  5. Click Reset browser settings.
  6. In the dialog box, click Reset.

Delete Genieo (optional)

  1. Go to the Applications folder and then the Utilities folder.
  2. Open Activity Monitor.
  3. Click the CPU tab and click Process Name.
  4. Locate Genieo and click the Force Quit button.
  5. Quit Activity Monitor and use Go to Folder to find and delete /private/etc/launchd.conf.
  6. Restart your Mac.
  7. Then, select Go to Folder and delete the following items.
  • /Applications/Genieo.
  • /Applications/InstallMac.
  • /Applications/Uninstall Genieo.
  • /Applications/Uninstall IM
  • /usr/lib/libgenkit.dylib.
  • /usr/lib/libgenkitsa.dylib.
  • /usr/lib/libimckit.dylib.
  • /usr/lib/libimckitsa.dylib.
  • /Library/PrivilegedHelperTools/com.genieoinnovation.macextension.client.
  • ~/Library/Application Support/Genieo/.
  • ~/Library/Application Support/com.genieoinnovation.Installer/.
Download Spyware Removal Tool to Remove*
  • Quick & tested solution for removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.