Strange activity, generic Installer keeps showing up on desktop

Discussion in 'Mac Basics and Help' started by msintros, Dec 16, 2014.

  1. msintros macrumors member

    Jul 7, 2014
    Several times recently I will be working in Firefox typing away and all of a sudden I'll find myself typing into the password field of the window that pops up when you are asked by an installer to log in. I cancel this, because I obviously have not started any installation progresses and when I go to the desktop there is a disk image there called "Installer" that I did not download manually and in it is an installer called "Installer" saying to double click it. So far I have just trashed these. I have no idea where it's coming from or what it's attempting to install.

    I'm not sure if it's related or not, but in an effort to find out where it came from I checked my system log and I am seeing a lot of activity like this:

    I don't have any Digidesign components that I'm aware of, so I'm not sure what this process is. Also I see a reference to Amazon cloud player, whatever that is. Does this make sense to anyone? Thanks.
  2. aicul macrumors 6502a

    Jun 20, 2007
    no cars, only boats
    Strange indeed

    I would consider these first actions

    - check in preferences if there is an entry in your user-id startup items

    - if your account has admin privs; create a new account with admin privs and demote your user-id to standard
  3. msintros thread starter macrumors member

    Jul 7, 2014
    I did figure out one thing: I am pretty sure the thing trying to install itself is Genieo, which apparently is debatably malware. I am currently looking at this page: and it looks like many of these files are on my computer, although not the ones that would be there if the program had been actually installed. I'm taking the steps it suggests in removing them.

    As for the digidesign entries in that log, I'm still not sure what that's about or how to figure out what program or action is trying to run.
  4. busyangel1, Jan 16, 2015
    Last edited: Jan 16, 2015

    busyangel1 macrumors newbie


    Aug 30, 2008
    Philly, PA
    Uninstall Genio, InstallMac, Omnibar Firefox browser extension

    These are ever changing guerrilla adware/ malware programs. I know i got it from downloading a file from CNET. This is hidden in an installer with options to install other programs checked and greyed out sometimes below the un-scrolled text window. If you ever see this after scrolling the text box, delete the installer and find the program or updater on the developers site ....even if its slow. Don't update software when overly tired as this is how I missed it and I'm a fairly advanced user.

    Here's a link with detailed information on deleting these ##$** programs.
    Of course the very best way is to be patient and just get your updates from slower developer sites and stay away from CNET and other pages that indiscriminately sell space to these hacker malware links that are characterized by crowded blinking buttons and mini frames on the same page urging you to quickly download your searched for, or pop-up updates.
    Here's the link:

    PS if you are not comfortable using some of these methods find a friend who is.
    Try installing ClamXAV (MacWorld ed.choice award)to check for and uninstall malware/adware.
    Good luck and happy computing.

Share This Page