What is GenerateInteractive???

[anch-innk]

I frequently find that a software program displaying this symbol has automatically launched itself when I boot my iMac Pro (2017), running Monterey.
Today's version calls itself "GenerateInteractive", but the symbol often appears with other names. If I right-click the Dock icon and open its folder, it is always under the main Applications folder.
I have only recently done a complete wipe and install of Monterey (when I upgrade the OS, I always do that).
The only new devices I now have are two printers, one Canon and one Epson.
Are the associated apps trying to extract information from me? Or is there some more mundane reason for this?
I ran Malware Bytes this morning and it detected "issues". After quarantining them, it told me I had to reboot. So I did and the strange icon did not reappear.
But it will....
Does anyone recognise the symbol?

 

[Taz Mangus]

You might want to uninstall both printer software completely from your Mac. See how the system acts for a couple of days. Then install only one of the printer software. Again see how the system acts for a day or two. It could be one of the printer software. That symbol looks like a magnifying glass icon for searching.

 

[MarineBand5524]

To me, if it changes names etc, it sounds really fishy and that somehow you've picked up yourself a nasty little virus/adware, etc.

Since you say you've just done a clean reinstall, did you bring everything back through Time Machine? What had it called itself prior to this one today?

 

[anch in nk]

You might want to uninstall both printer software completely from your Mac. See how the system acts for a couple of days. Then install only one of the printer software. Again see how the system acts for a day or two. It could be one of the printer software. That symbol looks like a magnifying glass icon for searching.

Hi Taz
I'll give that a try.
AH

 

[anch in nk]

To me, if it changes names etc, it sounds really fishy and that somehow you've picked up yourself a nasty little virus/adware, etc.

Since you say you've just done a clean reinstall, did you bring everything back through Time Machine? What had it called itself prior to this one today?

Hi MarineBand5524

It's odd because I didn't reinstall anything through TimeMachine this time. And I can't remember what other names it has used. I think it does look like adware - MalwareBytes found something but didn't remove this package - possibly because I haven't paid for premium support ;-)

If I inspect the contents, I see things like the screenshots show.
Unfortunately, my system skills on the iMac are seriously restricted, so I'm not sure whether this tells us a lot.

 

[MarineBand5524]

Hi MarineBand5524

It's odd because I didn't reinstall anything through TimeMachine this time. And I can't remember what other names it has used. I think it does look like adware - MalwareBytes found something but didn't remove this package - possibly because I haven't paid for premium support ;-)

If I inspect the contents, I see things like the screenshots show.
Unfortunately, my system skills on the iMac are seriously restricted, so I'm not sure whether this tells us a lot.

I use and really like AntiVirus One through TrendMicro it's 19.99 a year!

 

[anch-innk]

Well, well, who'd have thought it... I now know the identity of the perpetrator.
I went to the gym today (that I registered at three weeks ago) and guess what symbol I noticed on their machines? See photos.
That solves half the problem. What I find unbelievable is that they are hacking into my iMac. How is it possible for the manufacturer of these machines to install software on my iMac, when they have absolutely no authority to do anything like that? I haven't even got an app on my mobile for my visits to the gym, because I don't need it.
So now I have to write a nasty letter to their head office.
milon Industries GmbH
An der Laugna 2
86494 Emersacker, Deutschland.

Anyway, folks, thanks for listening!

 

[anch in nk]

Just to round it off....the latest addition to the software list is called MinimalEnergy.
Worrying...

 

[fisherking]

is this whole thing a joke? it's not the same image (similar, not identical). and the idea that your gym hacked into your mac (for some reason) is pretty absurd.

in your earlier screenshots (where you show app resources)... what APP is that?

 

[KALLT]

It is unlikely that a malware reappears in a pristine installation, i.e. a clean installation without a Time Machine reset or a migration of data with Migration Assistant. More likely is – assuming that it is malware or adware – that you have installed this (again) somehow.

Have you installed any apps from unofficial sources? Torrents or file-sharing sites? Have you installed software by ignoring system warnings that it is not signed or does not have a valid code signature?

Some suggestions to retrieve further information:

1. Use this app to check your system for auto-launching software: https://objective-see.org/products/knockknock.html. This might help identifying the program that installs these weird app.

2. The GenerateInteractive app bundle seems to have a code signature, which means that it must be signed by an Apple developer certificate. You can use this app to check the signature: https://objective-see.org/products/whatsyoursign.html.

Both apps are freeware and developed by a respected Mac security researcher.

 

[anch-innk]

is this whole thing a joke? it's not the same image (similar, not identical). and the idea that your gym hacked into your mac (for some reason) is pretty absurd.

in your earlier screenshots (where you show app resources)... what APP is that?

Hi fisherking
This isn't a joke - I'm seriously worried that software is being installed without my knowledge.
The screenshot was after I displayed the contents of the package "GenerateInteractive".
This morning I went to the gym and later I saw the second package "MinimalEnergy". That may be a coincidence but it's worrying.

 

[anch-innk]

It is unlikely that a malware reappears in a pristine installation, i.e. a clean installation without a Time Machine reset or a migration of data with Migration Assistant. More likely is – assuming that it is malware or adware – that you have installed this (again) somehow.

Have you installed any apps from unofficial sources? Torrents or file-sharing sites? Have you installed software by ignoring system warnings that it is not signed or does not have a valid code signature?

Some suggestions to retrieve further information:

1. Use this app to check your system for auto-launching software: https://objective-see.org/products/knockknock.html. This might help identifying the program that installs these weird app.

2. The GenerateInteractive app bundle seems to have a code signature, which means that it must be signed by an Apple developer certificate. You can use this app to check the signature: https://objective-see.org/products/whatsyoursign.html.

Both apps are freeware and developed by a respected Mac security researcher.

Thanks KALLT, I'll give them a spin and see what happens.

 

[anch-innk]

Since this is my main work computer, I'm fussy about what gets installed on it, which is why I have no torrent, FTP or other apps on it. Also I didn't use Time Machine to recover anything.
EDIT: I meant other apps of that kind ;-)

 

[fisherking]

Hi fisherking
This isn't a joke - I'm seriously worried that software is being installed without my knowledge.
The screenshot was after I displayed the contents of the package "GenerateInteractive".
This morning I went to the gym and later I saw the second package "MinimalEnergy". That may be a coincidence but it's worrying.

the logos are not identical, so i doubt it's your gym.

commander one is file management software; epson is printer software. what else have you installed?

also, if the apps show up in the apps folder... can't you just delete them? ie 'generativeinteractive'...?

& you could check system preferences>users & groups>login items, see if anything is set to open there...

 

[anch in nk]

the logos are not identical, so i doubt it's your gym.

commander one is file management software; epson is printer software. what else have you installed?

also, if the apps show up in the apps folder... can't you just delete them? ie 'generativeinteractive'...?

& you could check system preferences>users & groups>login items, see if anything is set to open there...

Hi fisherking
Thanks for the reply.
I have indeed deleted the apps, but I have done that several times in the last two weeks - that's what annoys me. I have copied the folders to a safe external storage place so I can compare if they come back.
I've run the apps suggested by KALLT but, to be honest, I don't have the background knowledge to know what the results mean.

I see what you mean about the logos, though.

My logins (and the other software) are the same as they have been in previous incarnations (e.g. Big Sur...), so I doubt if they're causing the issue.

I found one thing that might be relevant - I use Enpass to store passwords. Enpass also offers a Safari extension, which I have used in the past. When I analyse the content of the package GenerateInteractive, the name "Safari" occurs twelve times in the file, among all the gobbledygook. And "Apple Certification Authority" also appears 12 times. Does that mean it's legit?

Even if it is, I find it worrying that an extension in Safari can exhibit this behaviour. I have removed the Enpass extension now. That was the only one I had in Safari.

With a bit of luck, we've laid the ghost now ;-)

Thanks for everyone's thoughts and help!

AH