Skip navigation

This is an archived version of the user tip. The current version can be viewed here.

Currently Being Moderated

How to determine if you have been impacted by Flashback malware

Queenstown Maryland
Level 9 Level 9 (62,010 points)
VERSION 12  Click to view user tip history Archived
Last Modified:  Apr 10, 2012 8:10 AM

Flashback is the latest attempt to infiltrate Macs as of April 7, 2012. 


Until all known varients of the malware have been diagnosed, you are probably better off with ClamAV. to ensure you catch all known variants.

If you have 10.6.8 or 10.7.3, Apple's Java patch catches and stops most of these through the security updates in the links for each operating system, 10.6.8 and 10.7.3.


A test of whether or not you have the malware is available with a simple script from one of the other volunteers of the forum, etresoft:


This test has no assurance of catching all known variants, but it is better than none, or trying to keep up with anti-virus software.

If you have been infected it may give you additional false positive info in addition to the accurate indication you have been infected.  So ask on the forum first whether or not the info is false or not, based on the results you get.   Don't jump to conclusions that every positive report means a file needs to be deleted.


Note turning off Java on your web browser while it may help prevent the infection from spreading is not a bulletproof method.   If you have issues

that appear to be caused by it, be sure ask on the forum, and wait for someone who has a balanced approach to respond to your post.  Don't panic!


There is also a blog that is very thorough and in plain English explains how to both detect and eradicate the malware:


Note: Only for those who know the Terminal inside out, I provide these links from f-secure:


It is described here

And further reference is on

Apple does not necessarily endorse any suggestions, solutions, or third-party software products that may be mentioned in this User Tip. Apple encourages you to first seek a solution at Apple Support. Any links in this user tip are provided as is, with no guarantee of the effectiveness or reliability of the information. Apple does not guarantee that these links will be maintained or functional at any given time. Use this user tip at your own discretion.
Comments (0)
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.