How to determine if you have been impacted by Flashback malware

Version 3
Last Modified: Apr 7, 2012 6:08 AM

Flashback is the latest attempt to infiltrate Macs as of April 7, 2012.  

It is described here http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml

And further reference is on http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_k.shtml

From those description I was able to get two very simple command lines to try:

 

grep LSE /Applications/Safari.app/Contents/Info.plist

 

and

 

ls /Users/Shared/.libgmalloc.dylib

 

If both of these result in no results you are clean (with the first one, your prompt will repeat itself if there is nothing there, and if there is something there a command with LSE will appear).  If the file exists in the second command, then you need to consider looking at it.

For all commands in the Terminal, end the command with hitting the Return key.

Otherwise you should read the link above for more details on how to deal with it.

The command line can be entered in Applications -> Utilities -> Terminal

Note the second command need not be applied if you don't use Microsoft Office or Skype.  If you do, then it should be checked for.