How to determine if you have been impacted by Flashback malware

Last Modified: Apr 7, 2012 8:40 AM

Flashback is the latest attempt to infiltrate Macs as of April 7, 2012. 

Note, below are currently the only known varients of the Trojan.  Others may surface, so you should bookmark this tip and

find if it changes.


It is described here

And further reference is on

From those description I was able to get three very simple command lines to try:


grep LSE /Applications/




ls /Users/Shared/.libgmalloc.dylib



Lastly, this will check for the third known varient:


defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES


If these result in no results you are clean (with the first one, your prompt will repeat itself if there is nothing there, and if there is something there a command with LSE will appear).  If the file exists in the second or third command, then you need to consider looking at it.

For all commands in the Terminal, end the command with hitting the Return key.

Otherwise you should read the link above for more details on how to deal with it.

The command line can be entered in Applications -> Utilities -> Terminal

Note the second command need not be applied if you don't use Microsoft Office or Skype.  If you do, then it should be checked for.