1 2 3 Previous Next 44 Replies Latest reply: Apr 15, 2012 4:01 AM by djdannyde
Donald2001 Level 1 Level 1 (0 points)

I just read an article about flash player and fake upgrades that give the computer a virus called flashback.  How do you know if your Mac has it?


iMac, Mac OS X (10.7), 2.5 GHz Intel Core i5 Processor
  • 1. Re: flashback virus
    Kappy Level 10 Level 10 (226,805 points)
  • 2. Re: flashback virus
    Donald2001 Level 1 Level 1 (0 points)

    If under the safari security I had "warn when visiting a fraudulent website" checked, would it have caught the virus?

  • 3. Re: flashback virus
    Klaus1 Level 8 Level 8 (44,495 points)

    Donald2001 wrote:

     

    If under the safari security I had "warn when visiting a fraudulent website" checked, would it have caught the virus?

     

    No, that's a different issue.

     

    In order to prevent a potential infection with “Flashback” Trojans, Mac users should always obtain their copy of Adobe Flash Player directly from Adobe’s official website and to disable the "Open 'safe' files after downloading" option in Apple's Safari browser to avoid automatically running files downloaded from the Internet. Also, do not turn on Java in Safari Preferences/Security. Few websites use Java. Javascript is something entirely different and should be left active.

  • 4. Re: flashback virus
    Donald2001 Level 1 Level 1 (0 points)

    I do not recall ever "updating" flash player from a pop up.  But I don't know if my kids may have done it.  I need a step by step description on where to look for the trojan.  Most of the answers I have seen start at a place I don't know how to get to.  BTW I have turned off Java.

  • 5. Re: flashback virus
    Kappy Level 10 Level 10 (226,805 points)

    It's not a virus, it's a trojan. Not the same. Nor does it's presence mean a fraudulent website. And, if you got the trojan I'm not sure a warning would have helped you. You should know better than clicking on stuff you know nothing about.

  • 6. Re: flashback virus
    X423424X Level 6 Level 6 (14,190 points)

    We're well past the "bogus adobe plugin installer" stage. 

     

    Here's what I am suggesting as a rudimentary test for some of the known strains of the flashback trojans.  Open a terminal window and copy/paste each of the following lines hitting return after each one and note the results:

     

    defaults read ~/.MacOSX/environment

    defaults read /Applications/Safari.app/Contents/Info LSEnvironment

    ls -la ~/Library/LaunchAgents

    grep "/Users/$USER/\..*" ~/Library/LaunchAgents/*

     

    For the two defaults command if you get anything other than a "does not exist" error message post the results since you are almost certainly infected.

     

    The third command, ls, just lists the contents of your LaunchAgents, if any.  That's additional info to be used in conjunction with the last grep command.  If the grep shows any results then that too may indicate infection and again post its results.

  • 7. Re: flashback virus
    Vince I Level 1 Level 1 (75 points)

    Thanks. I followed your terminal instructions, which are similar to the ones at the f-secure.com site, and I am not infected.

     

    I do remember recently updating Flash, although I don't remember the exact circumstances, so was worried I was infected. I double checked Software Update and I am up-to-date, so I must have gotten lucky and updated in time.

     

    Close one.

  • 8. Re: flashback virus
    Donald2001 Level 1 Level 1 (0 points)

    Thanks for the help everyone but I am not too swift, computer wise.  What is a terminal Window and how do you get to it?

  • 9. Re: flashback virus
    Allan Eckert Level 8 Level 8 (41,525 points)

    One easy way is to open Spotlight and start typing Terminal.

     

    When an application called Terminal appears in the search list double click it.

     

    Allan

  • 10. Re: flashback virus
    Donald2001 Level 1 Level 1 (0 points)

    I think I am ok.  When I terminal window I typed in the first twp lines suggested by x423424x i got the does not exist response each time.  When I typed in the third line I did get a couple of things but when I typed in the last line I just got my prompt.

     

    thanks everyone

  • 11. Re: flashback virus
    WZZZ Level 6 Level 6 (12,225 points)

    Not so fast. What did you get from the third line?

  • 12. Re: flashback virus
    Donald2001 Level 1 Level 1 (0 points)

    part of the info shown

     

    total 16

    drwx-----   4 ("my name" )   staff   136  Dec 25  12:52.

    drwx------  40  ("my name" )  staff 1360 March 15 23:01..

    -rw-r--r--     1  ("my name" )  staff 904 Dec 25  11:51 com.apple.CSConfigDotMacC

    ert-(My e mail address)@me.com-SharedServices.Agent.plist

    -rw-r---r--@ 1 ("my name") staff  8210 Dec 25 12:52 com.google.keustone.agent.plist

     

    my name is substituted for my name and My e mail adrress is subtituted for my actual e mail address

  • 13. Re: flashback virus
    Donald2001 Level 1 Level 1 (0 points)

    I just ran the directions shown on F-Secure as recommended by Kappy in Terminal and i got the does not exist answer.

  • 14. Re: flashback virus
    WZZZ Level 6 Level 6 (12,225 points)

    Those look OK.

1 2 3 Previous Next