Skip navigation

Blank screen after using Kapersky Flashback removal tool

807 Views 11 Replies Latest reply: Apr 15, 2012 7:35 PM by Welles Goodrich RSS
Welles Goodrich Calculating status...
Currently Being Moderated
Apr 11, 2012 6:37 PM

A friend used the Kapersky Flashbackcheck.com site to check her MacBook running OS 10.5.8. The UID check indicated her computer was infected so she told me she downloaded and ran the first option that she presumes was the Flashback Removal software. After running it and restarting her computer the screen was blank. There wasn’t even a menu bar. However the Skype login popped up and that ‘suddenly’ made a menu bar appear giving her access to the normal Skype menus, Apple Menu, spotlight etc. A bit of rummaging around indicates that all her files are still there it is just that the desktop doesn’t launch (Finder problem maybe?) after multiple restarts. I don’t have access to the computer and am fairly helpless over the phone but I wondered if anybody has any educated guesses?

 

 

Thanks! Remember that I don't have the computer in hand so trying out suggested solutions will be a lengthy process. I won't be able to actually get the computer for a week as she is a student and out of town presently.

Mac Pro, Mac OS X (10.7.3), MacBook Pro, iPad 3G, iPod Touch
  • BDAqua Level 10 Level 10 (114,790 points)

    Kaspersky might be the whole problem, just one report...

     

    http://x704.net/bbs/viewtopic.php?f=8&t=5844&start=50

  • BDAqua Level 10 Level 10 (114,790 points)

    Thanks.

  • a brody Level 9 Level 9 (62,045 points)

    Apple's most recent update is now out for 10.7 and 10.6.8 with a built-in removal tool.

  • a brody Level 9 Level 9 (62,045 points)

    Welles, the best Apple can offer is how to disable Java in 10.5.8 or earlier at this point. 

     

    http://support.apple.com/kb/HT5241

    If that changes, I'll update my tip:

    https://discussions.apple.com/docs/DOC-3261

  • BDAqua Level 10 Level 10 (114,790 points)

    Correct

  • MadMacs0 Level 4 Level 4 (3,320 points)

    Welles Goodrich wrote:

     

    Thanks. None of this relates to an already SNAFUed computer, though. The best strategy I can see is upgrade the affected computer to 10.6 and just put a new OS on there.

    Simply installing a new system will not open up that user account. If there is another admin account, some have been able to clear the problem with a terminal command. Others have used Single User Mode (holding Command-S at startup) and a similar command to clear up similar problems. I'm still waiting on one of the Kaspersky victims to get back to me on whether that worked or not.

     

    My recommendation would be to follow Linc Davis' advice:

    1. Back up all data to at least two different devices, if you haven't already done so.

     

    2. Boot from your recovery partition (if running Mac OS X 10.7 or later) or your installation disc (if running an earlier version of the Mac OS), launch Disk Utility, and erase the startup volume. This action will destroy all data on the volume, so you must be sure of your backups.

     

    3. Install the Mac OS.

     

    4. Reboot and go through the initial setup process to create an account with the same name as your old one. Don’t import anything from your backups at this stage.

     

    5. If running Mac OS X 10.6.x or earlier, run Software Update. You may have to run it more than once to fully update your system.

     

    6. Restore the contents of the top-level subfolders of your home folder except “Library” from the most recent backup. The Library folder may contain components of the malware. This is where restoring becomes difficult, and I can only give general guidelines.

     

    Of the top-level subfolders of Library that are visible in the Finder, I think it’s safe to restore the following, which contain most of the data you’d want to keep:

     

    Audio

    Calendars

    ColorSync

    Colors

    Favorites

    FontCollections

    Fonts

    Images

    Keychains

    Mail (except Mail/Bundles)

    Safari (except Safari/Extensions)

     

    The following are not safe to restore, at least not in full:

     

    Application Support

    Internet Plug-Ins

    LaunchAgents

    Preferences

     

    If you have Time Machine snapshots of these folders that you’re sure are older than the infection, you can restore from one of those snapshots.

     

    Folders not mentioned above may or may not be safe. If in doubt, don’t restore them. Don’t restore any hidden files or folders, no matter where they are. Hidden files should be considered suspicious.

     

    7. If you’re running Mac OS X 10.5.8 or earlier, launch Safari and select Safari Preferences… Security from the menu bar. Uncheck the box labeled Enable Java. Because of known bugs, Java in those OS versions is unsafe to use on the Internet. (Note: I’m not referring to JavaScript, which is unrelated to Java, despite the similar names.) If you’re running Mac OS 10.6.8 or later, you should still disable the Java web plugin unless you really need it. Few websites have legitimate Java content nowadays. If you encounter one that does, enable Java temporarily.

     

    8. Change every Internet password you have, starting with banking passwords. Check all financial accounts for unauthorized transactions. Take this step only after you’ve secured your system in the preceding steps, not before.

     

    9. Reinstall your third-party software from fresh downloads or original media, not from backups which may be contaminated.

     

    10. If you use any third-party web browsers, disable Java in their preferences. As with step 7, this step is mandatory if you’re running any version of Mac OS X older than 10.6. Otherwise it’s optional, but recommended.

     

     

    BTW, the tool was pulled today with apologies and a promise to replace it. I hope they don't.

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.