Currently Being ModeratedApr 8, 2012 9:02 PM (in response to gerdbeckmann)
Here's what I am suggesting as a rudimentary test for (not remove) some of the known strains of the flashback trojans. Open a terminal window and copy/paste each of the following lines hitting return after each one and note the results:
defaults read ~/.MacOSX/environment
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
defaults read /Applications/Firefox.app/Contents/Info LSEnvironment
ls -la ~/Library/LaunchAgents
grep "/Users/$USER/\..*" ~/Library/LaunchAgents/* | grep -v "/Users/$USER/\.Trash"
For the three defaults commands if you get anything other than a "does not exist" error message post the results since you are almost certainly infected.
The fourth command, ls, just lists the contents of your LaunchAgents, if any. That's additional info to be used in conjunction with the last grep command. If the grep displays any results then that too may indicate infection and again post its results.
For removal, the current instructions are specified at F-Secure's Trojan-Downloader:OSX/Flashback.K.
Currently Being ModeratedApr 11, 2012 7:58 PM (in response to appleagreement2007)
It means you didn't copy the entire grep line in my post. The forum software wrapped the line to fit in the allotted display width (triple click the grep line and you will see it select the entire line).
At any rate, since posting that F-Secure has posted a tool of their own which I am now recommending. Go to their Flashback Removal Tool web page and download the tool from there and follow their instructions.