Skip navigation

How to get rid of recent virus?

3064 Views 9 Replies Latest reply: Apr 13, 2012 9:18 AM by The hatter RSS
BobbieW Level 1 Level 1 (0 points)
Currently Being Moderated
Apr 12, 2012 9:02 AM

I'm sure this is posted somewhere but is there a download to get rid of this virus?  Pretty sure I have it on my Mac.  While on Safari, it will quit unexpectedly due to .FIFANo.so plugin.

 

Thanks for the help

 

Bobbie

Mac Pro, Mac OS X (10.6.8)
  • The hatter Level 9 Level 9 (58,535 points)
    Currently Being Moderated
    Apr 12, 2012 9:26 AM (in response to BobbieW)

    If you .... look on the right hand side: there are 5 "More like this"

     

    Also, threads just below yours.

     

    https://discussions.apple.com/thread/3870448?tstart=0

  • Linc Davis Level 10 Level 10 (107,365 points)
    Currently Being Moderated
    Apr 12, 2012 9:52 AM (in response to BobbieW)

    You’ve been infected with a variant of what’s commonly called the “Flashback” or “Fakeflash” malware, although the names are obsolete. See this Apple support document:

     

    About Flashback malware

     

    If you’re certain you know when the infection took place, and you back up with Time Machine or something similar, you can save yourself a lot of time by restoring your whole system from the most recent snapshot taken before it was infected. Then take Steps 6, 7, and 9 below.

     

    How can you tell when the infection took place? All you can be sure of is that it was some time before the problems started.

     

    If you don’t know when you were infected, there may be no easy, reliable way to remove the malware, because it's constantly changing.

     

    I suggest you take the following steps:

     

    Back up all data, if you haven't already done so.

     

    Run the removal tool distributed by F-Secure:

     

    Flashback Removal Tool

     

    If the tool fails to clear the infection, or if you're unable to log in after running it, proceed as follows.

     

    1. Boot from your recovery partition (if running Mac OS X 10.7 or later) or your installation disc (if running an earlier version of the Mac OS), launch Disk Utility, and erase the startup volume. This action will destroy all data on the volume, so you must be sure of your backups.

     

    2. Reconnect to the Internet and install the Mac OS.

     

    3. Reboot and go through the initial setup process to create an account with the same name as your old one. Don’t import anything from your backups at this stage.

     

    4. If running Mac OS X 10.6.x or earlier, run Software Update. You may have to run it more than once to fully update your system.

     

    5. Restore the contents of the top-level subfolders of your home folder except “Library” from the most recent backup. The Library folder may contain components of the malware. This is where restoring becomes difficult, and I can only give general guidelines.

     

    Of the top-level subfolders of Library that are visible in the Finder, I think it’s safe to restore the following, which contain most of the data you’d want to keep:

     

    Audio

    Calendars

    ColorSync

    Colors

    Favorites

    FontCollections

    Fonts

    Images

    Keychains

    Mail (except Mail/Bundles)

    Safari (except Safari/Extensions)

     

    The following are not safe to restore, at least not in full:

     

    Application Support

    Internet Plug-Ins

    LaunchAgents

    Preferences

     

    If you have Time Machine snapshots of these folders that you’re sure are older than the infection, you can restore from one of those snapshots.

     

    Folders not mentioned above may or may not be safe. If in doubt, don’t restore them. Don’t restore any hidden files or folders, no matter where they are. Hidden files should be considered suspicious.

     

    6. If you’re running Mac OS X 10.5.8 or earlier, launch Safari and select Safari Preferences… Security from the menu bar. Uncheck the box labeled Enable Java. Because of known bugs, Java in those OS versions is unsafe to use on the Internet. (Note: I’m not referring to JavaScript, which is unrelated to Java, despite the similar names.) If you’re running Mac OS 10.6.8 or later, you should still disable the Java web plugin unless you really need it. Few websites have legitimate Java content nowadays. If you encounter one that does, enable Java temporarily.

     

    7. Change every Internet password you have, starting with banking passwords. Check all financial accounts for unauthorized transactions. Take this step only after you’ve secured your system in the preceding steps, not before.

     

    8. Reinstall your third-party software from fresh downloads or original media, not from backups which may be contaminated.

     

    9. If you use any third-party web browsers, disable Java in their preferences. As with step 6, this step is mandatory if you’re running any version of Mac OS X older than 10.6. Otherwise it’s optional, but recommended.

  • Grant Bennet-Alder Level 8 Level 8 (48,095 points)
    Currently Being Moderated
    Apr 12, 2012 5:02 PM (in response to Linc Davis)

    Apple software Update for 10.6 and 10.7, posted today, updates Java again and removes some variants of Flashback virus.

    Mac Pro (Early 2009), Mac OS X (10.6.8), & Server, PPC, & AppleTalk Printers
  • Linc Davis Level 10 Level 10 (107,365 points)
    Currently Being Moderated
    Apr 12, 2012 5:14 PM (in response to Linc Davis)

    Run the latest Java update released today instead of the F-Secure tool.

  • MadMacs0 Level 4 Level 4 (3,315 points)
    Currently Being Moderated
    Apr 12, 2012 5:32 PM (in response to Linc Davis)

    @BobbieW

    Linc Davis wrote:

     

    Run the latest Java update released today instead of the F-Secure tool.

    And report the results please.

  • The hatter Level 9 Level 9 (58,535 points)
    Currently Being Moderated
    Apr 13, 2012 9:18 AM (in response to BobbieW)

    >   I'm a graphic artist with tons of hardware connected to my computer and thousands of files, so cleaning the system or re-installing the OS is somewhere I don't want to go

     

    You should always have bootable clone of your system. From before the virus or whatever disaster. Another idea is to keep the system and data separate so you have a dedicated OS/Apps boot drive. There really are ways to never have to reinstall, ever, again - maybe apply an update or changes to the operating system between the backup image was made and restored. And yes you can make a system fit on 120-240GB SSD, or use just the outer 350GB even of a 2TB eneterprise drive (for performance).

     

    Virus can be a special case: even cleaning can be next to impossible.

     

    Kaspersky pulled their tool for this virus due to some problems and issues, a company that is generally well regarded and was on the forefront of this outbreak. And people using their tool obviously need backups that were clean and untouched.

     

    Restore from sparse disk image is also a good method. And does not take that long - to create, or to restore.

     

    Cloning with SSDs is special, not all programs have mastered partition alignment properly but they are such a great device for system performance worth investing in one or more (and now there are PCIe controllers with 400-1000GB of SSD to help graphics and photographers.

Actions

More Like This

  • Retrieving data ...

Bookmarked By (1)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.