1 2 3 4 Previous Next 45 Replies Latest reply: Jul 16, 2012 4:48 AM by EthanRussell Go to original post
  • 15. Re: how to use Flashback malware removal tool
    thomas_r. Level 7 Level 7 (27,925 points)

    There should be no relation between the Java updates being discussed and the internet speed.  It may be a coincidental network issue.  Try rebooting all your network hardware and your computer.  Test with other devices as well.  And if you're still having problems after that, you should start your own topic with lots of details, since the people who are internet connection experts may not necessarily be monitoring discussions of Flashback.

  • 16. Re: how to use Flashback malware removal tool
    Kappy Level 10 Level 10 (226,685 points)

    OK. We'll let my complaint go and start with a clean slate.

     

    It's my understanding that if you become infected then install Apple's security update that the infection is not removed. Hence the need for a removal tool that can be applied before one installs the security update. Then the security update will block further infections. This presumes no new variants that can circumvent the extant protections.

     

    Feel free to correct me if the above is not correct.

     

    I am aware of the fact the early variants required one to download and install what appeared to be a Flash installer. Hence the name, Flashback or Flashfake. Later variants no longer required you to do that hence the trojan became more like a virus that did not require user action to get infected.

  • 17. Re: how to use Flashback malware removal tool
    thomas_r. Level 7 Level 7 (27,925 points)

    No, that's not correct.  There's no separate tool to install before the update...  The updat IS the tool.  When you install the latest updates, they will do three things:

     

    1) Remove the malware, if present

    2) Update Java, if it's installed

    3) change your Java setting so that Java is disabled in the browser, and so that if you turn on Java and then don't use it for a while, it'll turn itself off again.

  • 18. Re: how to use Flashback malware removal tool
    Kappy Level 10 Level 10 (226,685 points)

    Tom,

     

    I think I'm up to speed on this stuff as I read the posts about it. I know that removing Java does not remove an extant infection. I'm not really sure why you think I don't understand that.

     

    Actually, I was under the impression that having been infected while running Snow Leopard that the infection would not be removed by installing Lion. But Linc has corrected me twice about that. Linc has seemed very well informed about the malware. I guess that was wrong or he misstated.

     

    I've never claimed to be expert about the nature of this malware nor it's variants. I read posts from you and a few others then try to provide other users with solutions. The main thing I post has a link to your site.

     

    I don't mind being corrected nor being offered additional information. It's more the way that it's done.

  • 19. Re: how to use Flashback malware removal tool
    Kappy Level 10 Level 10 (226,685 points)

    Then what was the point of the tool Apple also released? If what you say is correct then the Apple removal tool has no obvious purpose.

  • 20. Re: how to use Flashback malware removal tool
    thomas_r. Level 7 Level 7 (27,925 points)

    I'm just trying to get a conversation back on track that started with the statement:

     

    "If you don't have Java installed on your computer, then you need not worry about the malware."

     

    Which is not true.  You seemed to be saying that installing Lion would eliminate the malware by removing Java, which is also not the case.  And now you say that installing Lion would remove the infection.  While it is true that installing Lion could clean up a "type 1" infection, by replacing infected apps like Safari, there are other apps that may be infected (such as Skype) which would not be touched by installing Lion.  And in a "type 2" infection, where the malware is entirely installed in the user's home folder, installing Lion also would not remove the malware.

     

    So, all I'm saying is that users of Lion who don't have Java installed should install the Flashback removal update, just to be on the safe side.

  • 21. Re: how to use Flashback malware removal tool
    thomas_r. Level 7 Level 7 (27,925 points)

    I'm not following...  That's exactly the opposite of what I'm saying.

  • 22. Re: how to use Flashback malware removal tool
    Kappy Level 10 Level 10 (226,685 points)

    Got all that. So, then, to get this all "back on track" lay out what someone should do if:

     

    A. They are not infected. They have Leopard, Snow Leopard, or Lion currently installed as an upgrade to a prior system.

     

    B. Same scenario as A, but they are infected.

     

    Add any other scenarios you feel are unique with respect to these two.

  • 23. Re: how to use Flashback malware removal tool
    Kappy Level 10 Level 10 (226,685 points)

    Tom,

     

    Apple has released Flashback malware removal tool 1.0. In addition Apple earlier released the security updates for Snow Leopard and Lion. If the security update does what you stated, then what is the purpose of the Flashback malware removal tool 1.0?

     

    I don't think this is the opposite of what you've said.

  • 24. Re: how to use Flashback malware removal tool
    thomas_r. Level 7 Level 7 (27,925 points)

    Got all that. So, then, to get this all "back on track" lay out what someone should do if:

     

    A. They are not infected. They have Leopard, Snow Leopard, or Lion currently installed as an upgrade to a prior system.

     

    Install whatever Java- or Flashback-related update is currently available in Software Update.

     

    B. Same scenario as A, but they are infected.

     

    Install whatever Java- or Flashback-related update is currently available in Software Update.

     

    Yes, I did repeat myself.  That's the point, it doesn't matter whether you're infected or not, or whether you have Java or not, you just install the update.  It covers all bases.

     

    There are three available updates, each one specific to a particular subset of users (with no overlap):

     

    1) Java for OS X Lion 2012-003, available only for users of Lion with Java installed

    2) Flashback malware removal tool, available only for users of Lion without Java installed

    3) Java for Mac OS X 10.6 Update 8, available only for users of Snow Leopard

     

    You install whichever of these shows up in Software Update, and it removes the malware (if present), updates Java (if present) and tightens up Java settings for the future.  You could certainly download from Apple's web site as well, instead of using Software Update, but it's important you know which one to get, as the other two won't work for you.

  • 25. Re: how to use Flashback malware removal tool
    Kappy Level 10 Level 10 (226,685 points)

    Thank you. I will correct or amend my information accordingly.

  • 26. Re: how to use Flashback malware removal tool
    MadMacs0 Level 4 Level 4 (3,720 points)

    Kappy wrote:

     

    Actually, I was under the impression that having been infected while running Snow Leopard that the infection would not be removed by installing Lion. But Linc has corrected me twice about that. Linc has seemed very well informed about the malware. I guess that was wrong or he misstated.

    I guess I missed seeing that. I can't imagine how installing Lion over a Snow Leopard installation would remove any of the malware components, with the possible exception of any injected into Safari. Did he explain how that took place?

  • 27. Re: how to use Flashback malware removal tool
    MadMacs0 Level 4 Level 4 (3,720 points)

    Thomas A Reed wrote:

     

    Install whatever Java- or Flashback-related update is currently available in Software Update.

    But what I've was hearing yesterday was that the Flashback malware removal tool did not show up in Software Update and had to be manually downloaded. Was that incorrect or has it changed now?

  • 28. Re: how to use Flashback malware removal tool
    Kappy Level 10 Level 10 (226,685 points)

    No. And, I don't remember where exactly the exchange took place in order to review what was said.

     

    But it's now straightened out.

  • 29. Re: how to use Flashback malware removal tool
    Kappy Level 10 Level 10 (226,685 points)

    The "removal" tool is a separate download. I have only seen the Security update show up in SU for me.