HT1338: OS X: Updating OS X and Mac App Store appsLearn about OS X: Updating OS X and Mac App Store apps
Currently Being ModeratedApr 13, 2012 5:49 PM (in response to Kini101)
ClamXAV, free Virus scanner...
Little Snitch, stops/alerts outgoing stuff...
Flashback - Detect and remove the uprising Mac OS X Trojan...
In order to avoid detection, the installer will first look for the presence of some antivirus tools and other utilities that might be present on a power user's system, which according to F-Secure include the following:
If these tools are found, then the malware deletes itself in an attempt to prevent detection by those who have the means and capability to do so. Many malware programs use this behavior, as was seen in others such as the Tsunami malware bot.
The most current flashback removal instructions are F-Secure's Trojan-Downloader:OSX/Flashback.K.
Currently Being ModeratedApr 25, 2012 10:01 AM (in response to Kini101)
My daughter had something like this come up after a software update and is panicking but didn't take a screen shot so I'm not sure of the exact wording.
Something like "malware (some name here with OSX in it) has been detected on your computer and had been removed" with an "OK" button which she clicked.
Is this normal behavior for the recent security updates or does this warrant additional searching as recommended by BDAqua?
Currently Being ModeratedApr 25, 2012 10:21 AM (in response to hart40)
You are in the Leopard, 10.5 forum, but your profile is showing 10.6, Snow Leopard. There was an update in 10.6 to patch Java and run the Flashback detection and removal tool. I haven't needed to use it, so I don't know what the exact wording of the message would have been after a cleanup. But if it was after a software update, it could have been that and been legitimate. It would have completely cleaned the Flashback infection, if there was one. Getting such a message would have been normal.
There was no such thing for Leopard, so if that's what your daughter is using, that popup was a scam.
Currently Being ModeratedApr 25, 2012 11:30 AM (in response to WZZZ)
Sorry about wrong forum. I chose the thread with the most similar issue that came up in search.
Anyway, she's using 10.6. And feels that the window looked like the image posted in this article: http://www.intego.com/mac-security-blog/apple-issues-java-update-and-flashback-r emoval-tool/
In the past anything like this would be suspicious so having an actual system alert (assuming it is legitimate) caught her off guard.
Currently Being ModeratedApr 25, 2012 11:47 AM (in response to hart40)
I can't verify the exact message, but if it came up after running the latest Java 10.6 update, then it was legit. The Flashback removal and detection tool was bundled with that latest update.
Currently Being ModeratedApr 25, 2012 3:02 PM (in response to WZZZ)
Yes, she ran the update today and then the alert came up so I'll assume we're good until something else happens.
Thanks, Java now turned off.