Flashback Trojan - Detection, and how to remove (with caution):
Here's what I am suggesting as a rudimentary test for some of the known strains of the flashback trojans. Open a terminal window and copy/paste each of the following lines hitting return after each one and note the results:
defaults read ~/.MacOSX/environment
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
ls -la ~/Library/LaunchAgents
grep "/Users/$USER/\..*" ~/Library/LaunchAgents/*
For the two defaults command if you get anything other than a "does not exist" error message post the results since you are almost certainly infected.
The third command, ls, just lists the contents of your LaunchAgents, if any. That's additional info to be used in conjunction with the last grep command. If the grep shows any results then that too may indicate infection and again post its results.
For the first default I got "Safari can’t open the page “http://defaults%20read%20~/.MacOSX/environment” because the page’s address isn’t valid."
FOr the second I got "Safari can’t open the page “http://defaults%20read%20/Applications/Safari.app/Contents/Info%20LSEnvironmentl s%20-la%20~/Library/LaunchAgents” because Safari can’t find the server “defaults%20read%20”."
And the third command I got, "Safari can’t open the page “http://grep%20"/Users/$USER/\..*"%20~/Library/LaunchAgents/*” because the page’s address isn’t valid."
DOES THIS MEAN I AM INFECTED??? Help please!
First, you don't do those commands in a browser, you enter them into a terminal (in Utilities) window as mentioned in the paragraphs prior to those commands.
Second, you are picking up on a post that was dated April 6. Since that time things changed, and other Flashback detectors have come along. Specifically, go to F_Secure's Flashback Removal Tool web page, download their Flashback trojan detection/removal tool, and follow the instructions you find there.
Third, apple has released java updates which also attempt to detect and remove flashback strains.
No not at all! Run Software update on your computer if you using OS X 10.6.x or 10.7.x if you have not since April 13th. You will download:
and you will also bring your system up-to-date for all the security updates it needs. Install all other updates Apple recommends for your system, these will also be included in Software Update.
Oh okay, that makes sense. I am not too computer savvy. I have just been having computer issues and thought it could be the trojan. I went to the F_Secure's website and I downloaded th zip; it said I don't have the malware . Is this sufficent?
I am still on leopard on version 10.5.8, so I cannot try those other downloads you provided.
I am not familiar with F_Secure so I can't recommend their applicaiton. If you are not in the habit of running Java based applications and or have not installed Java then your system is fine. However to be sure re-read WZZ's post above and look at how to detect and un-install the Trojan if necessary.
I went to the F_Secure's website and I downloaded th zip; it said I don't have the malware . Is this sufficent?
Probably, unless it can't find a newer variant. It's good up to 4/11.
I wonder if anyone's got a detection tool or if there's any AV that includes the latest variants...or if that's even necesssary?