LNOM
Level 1 (4 points)
Mac OS X

Q: flashback

MacBook Pro 13-inch, Late 2011 running OS X Yosemite 10.10.1

Senior Citizen needs help

I'm pretty sure I have the Flashback malware  (virus? Trojan?)

I downloaded and installed the malware removal tool - tried to install FlashbackRemovalUpdate.pkg  but got a message saying that my MBP didn't meet the requirements.

     1. Is there a different update for my system?

     2. How do I know if I still have the flashback malware?

     3. Should I now uninstall Adobe Flash altogether and reinstall a fresh clean version?

I also ran Clamx and it did not detect any problems.

 

Thanks so much and please if possible to answer me, make it very simple, e.g., a. do this b. do that c. now do this

(I'm not as smart as I used to be)

MacBook Pro (13-inch Late 2011), OS X Mavericks (10.9.2), iPhone 4S iOS 7.0.6

Posted on Apr 19, 2015 10:32 AM

by thomas_r.,Solvedanswer
thomas_r. thomas_r.
Level 7 (30,889 points)
Mac OS X
A:

LNOM wrote:

 

disk/or volume that showed up when I ran the disk utility app. It showed that I had a disk mounted called "decrypted file.dmg".

 

That's not part of Flashback, that's a file downloaded as part of Adobe Flash Player's auto-update process. Disk Utility simply shows any recently-opened disk image files, so it shows up there. It would be nice if Adobe would change the name of the file to something a little less vague and weird, but they haven't.

 

Flashback is extinct. It is no longer able to infect Mac OS X, and hasn't been seen in the wild in years. There is literally no way that you could be infected with Flashback on your Yosemite system.

 

I'd advise you to start a new topic to ask about the recent performance issues. They're not related to Flashback, so continuing to discuss that here will mean that you won't get the attention of other people who may be able to help. In the meantime, see my Mac Performance Guide for some general tips that may help.

 

(Fair disclosure: I may receive compensation from links to my sites, TheSafeMac.com and AdwareMedic.com.)

Posted on Apr 19, 2015 3:05 PM

Close
LNOM

Q: flashback

  • All replies
  • Helpful answers

  • by Kappy,

    Kappy Kappy Apr 19, 2015 10:40 AM in response to LNOM
    Level 10 (270,039 points)
    Desktops
    Apr 19, 2015 10:40 AM in response to LNOM

    Helpful Links Regarding Malware Problems

     

    If you are having an immediate problem with ads popping up see The Safe Mac » Adware Removal Guide, remove adware that displays pop-up ads and graphics on your Mac, and AdwareMedic. If you require anti-virus protection Thomas Reed recommends using ClamXAV. (Thank you to Thomas Reed for this recommendation.) You might consider adding this Safari extensions: Adblock Plus 1.8.9.

     

    Open Safari, select Preferences from the Safari menu. Click on Extensions icon in the toolbar. Disable all Extensions. If this stops your problem, then re-enable them one by one until the problem returns. Now remove that extension as it is causing the problem.

     

    The following comes from user stevejobsfan0123. I have made minor changes to adapt to this presentation.

     

    Fix Some Browser Pop-ups That Take Over Safari.

     

    Common pop-ups include a message saying the government has seized your computer and you must pay to have it released (often called "Moneypak"), or a phony message saying that your computer has been infected, and you need to call a tech support number (sometimes claiming to be Apple) to get it resolved. First, understand that these pop-ups are not caused by a virus and your computer has not been affected. This "hijack" is limited to your web browser. Also understand that these messages are scams, so do not pay any money, call the listed number, or provide any personal information. This article will outline the solution to dismiss the pop-up.

     

    Quit Safari

     

    Usually, these pop-ups will not go away by either clicking "OK" or "Cancel." Furthermore, several menus in the menu bar may become disabled and show in gray, including the option to quit Safari. You will likely have to force quit Safari. To do this, press Command + option + esc, select Safari, and press Force Quit.

     

    Relaunch Safari

     

    If you relaunch Safari, the page will reopen. To prevent this from happening, hold down the 'Shift' key while opening Safari. This will prevent windows from the last time Safari was running from reopening.

     

    This will not work in all cases. The shift key must be held at the right time, and in some cases, even if done correctly, the window reappears. In these circumstances, after force quitting Safari, turn off Wi-Fi or disconnect Ethernet, depending on how you connect to the Internet. Then relaunch Safari normally. It will try to reload the malicious webpage, but without a connection, it won't be able to. Navigate away from that page by entering a different URL, i.e. www.apple.com, and trying to load it. Now you can reconnect to the Internet, and the page you entered will appear rather than the malicious one.

  • by LNOM,

    LNOM LNOM Apr 19, 2015 12:58 PM in response to Kappy
    Level 1 (4 points)
    Mac OS X
    Apr 19, 2015 12:58 PM in response to Kappy

    Thank you Kappy, I'm afraid I misrepresented the problem. It all started a few weeks/couple of months ago. I noticed a HUGE slowdown on my MBP and it's not because I'm out of disk space.

     

    I'm not running Mavericks but Yosemite 10.10.3, and the problem isn't ad popups but rather disk/or volume that showed up when I ran the disk utility app. It showed that I had a disk mounted called "decrypted file.dmg". I ejected/unmounted it. But from what I'm reading I understand that this is a trojan. I'm only guessing but I'm thinking that this trojan could be responsible for the slowdown?

     

    And btw, you are so kind for responding so quickly. I truly appreciate your help.

  • by thomas_r.,Solvedanswer

    thomas_r. thomas_r. Apr 19, 2015 3:05 PM in response to LNOM
    Level 7 (30,889 points)
    Mac OS X
    Apr 19, 2015 3:05 PM in response to LNOM

    LNOM wrote:

     

    disk/or volume that showed up when I ran the disk utility app. It showed that I had a disk mounted called "decrypted file.dmg".

     

    That's not part of Flashback, that's a file downloaded as part of Adobe Flash Player's auto-update process. Disk Utility simply shows any recently-opened disk image files, so it shows up there. It would be nice if Adobe would change the name of the file to something a little less vague and weird, but they haven't.

     

    Flashback is extinct. It is no longer able to infect Mac OS X, and hasn't been seen in the wild in years. There is literally no way that you could be infected with Flashback on your Yosemite system.

     

    I'd advise you to start a new topic to ask about the recent performance issues. They're not related to Flashback, so continuing to discuss that here will mean that you won't get the attention of other people who may be able to help. In the meantime, see my Mac Performance Guide for some general tips that may help.

     

    (Fair disclosure: I may receive compensation from links to my sites, TheSafeMac.com and AdwareMedic.com.)

  • by LNOM,

    LNOM LNOM Apr 20, 2015 5:52 AM in response to thomas_r.
    Level 1 (4 points)
    Mac OS X
    Apr 20, 2015 5:52 AM in response to thomas_r.

    Thank you so much Thomas, I appreciate your enlightening me very much. I will indeed read your performance guide. Have a great day!

  • by drdarkeny,

    drdarkeny drdarkeny Aug 22, 2016 8:15 AM in response to LNOM
    Level 1 (4 points)
    Aug 22, 2016 8:15 AM in response to LNOM

    thomas_r:
    ::Flashback is extinct. It is no longer able to infect Mac OS X, and hasn't been seen in the wild in years. There is literally no way that you could be infected with Flashback on your Yosemite system.::

     

    Well, I wish you'd tell my Mid-2013 Macbook Air running El Capitan that! I'm constantly being inundated by fake "Flash" pop-up messages and demands I download the latest "image viewer" when I go to media-rich sites like CBS All Access or Bloomberg. I've yet to click on any because I used to have a Windows PC so I'm really cautious about clicking on links - but it's pretty constant, and I'm worried I might have a bit of malware on my system that calls them to me.

     

    Any help on that?

  • by KiltedTim,

    KiltedTim KiltedTim Aug 22, 2016 8:18 AM in response to drdarkeny
    Level 9 (54,814 points)
    iPhone
    Aug 22, 2016 8:18 AM in response to drdarkeny

    That is NOT flashback. You have a completely different issue.

    Please start your own thread.

  • by Eric Root,

    Eric Root Eric Root Aug 22, 2016 8:55 AM in response to drdarkeny
    Level 9 (69,599 points)
    iTunes
    Aug 22, 2016 8:55 AM in response to drdarkeny

    You might want to consider starting a new discussion. Since this one is marked solved, less people are likely to look at it. A new post would be much more visible. You can link to this one.

     

     

    Safari – Popup takes over


     

    Safari – Popup takes over (2)


     

    Popup remover – Scam Zapper


     

    If the pop-up reloads, force quit Safari (command - option/alt - esc) and reopen with the shift key held down. If that doesn't work, disconnect from the Internet, go to Safari/History and delete the website. Quit and reopen with the shift key held down.