Possible new version of Flashback trojan
Dear all,
today I experienced some problems just like the people in these two threads:
https://discussions.apple.com/thread/3355170?tstart=0
https://discussions.apple.com/thread/3350734?answerId=16280207022#16280207022
Among others, my finder sidebar suddenly said SD5, SD6, SD7 instead of "Devices", "Shared" etc., and Skype crashed when trying to start it.
Examining Skype's crash report revealed the following line:
0x154c000 - 0x1574ff3 +.AiseesoftFLVConverter.so ??? (???) <23EEF509-128B-B224-D44D-313574EE83D3> /Users/Shared/.AiseesoftFLVConverter.so
which happened to share resemblance with the file <user>/.MacOSX/environment.plist, the content of which contained :
<dict>
<key>DYLD_INSERT_LIBRARIES</key>
<string>/Users/Shared/.AiseesoftFLVConverter.so</string>
</dict>
While I've renamed the two files, and my system has returned to normal behaviour, I'm not entirely sure I've deleted every part of the trojan. As for the files that are mentioned in the links above, I've moved and renamed the environment.plist file, but I wasn't able to find any of the other files mentioned:
- .MacOSX/environment.plist
- Library/LaunchAgents/com.apple.SystemUI.plist
- Library/Preferences/perflib
- Library/Preferences/Preferences.dylib
- Library/Logs/swlog
I'll be happy to provide any further information/trojan files if someone thinks there's something they can do with it.
One problem remains, as can be seen in the following screen shot. My <user>/Library/Preferences/ directory seems to have been altered or tampered with in some way, is there any chance there is still an active and malicious part of the trojan on my computer?
All help is appreciated! Thanks in advance
MacBook Pro, Mac OS X (10.6.8)