Want to highlight a helpful answer? Upvote!

Did someone help you, or did an answer or User Tip resolve your issue? Upvote by selecting the upvote arrow. Your feedback helps others! Learn more about when to upvote >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: kocu
kocu Author
User level: Level 1
0 points

display of TL9 , N39,etc

User uploaded file

Mac Pro, Mac OS X (10.6.7)

Posted on Feb 22, 2012 2:33 AM

Reply
4 replies
User profile for user: wjosten
wjosten
User level: Level 10
95,321 points

Feb 22, 2012 2:43 AM in response to kocu

You've been infected with the Flashback Trojan. The trojan is designed to steal your personal information. Your best bet is to erase your hard drive & reinstall from a backup prior to this happening. You should also change your passwords for banking, email, iTunes, etc. UCLA "claims" this can remove the trojan...you can give it a shot, but I'd erase your drive & reinstall:


http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-ed ition.aspx

Reply
User profile for user: X423424X
X423424X
User level: Level 6
14,265 points

Feb 22, 2012 3:03 AM in response to kocu

Here's info on the original flashback trojan:


INTEGO SECURITY MEMO: Mac Flashback Trojan Horse Masquerades as Flash Player Installer Package


and the latest strain,


New Flashback Trojan Horse Variant Uses Novel Delivery Method to Infect Macs


Please read the following thread. It has links to articles on this topic and possible fixes for this trojan. You don't have to reinstall.


Why is it when i right click and choose options in finder, they are coming up as numbers and letters?


Also, some have found just making sure you have the latest version of java installed is sufficient:


URGENT: Ensure Java is up-to-date!


Related to this and java:


Flashback infections becoming widespread

Reply
User profile for user: guitman
guitman
User level: Level 1
0 points

Feb 28, 2012 10:21 AM in response to kocu

I was also having this issue. I sent some suspect files to Sophos and the verified they were indeed a virus. They identified this as OSX/Flshplyr-A . As of today, thier definition updates claim to now protect against this using thier free antivirus solution for Mac.


The infected files on my machine were:


/Users/Shared/.SuperJigsawPets.so

/User/Shared/.svcdmp.so

~/.MACOSX/environment.plist


Once these were removed, my issues were resolved.

Reply
User profile for user: thomas_r.
thomas_r.
User level: Level 7
31,989 points

Feb 28, 2012 11:32 AM in response to guitman

You should be warned that each variant of Flashback is very different, and very insidious. They will all inject malicious code into a variety of apps, and some of them will disable the built-in anti-malware protection in Mac OS X. Some will refuse to install if third-party malware protection is installed, others will disable that protection as well. And since there is absolutely no agreement among the various anti-virus companies as to a name, we have no way of knowing which variant it is that Sophos is calling OSX/Flshplyr-A.


Your symptoms may have resolved, but you may still be infected. Which means, you may still have malicious code in, say, Safari, snooping on your surfing and reporting back what it finds. It's looking in particular for things like bank site passwords. My advice at this point is to erase the hard drive and completely reinstall the system and all apps cleanly, bringing only user data over from your backups. See Flashback infections becoming widespread.


(Note that my pages contain links to other pages that promote my services, and this should not be taken as an endorsement of my services by Apple.)

Reply

display of TL9 , N39,etc

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up