.rserv wants to connect to cuojshtbohnt.com

The terminal commands from F--secure did NOT detect the virus

Go to F_Secure's Flashback Removal Tool web page, download their Flashback trojan detection/removal tool, and follow the instructions you find there. That will detect those files and remove them it you allow it.

Also download the latest Apple Java update that came out today and it may detect those files too and remove them.

from F-secure's website I ran

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

and

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

neither one of these found the virus. I had already installed the apply java update. Not sure why neither one of those things worked? It wasn't until I installed Little Snatch that I saw what was happening and worked backwards.

Of course now I realize i have to figure out how to turn of Little Snatch.

And, was simply deleting the two files clean things up. Or is there a more thorough investigation I need to do. I'm normally pretty good about not installing downloaded programs unless I know what it is, so I am actually rather suprised my computer was infected.

tetonfromthatplace wrote:

from F-secure's website I ran

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

and

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

I think you were probably using the wrong F-Secure guidance. The current one is for the "K" variant and has 18 steps.

I had already installed the apply java update.

He's referring to the new one that came out today which removes most Flashware malware.

And, was simply deleting the two files clean things up. Or is there a more thorough investigation I need to do.

Run the software update.