Previous 1 12 13 14 15 16 Next 227 Replies Latest reply: Apr 12, 2012 8:53 PM by MadMacs0 Go to original post
  • tetonfromthatplace Level 1 Level 1 (0 points)

    I got lots of bits and pieces of information from this thread and thought I would post what I found and did just to help out the next person.

     

    I originally got an email from the network admin saying my computer had the flashback virus.  The terminal commands from F--secure did NOT detect the virus.

    I then ran Little snitch and it informed me of two programs

    .aman and .flserv

    both located in /user/primary.

    These programs were trying to connect to

    vxvhwcixcxqcd.com

    vxvhwcixcxqcd.net

    tygoiuoigwodd.com

    tygoiuoigwodd.net


    I then ran the following command in terminal to show all hiden files in finder.
    defaults write com.apple.Finder AppleShowAllFiles YES
    Restarted finder, located .aman and .flserv and deleted the files.
    Everything seems to be back to normal now.

     

     

  • X423424X Level 6 Level 6 (14,205 points)
    The terminal commands from F--secure did NOT detect the virus

     

    Go to F_Secure's Flashback Removal Tool web page, download their Flashback trojan detection/removal tool, and follow the instructions you find there.  That will detect those files and remove them it you allow it.

     

    Also download the latest Apple Java update that came out today and it may detect those files too and remove them.

  • tetonfromthatplace Level 1 Level 1 (0 points)

    from F-secure's website I ran

     

    defaults read /Applications/Safari.app/Contents/Info LSEnvironment

    and

    defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

     

    neither one of these found the virus.  I had already installed the apply java update.  Not sure why neither one of those things worked?  It wasn't until I installed Little Snatch that I saw what was happening and worked backwards.  

    Of course now I realize i have to figure out how to turn of Little Snatch.

     

    And,  was simply deleting the two files clean things up.  Or is there a more thorough investigation I need to do.   I'm normally pretty good about not installing downloaded programs unless I know what it is, so I am actually rather suprised my computer was infected.

  • MadMacs0 Level 5 Level 5 (4,500 points)

    tetonfromthatplace wrote:

     

    from F-secure's website I ran

     

    defaults read /Applications/Safari.app/Contents/Info LSEnvironment

    and

    defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

    I think you were probably using the wrong F-Secure guidance. The current one is for the "K" variant and has 18 steps.

    I had already installed the apply java update.

    He's referring to the new one that came out today which removes most Flashware malware.

    And,  was simply deleting the two files clean things up.  Or is there a more thorough investigation I need to do.

    Run the software update.

Previous 1 12 13 14 15 16 Next