-
All replies
-
Helpful answers
-
Apr 12, 2012 8:11 PM in response to chadonlineby tetonfromthatplace,I got lots of bits and pieces of information from this thread and thought I would post what I found and did just to help out the next person.
I originally got an email from the network admin saying my computer had the flashback virus. The terminal commands from F--secure did NOT detect the virus.
I then ran Little snitch and it informed me of two programs
.aman and .flserv
both located in /user/primary.
These programs were trying to connect to
I then ran the following command in terminal to show all hiden files in finder.defaults write com.apple.Finder AppleShowAllFiles YESRestarted finder, located .aman and .flserv and deleted the files.Everything seems to be back to normal now. -
Apr 12, 2012 8:26 PM in response to tetonfromthatplaceby X423424X,The terminal commands from F--secure did NOT detect the virus
Go to F_Secure's Flashback Removal Tool web page, download their Flashback trojan detection/removal tool, and follow the instructions you find there. That will detect those files and remove them it you allow it.
Also download the latest Apple Java update that came out today and it may detect those files too and remove them.
-
Apr 12, 2012 8:45 PM in response to X423424Xby tetonfromthatplace,from F-secure's website I ran
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
and
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
neither one of these found the virus. I had already installed the apply java update. Not sure why neither one of those things worked? It wasn't until I installed Little Snatch that I saw what was happening and worked backwards.
Of course now I realize i have to figure out how to turn of Little Snatch.
And, was simply deleting the two files clean things up. Or is there a more thorough investigation I need to do. I'm normally pretty good about not installing downloaded programs unless I know what it is, so I am actually rather suprised my computer was infected.
-
Apr 12, 2012 8:53 PM in response to tetonfromthatplaceby MadMacs0,tetonfromthatplace wrote:
from F-secure's website I ran
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
and
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
I think you were probably using the wrong F-Secure guidance. The current one is for the "K" variant and has 18 steps.
I had already installed the apply java update.
He's referring to the new one that came out today which removes most Flashware malware.
And, was simply deleting the two files clean things up. Or is there a more thorough investigation I need to do.
Run the software update.