Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Spinland
Spinland Author
User level: Level 1
55 points

Question about Flashback.K Trojan

On this instructional post:


http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_k.shtml


The initial instructions are:


  • 1. Run the following command in Terminal:
    ls -lA ~/Library/LaunchAgents/
  • 2. Take note of the filename. Proceed only when you have one file. Otherwise contact our customer care.


I ran the indicated command and encountered this output:


Node00:~ mdyson$ ls -lA ~/Library/LaunchAgents/

total 64

-rw-r--r-- 1 mdyson staff 697 Nov 15 10:19 com.adobe.AAM.Updater-1.0.plist

-rw-r--r-- 1 mdyson staff 574 Dec 1 17:51 com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae.plist

-rw-r--r-- 1 mdyson staff 618 Nov 14 17:54 com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.1A4046BE-D44F-4F2D-B3C7-FD 38ED0EF401.plist

-rw-r--r-- 1 mdyson staff 889 Nov 14 17:25 com.apple.CSConfigDotMacCert-mdyson@me.com-SharedServices.Agent.plist

-rw-r--r-- 1 mdyson staff 425 Dec 22 13:36 com.apple.FolderActions.enabled.plist

-rw-r--r-- 1 mdyson staff 517 Dec 22 13:36 com.apple.FolderActions.folders.plist

-rw-r--r--@ 1 mdyson staff 803 Jan 7 13:43 com.google.keystone.agent.plist

-rw-r--r--@ 1 mdyson staff 543 Jan 30 10:58 ws.agile.1PasswordAgent.plist

Node00:~ mdyson$


In item 2, based on multiple results, my apparent next step would be to contact "our customer care" but I am not an F-Secure customer and instructions as to exactly whom and how I am to contact them are lacking. For various reasons I did have Java installed and enabled in Safari.


Based on the above output should I even be worried?


Thanks in advance!

MacBook Pro 17, Mac OS X (10.7), Mac Mini Server; Time Capsule

Posted on Apr 3, 2012 7:16 AM

Reply
Question marked as Best reply
User profile for user: Frank Caggiano
Frank Caggiano
User level: Level 7
25,979 points

Posted on Apr 3, 2012 8:19 AM

You're running Lion, by default java is not installed in Lion. Did you install java?


if you're not sure open a terminal and enter


java -version


If java is installed you'll get a version number if it is not installed you'll be asked i you want to install it, don't.


If it is not installed you don;t need to worry about this trojan. If is is installed post back.

View in context
17 replies
User profile for user: Spinland
Spinland Author
User level: Level 1
55 points

Apr 4, 2012 5:20 AM in response to MadMacs0

As far as pooh-poohing the severity of this issue, I think it's time to get real. Apple obviously took it seriously, as evidenced by their fast-tracking this Java update. And given the security company who raised the red flag is also demonstrably trying hard to make information freely available so people can act, ascribing sinister motives seems just silly.


@MadMacs0: Thanks, your insight as to the dates was helpful validation of my opinion. Also, all of the entries track back to software I recognize and installed myself. I was probably just being overly-nervous after hearing of this trojan and, when I saw some beachballs when it seemed my dual-core i7 machine with 8GB of RAM should be handling a job without breaking a sweat, I got paranoid.


I've never knowingly gone to a "dodgy" web site, don't mess with torrent crap, and I went through the rest of the steps posted on that security site and came up clean so far as I can tell. I'm satisfied this has passed me by. Java is disabled by default on Safari and I just installed the new update.


Thanks to all!

Reply

Question about Flashback.K Trojan

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up