flashback virus

X4, thanks for continuing to post and provide help.

Is this anything to be concerned about?

"my"-MacBook:~ "name"$ grep "/Users/$USER/\..*" ~/Library/LaunchAgents/* | grep -v

Usage: grep [OPTION]... PATTERN [FILE]...

Try `grep --help' for more information.

"my"-MacBook:~ "name"$

Where "my" and "name" are in the code is my comuter's name.

Thanks.

S

Is this anything to be concerned about?

"my"-MacBook:~ "name"$ grep "/Users/$USER/\..*" ~/Library/LaunchAgents/* | grep -v

Usage: grep [OPTION]... PATTERN [FILE]...

Try `grep --help' for more information.

"my"-MacBook:~ "name"$

It looks like didn't copy the entire command line. Hence the usage error.

grep "/Users/$USER/\..*" ~/Library/LaunchAgents/* | grep -v "/Users/$USER/\.Trash"

You show above nothing after the -v. Each command is one line. It's this forum software that's wrapping the lines to fit in the allotted width. For example tripple click the above grep and you should see the entire line selected even if it is wrapped.

Where "my" and "name" are in the code is my comuter's name.

That's defined by your Sharing system preferences. If you change it there I don't think you will see that reflected in the current terminal prompt until you create a new terminal window.

OK thanks. Please excuse me, as I am not trying to be difficult, but want to learn and make sure I am doing this right.

Am I correct in that I am running the entire:grep "/Users/$USER/\..*" ~/Library/LaunchAgents/* | grep -v "/Users/$USER/\.Trash" in Terminal? Not just: grep "/Users/$USER/\..*" ~/Library/LaunchAgents/* | grep -v?

I ran the entire command (grep "/Users/$USER/\..*" ~/Library/LaunchAgents/* | grep -v "/Users/$USER/\.Trash") and got nothing back except my maybook name and administrator name. Am I good?

Thanks again.

S

Looks ok.

Thanks X4, wish I could give you points...you deserve 'em.

You're welcom.

I couldn't understand why the CleanMyMac LaunchAgent contains /Users/USERNAME/.Trash. Thanks, I have no grep with any of that. (Sorry, I can never pass up a bad pun.)

CleanMyMac is one of those crazy apps that trys to be all things for all people, a cross between a tool like OnyX and so called uninstaller tools like AppCleaner, AppZapper, etc. Since it can uninstall stuff and clean stuff up then presumably it needs to delete the stuff it finds. I suppose it is tossing the stuff in the trash as opposed to directly deleting it. So that may be the reason for the references to ~/.Trash in launch agent. Why a launch agent? Not sure. Unless there is a reason for it I would think the app could have just as easily used a login item.

Thank you X4, you are great. Ran all the commands in teminal and everything looks good.

Thank You again

Dennis

Hi Friends,

This has been addressed by apple in the recent update released on April 6th.

http://news.cnet.com/8301-27076_3-57410050-248/mac-flashback-malware-what-it-is- and-how-to-get-rid-of-it-faq/?tag=rb_content;main

Follow the link's to see wether your system got attacked by malware.

1) http://public.dev.drweb.com/april/

2) http://news.drweb.com/show/?i=2341&lng=en&c=14

Apply the below update from Apple:

http://support.apple.com/kb/HT5228

Or simply run Software Update.

X4, these are my launch agents:

drwxr-xr-x 6 myname staff 204 30 Dec 17:51 .

drwx------+ 40 myname staff 1360 1 Feb 18:56 ..

-rw-r--r-- 1 myname staff 572 19 Feb 2011 com.apple.FTMonitor.plist

-rw-r--r-- 1 myname staff 411 19 Feb 2011 com.apple.imagent.plist

-rw-r--r-- 1 myname staff 447 19 Feb 2011 com.apple.marcoagent.plist

-rw-r--r-- 1 myname staff 805 30 Dec 17:51 com.google.keystone.agent.plist

My grep line returns nothing.

What do you think?

Thanks very much!

My grep line returns nothing.

What do you think?

If the grep shows nothing it looks like you don't have that particular strain. But you should also run the other commands for a quick check of the other strains (i.e., the defaults commands).

I'd already done the first three commands, they were clear.

Thanks again.

http://support.apple.com/kb/DL1517

http://support.apple.com/kb/DL1515

http://support.apple.com/kb/DL1516