Previous 1 2 Next 16 Replies Latest reply: Dec 14, 2014 1:16 AM by MadMacs0
acamarata Level 1 Level 1 (0 points)

I read tonight that this Malware may have have infected over 600,000 machines.......disguised as Adobe Flash update.

 

How do I know if I my update was legitimate?

 

Thanks


Mac Pro, Mac OS X (10.6.8)
  • FatMac>MacPro Level 4 Level 4 (3,395 points)

    acamarata wrote:

     

    I read tonight that this Malware may have have infected over 600,000 machines.......disguised as Adobe Flash update.

     

    How do I know if I my update was legitimate?

     

    Thanks

    Read http://reviews.cnet.com/8301-13727_7-57410050-263/mac-flashback-malware-what-it- is-and-how-to-get-rid-of-it-faq/ and follow the instructions. Keep in mind that Flash installs a preference panel in System Preferences and one of the options is whether it will check for updates automatically and alert you to new versions. That's one way to be presented with a Flash update. Another, of course, is the flashback trick.

  • X423424X Level 6 Level 6 (14,205 points)

    Here's what I am suggesting as a rudimentary test for some of the known strains of the flashback trojans.  Open a terminal window and copy/paste each of the following lines hitting return after each one and note the results:

     

    defaults read ~/.MacOSX/environment

    defaults read /Applications/Safari.app/Contents/Info LSEnvironment

    ls -la ~/Library/LaunchAgents

    grep "/Users/$USER/\..*" ~/Library/LaunchAgents/*

     

    For the two defaults command if you get anything other than a "does not exist" error message post the results since you are almost certainly infected.

     

    The third command, ls, just lists the contents of your LaunchAgents, if any.  That's additional info to be used in conjunction with the last grep command.  If the grep shows any results then that too may indicate infection and again post its results.

  • Roy Bercaw Level 1 Level 1 (70 points)

    Thanks for the rudimentary test. I did try to update Flash Player when TV network sites updated to FP 10 which requires an Intel processor. According to your test no flashback malware on mine.

  • macfrombrampton Level 1 Level 1 (0 points)

    Have anyone tried installing Clamxav from the App store to see if it is able to detect this malware?

  • X423424X Level 6 Level 6 (14,205 points)

    Why bother?  I believe apple's most resent Java updates check for the same stuff.  Similarly F_Secure's Flashback Removal Tool.

  • macfrombrampton Level 1 Level 1 (0 points)

    How is the java update identified. So I can determine if my snow Leopard has the update?

  • X423424X Level 6 Level 6 (14,205 points)

    Are you running with 10.6.8?  Does the java update appear in your Software Update?  Or download the thing:

     

    Java for Mac OS X 10.6 Update 8

  • Grant Bennet-Alder Level 9 Level 9 (52,140 points)

    To determine whether the update is installed, you can:

     

    !) try to install it again.

     

    2) System preferences > Software Update > Installed Updates tab ...

     

    ,,, should show:

     

    "Java for Mac OS X Update 8"

  • macfrombrampton Level 1 Level 1 (0 points)

    I do have the Java Mac OS x update 8.

    thanks

  • combaticus Level 1 Level 1 (0 points)

    umm is there anyway i can email those results to you, the second thing you said to put it in came up with 4 or 5 items. The flashback malware may not make my safari crash anymore but i still want rid of it how do i go about doing it, i can email you the results it gave me in the terminal

  • MadMacs0 Level 5 Level 5 (4,500 points)

    Disregard.

  • MadMacs0 Level 5 Level 5 (4,500 points)

    combaticus wrote:

     

    umm is there anyway i can email those results to you, the second thing you said to put it in came up with 4 or 5 items.

    Posting e-mail addresses is not allowed in the Forum. There is almost nothing you could post here that would give anything away except the serial number of your Mac and some passwords. If you are uncomfortable revealing you userid, just delete it from what you found.  I'd be very surprised if you have 4 or 5 infections in Safari. Most Flashback victims had only one.

    The flashback malware may not make my safari crash anymore but i still want rid of it how do i go about doing it

    If you are infected by Flashback, it would have been about a year ago now.  If you are using OS X 10.6.8 and keep it fully up-to-date, then you have run Apple's Malware Removal Tool several times now which should have cleaned everything up.

  • green9088 Level 1 Level 1 (0 points)

    would you mind taking a look at this----- I ran your test and i think that i have a problem!!!! I have already deleted Cleanmymac... I also was curious on how to delete thing permanently of the HD if possible, btw i am no computer genius, but i want to learn coding so anything helps and i am willing to try to do stuff in terminal. 

     

    Last login: Fri Dec 12 23:37:44 on ttys000

    Macintosh:~ username$

    Macintosh:~ username$ defaults read ~/.MacOSX/environment

    de2014-12-12 23:54:24.586 defaults[541:12863]

    Domain /Users/username/.MacOSX/environment does not exist

    Macintosh:~ username$ defaults read /Applications/Safari.app/Contents/Info LSEnvironment

    2014-12-12 23:56:41.185 defaults[542:13028]

    The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist

    Macintosh:~ username$ ls ~la ~/Library/LaunchAgents

    ls: ~la: No such file or directory

    /Users/username/Library/LaunchAgents:

    com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae.plist

    com.divx.agent.postinstall.plist

    com.genieo.completer.download.plist

    com.genieo.completer.update.plist

    com.google.keystone.agent.plist

    com.macpaw.CleanMyMac.helperTool.plist

    com.macpaw.CleanMyMac.trashSizeWatcher.plist

    com.macpaw.CleanMyMac.volumeWatcher.plist

    com.macpaw.CleanMyMac2Helper.scheduledScan.plist

    com.macpaw.CleanMyMac2Helper.trashWatcher.plist

    Macintosh:~ username$ grep "/Users/$USER/\..*" ~/Library/LaunchAgents/*

    /Users/username/Library/LaunchAgents/com.macpaw.CleanMyMac.helperTool.plist:    <string>/Users/username/.Trash</string>

    /Users/username/Library/LaunchAgents/com.macpaw.CleanMyMac2Helper.trashWatcher.p list:        <string>/Users/username/.Trash</string>

    Macintosh:~ username$

  • MadMacs0 Level 5 Level 5 (4,500 points)

    This discussion is over two and a half years old, so very little here will be current. Flashback has been extinct for over two years, so you don't need to be concerned with that in any case. You would almost certainly be better off starting a new discussion and completely describe what you are seeing instead of jumping to conclusions about what's wrong. You'll get more help faster that way. It's just the way this forum works best.

     

    That said, you have accidentally installed some sort of adware. The fastest, most effective way to identify and optionally remove all currently known adware is by using AdwareMedic, developed by thomas_r. this Forum's malware guru, owner of TheSafeMac and a colleague of mine.

     

    To understand why this happened and how to avoid such things in the future read John Galt's How to install adware.

Previous 1 2 Next