How do i know if I have malware (Flashback)?
I read tonight that this Malware may have have infected over 600,000 machines.......disguised as Adobe Flash update.
How do I know if I my update was legitimate?
Thanks
Mac Pro, Mac OS X (10.6.8)
I read tonight that this Malware may have have infected over 600,000 machines.......disguised as Adobe Flash update.
How do I know if I my update was legitimate?
Thanks
Mac Pro, Mac OS X (10.6.8)
acamarata wrote:
I read tonight that this Malware may have have infected over 600,000 machines.......disguised as Adobe Flash update.
How do I know if I my update was legitimate?
Thanks
Read http://reviews.cnet.com/8301-13727_7-57410050-263/mac-flashback-malware-what-it- is-and-how-to-get-rid-of-it-faq/ and follow the instructions. Keep in mind that Flash installs a preference panel in System Preferences and one of the options is whether it will check for updates automatically and alert you to new versions. That's one way to be presented with a Flash update. Another, of course, is the flashback trick.
Here's what I am suggesting as a rudimentary test for some of the known strains of the flashback trojans. Open a terminal window and copy/paste each of the following lines hitting return after each one and note the results:
defaults read ~/.MacOSX/environment
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
ls -la ~/Library/LaunchAgents
grep "/Users/$USER/\..*" ~/Library/LaunchAgents/*
For the two defaults command if you get anything other than a "does not exist" error message post the results since you are almost certainly infected.
The third command, ls, just lists the contents of your LaunchAgents, if any. That's additional info to be used in conjunction with the last grep command. If the grep shows any results then that too may indicate infection and again post its results.
Thanks for the rudimentary test. I did try to update Flash Player when TV network sites updated to FP 10 which requires an Intel processor. According to your test no flashback malware on mine. 🙂
Have anyone tried installing Clamxav from the App store to see if it is able to detect this malware?
Why bother? I believe apple's most resent Java updates check for the same stuff. Similarly F_Secure's Flashback Removal Tool.
How is the java update identified. So I can determine if my snow Leopard has the update?
Are you running with 10.6.8? Does the java update appear in your Software Update? Or download the thing:
To determine whether the update is installed, you can:
!) try to install it again.
2) System preferences > Software Update > Installed Updates tab ...
,,, should show:
"Java for Mac OS X Update 8"
I do have the Java Mac OS x update 8.
thanks
umm is there anyway i can email those results to you, the second thing you said to put it in came up with 4 or 5 items. The flashback malware may not make my safari crash anymore but i still want rid of it how do i go about doing it, i can email you the results it gave me in the terminal
Disregard.
combaticus wrote:
umm is there anyway i can email those results to you, the second thing you said to put it in came up with 4 or 5 items.
Posting e-mail addresses is not allowed in the Forum. There is almost nothing you could post here that would give anything away except the serial number of your Mac and some passwords. If you are uncomfortable revealing you userid, just delete it from what you found. I'd be very surprised if you have 4 or 5 infections in Safari. Most Flashback victims had only one.
The flashback malware may not make my safari crash anymore but i still want rid of it how do i go about doing it
If you are infected by Flashback, it would have been about a year ago now. If you are using OS X 10.6.8 and keep it fully up-to-date, then you have run Apple's Malware Removal Tool several times now which should have cleaned everything up.
would you mind taking a look at this----- I ran your test and i think that i have a problem!!!! I have already deleted Cleanmymac... I also was curious on how to delete thing permanently of the HD if possible, btw i am no computer genius, but i want to learn coding so anything helps and i am willing to try to do stuff in terminal.
Last login: Fri Dec 12 23:37:44 on ttys000
Macintosh:~ username$
Macintosh:~ username$ defaults read ~/.MacOSX/environment
de2014-12-12 23:54:24.586 defaults[541:12863]
Domain /Users/username/.MacOSX/environment does not exist
Macintosh:~ username$ defaults read /Applications/Safari.app/Contents/Info LSEnvironment
2014-12-12 23:56:41.185 defaults[542:13028]
The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist
Macintosh:~ username$ ls ~la ~/Library/LaunchAgents
ls: ~la: No such file or directory
/Users/username/Library/LaunchAgents:
com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae.plist
com.divx.agent.postinstall.plist
com.genieo.completer.download.plist
com.genieo.completer.update.plist
com.google.keystone.agent.plist
com.macpaw.CleanMyMac.helperTool.plist
com.macpaw.CleanMyMac.trashSizeWatcher.plist
com.macpaw.CleanMyMac.volumeWatcher.plist
com.macpaw.CleanMyMac2Helper.scheduledScan.plist
com.macpaw.CleanMyMac2Helper.trashWatcher.plist
Macintosh:~ username$ grep "/Users/$USER/\..*" ~/Library/LaunchAgents/*
/Users/username/Library/LaunchAgents/com.macpaw.CleanMyMac.helperTool.plist: <string>/Users/username/.Trash</string>
/Users/username/Library/LaunchAgents/com.macpaw.CleanMyMac2Helper.trashWatcher.p list: <string>/Users/username/.Trash</string>
Macintosh:~ username$
This discussion is over two and a half years old, so very little here will be current. Flashback has been extinct for over two years, so you don't need to be concerned with that in any case. You would almost certainly be better off starting a new discussion and completely describe what you are seeing instead of jumping to conclusions about what's wrong. You'll get more help faster that way. It's just the way this forum works best.
That said, you have accidentally installed some sort of adware. The fastest, most effective way to identify and optionally remove all currently known adware is by using AdwareMedic, developed by thomas_r. this Forum's malware guru, owner of TheSafeMac and a colleague of mine.
To understand why this happened and how to avoid such things in the future read John Galt's How to install adware.
Wow, I love it..... Thanks for your the awesome response time!!! Yea I have noticed some funky things happening on my mid-2009 macbook pro, for instance when i open programs such as Microsoft word it always asks if i will allow incoming connection, although I have it set to allow in my firewall panel, Do you know why this is happening? BTW i will try that program out asap.
Thank you
How do i know if I have malware (Flashback)?