Currently Being ModeratedApr 5, 2012 7:33 PM (in response to acamarata)
I read tonight that this Malware may have have infected over 600,000 machines.......disguised as Adobe Flash update.
How do I know if I my update was legitimate?
Read http://reviews.cnet.com/8301-13727_7-57410050-263/mac-flashback-malware-what-it- is-and-how-to-get-rid-of-it-faq/ and follow the instructions. Keep in mind that Flash installs a preference panel in System Preferences and one of the options is whether it will check for updates automatically and alert you to new versions. That's one way to be presented with a Flash update. Another, of course, is the flashback trick.
Currently Being ModeratedApr 5, 2012 11:01 PM (in response to acamarata)
Here's what I am suggesting as a rudimentary test for some of the known strains of the flashback trojans. Open a terminal window and copy/paste each of the following lines hitting return after each one and note the results:
defaults read ~/.MacOSX/environment
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
ls -la ~/Library/LaunchAgents
grep "/Users/$USER/\..*" ~/Library/LaunchAgents/*
For the two defaults command if you get anything other than a "does not exist" error message post the results since you are almost certainly infected.
The third command, ls, just lists the contents of your LaunchAgents, if any. That's additional info to be used in conjunction with the last grep command. If the grep shows any results then that too may indicate infection and again post its results.
Currently Being ModeratedApr 6, 2012 4:41 AM (in response to X423424X)
Thanks for the rudimentary test. I did try to update Flash Player when TV network sites updated to FP 10 which requires an Intel processor. According to your test no flashback malware on mine.
Currently Being ModeratedMay 1, 2012 3:34 PM (in response to macfrombrampton)
To determine whether the update is installed, you can:
!) try to install it again.
2) System preferences > Software Update > Installed Updates tab ...
,,, should show:
"Java for Mac OS X Update 8"Mac Pro (Early 2009), Mac OS X (10.6.8), & Server, PPC, & AppleTalk Printers
Currently Being ModeratedMay 1, 2013 8:35 PM (in response to X423424X)
umm is there anyway i can email those results to you, the second thing you said to put it in came up with 4 or 5 items. The flashback malware may not make my safari crash anymore but i still want rid of it how do i go about doing it, i can email you the results it gave me in the terminal
Currently Being ModeratedMay 2, 2013 12:02 AM (in response to combaticus)
umm is there anyway i can email those results to you, the second thing you said to put it in came up with 4 or 5 items.
Posting e-mail addresses is not allowed in the Forum. There is almost nothing you could post here that would give anything away except the serial number of your Mac and some passwords. If you are uncomfortable revealing you userid, just delete it from what you found. I'd be very surprised if you have 4 or 5 infections in Safari. Most Flashback victims had only one.
The flashback malware may not make my safari crash anymore but i still want rid of it how do i go about doing it
If you are infected by Flashback, it would have been about a year ago now. If you are using OS X 10.6.8 and keep it fully up-to-date, then you have run Apple's Malware Removal Tool several times now which should have cleaned everything up.