9 Replies Latest reply: Apr 7, 2012 1:28 PM by Academyofrock
Academyofrock Level 1 (0 points)

I see the article for the virus fix, but nowhere on the site is a big button saying download.  Is that too much to ask for?

MacBook Pro
  • twtwtw Level 5 (4,910 points)

    A quote from Men In Black, that is (given the recent state of my inbox) unfortunately accurate:


    J: People are smart, they can handle this kind of thing.

    K: A person is smart; People are dumb, panicky beasts, and you know it.


    Please try to be a person, and don't give in to being part of those people.  A "big button saying download" would be nice, no question, but it is not essential to the task.  Take a deep breath (or three), grab a cuppa, use your eyes and your head rather than your adrenal glands, and it will all make more sense.  If you have questions that we can actually answer, rather than requests for a magic button, please write back.


    I will point out (with an appropriately sardonic grimace) that this desire for "big buttons saying download" is how trojans get onto people's computers in the first place.  Food for thought...

  • Academyofrock Level 1 (0 points)

    Complete bolll...cks - I have clicked the various hotlinks.  None lead to a 'fix'.


    Having declared me as being more a less a single celled organism, perhaps you could answer the question in those terms?

  • twtwtw Level 5 (4,910 points)

    I haven't declared you anything, my friend; your choice, not mine.


    but in the spirit of helpfulness (and ignoring the hundreds of posts on this subject on this forum alone) let me summarize:


    First, do you have a problem?  Open Terminal.app and run the following commands:


    defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

    defaults read /Applications/Safari.app/Contents/Info LSEnvironment


    If you don't use Safai, substitute the name of the browser you do use.  A standard uninfected machine will produce an output like:


    The domain/default pair of (..., ...) does not exist.


    If that's what you see, you don't have a problem.  Disable java in Safari and /Application/Utilities/Java Preferences, run Software Update, and go get a good night's sleep.  Software update may or may not download the Java Update - if it doesn't, you don't have Java installed, and you don't have to worry about it.


    On the remote chance you see something else, post the output here. Most likely it will be a useful dynamic libray, but if not, do the steps above (which will render the gambit harmless), and then we'll talk about how to remove the trojan.


    As people have commented in many, many places, disabling Java is not something you're likely to notice.  I had it enabled on my machine because there are a couple of old java apps I ran for specific purposes, but it's not a common thing on the web anymore. flash has pretty much replaced it except in certain academic niches.

  • MrHoffman Level 6 (14,000 points)

    The Java update is offered through Software Update, same as usual. 


    If you're not being offered the download through Software Update, then you're either running OS X prior to 10.6, or you don't have Java loaded and don't need the patch. 


    OS X 10.7 doesn't include Java by default.  You have to download Java separately.


    If you want to fetch the Java download directly, it's available in the usual place.


    Here's the Java for OS X Lion 2012-002 kit (DL1515)


    I don't know if XProtect is aware of this malware (yet?), though its definitions were recently modified.  But if XProtect is not, then installing the Java update probably won't clean up an existing infestation.  Knowing how to detect an existing infestation can help, there.


    Alternatively (or in addition), consider whether you should shut off Java access in Safari and your other browsers, as was mentioned earlier.  If you don't need it, shut it off.


    And while you're updating your system, get the most recent Adobe Flash downloaded and installed directly from Adobe, as there are Adobe Flash Player security issues around, too.  (Or remove Adobe Flash Player entirely.)

  • Academyofrock Level 1 (0 points)

    Er, done that already - I did say in the question that I was looking for the preventative download, which was mentioned on the BBC News Website.  I already did the above and found I am OK, but I now wish to prevent the problem.

  • MrHoffman Level 6 (14,000 points)

    You have the "preventative" installed.  The Java fix is it. 


    That Java update does not AFAIK clean up an existing infestation.  Not sure about whether XProtect does that yet; that might.


    If you really want to prevent this stuff, then follow good practices


    My preferences: shut off Java in Safari.  Disable automatic opening of "safe" files.  And keep Flash Player either blocked, or offline. 


    As for details of the current infestation that are more detailed than the BBC article, there's an article over at MacWorld with some details.

  • Academyofrock Level 1 (0 points)

    Thank you Mr H!

  • amym.memorialstar Level 1 (5 points)

    Academyofrock, Go to the main menu of your computer (the apple symbol on the far right of the menu bar at tope of screen) and click "Software Updates."  Any available updates will display in a new window.  You can check or un-check any updates you'd like to perform now.  The Java update is among them. 

      I also like the "big button that says download" idea.  Sometimes they're there, and sometimes they're not.

  • Academyofrock Level 1 (0 points)

    Thanks for this - I switched from PC to Apple recently so I am somewhat of a novice, as demonstrated adequately by twtwtw