Previous 1 2 Next 18 Replies Latest reply: Apr 10, 2012 7:03 PM by Topher Kessler Go to original post Branched to a new discussion.
  • NightNinjaPDX Level 2 Level 2

    Sweet, thank you so much!!!!!

  • Linc Davis Level 10 Level 10

    That tool doesn't detect all variant of the malware.

  • Topher Kessler Level 6 Level 6

    Linc Davis is mistaken here, both about the commands and frankly about CNET. CNET used to only cover tech news, but now hosts MacFixIt and contains a plethora of technical details and fixes for OS X.


    With regard to those commands, they will detect the final infection of the malware (all known variants, from the first through to the latest) that uploads files to remote servers. This is the truly harmful component that steals personal ifnormation, and there are two ways that it has been known to infect systems, which are the following (these are the same infection routes covered in the instructions by F-Secure and others):


    Way 1:

    The malware injects a variable into individual programs (Safari and Firefox being the known applications so far) that launch the malware when these programs are run. The first two commands you listed will detect this in the applications targeted by the malware.


    Way 2:

    The malware injects code into an file within the user account and then sets the user's launch enviornment to run the malware whenever an application is loaded. The last command checks for this.


    The only aspect that these commands do not detect is the initial part of the infection, which is the trojan downloader; however, the rest of the CNET article on detecting and removing this malware does cover this quite thoroughly: lware-from-os-x/?tag=txt;title


    Ultimately, the malware may (and likely will) morph into new variants even as we speak, so any instruction you currently find may be outdated sooner or later; however, for now this instruction will detect the known variants of the malware and let you know whether or not your system is infected and potentially uploading files to remote servers.

Previous 1 2 Next