9 Replies Latest reply: Apr 13, 2012 9:18 AM by The hatter
BobbieW Level 1 (0 points)

I'm sure this is posted somewhere but is there a download to get rid of this virus?  Pretty sure I have it on my Mac.  While on Safari, it will quit unexpectedly due to .FIFANo.so plugin.


Thanks for the help



Mac Pro, Mac OS X (10.6.8)
  • The hatter Level 9 (60,930 points)

    If you .... look on the right hand side: there are 5 "More like this"


    Also, threads just below yours.



  • BobbieW Level 1 (0 points)

    Thanks, yeah I saw that.  Just wondering if this problem is a result of the virus or trojan or another common or recent problem.


    I am reading through those now.

  • Linc Davis Level 10 (192,674 points)

    You’ve been infected with a variant of what’s commonly called the “Flashback” or “Fakeflash” malware, although the names are obsolete. See this Apple support document:


    About Flashback malware


    If you’re certain you know when the infection took place, and you back up with Time Machine or something similar, you can save yourself a lot of time by restoring your whole system from the most recent snapshot taken before it was infected. Then take Steps 6, 7, and 9 below.


    How can you tell when the infection took place? All you can be sure of is that it was some time before the problems started.


    If you don’t know when you were infected, there may be no easy, reliable way to remove the malware, because it's constantly changing.


    I suggest you take the following steps:


    Back up all data, if you haven't already done so.


    Run the removal tool distributed by F-Secure:


    Flashback Removal Tool


    If the tool fails to clear the infection, or if you're unable to log in after running it, proceed as follows.


    1. Boot from your recovery partition (if running Mac OS X 10.7 or later) or your installation disc (if running an earlier version of the Mac OS), launch Disk Utility, and erase the startup volume. This action will destroy all data on the volume, so you must be sure of your backups.


    2. Reconnect to the Internet and install the Mac OS.


    3. Reboot and go through the initial setup process to create an account with the same name as your old one. Don’t import anything from your backups at this stage.


    4. If running Mac OS X 10.6.x or earlier, run Software Update. You may have to run it more than once to fully update your system.


    5. Restore the contents of the top-level subfolders of your home folder except “Library” from the most recent backup. The Library folder may contain components of the malware. This is where restoring becomes difficult, and I can only give general guidelines.


    Of the top-level subfolders of Library that are visible in the Finder, I think it’s safe to restore the following, which contain most of the data you’d want to keep:











    Mail (except Mail/Bundles)

    Safari (except Safari/Extensions)


    The following are not safe to restore, at least not in full:


    Application Support

    Internet Plug-Ins




    If you have Time Machine snapshots of these folders that you’re sure are older than the infection, you can restore from one of those snapshots.


    Folders not mentioned above may or may not be safe. If in doubt, don’t restore them. Don’t restore any hidden files or folders, no matter where they are. Hidden files should be considered suspicious.


    6. If you’re running Mac OS X 10.5.8 or earlier, launch Safari and select Safari Preferences… Security from the menu bar. Uncheck the box labeled Enable Java. Because of known bugs, Java in those OS versions is unsafe to use on the Internet. (Note: I’m not referring to JavaScript, which is unrelated to Java, despite the similar names.) If you’re running Mac OS 10.6.8 or later, you should still disable the Java web plugin unless you really need it. Few websites have legitimate Java content nowadays. If you encounter one that does, enable Java temporarily.


    7. Change every Internet password you have, starting with banking passwords. Check all financial accounts for unauthorized transactions. Take this step only after you’ve secured your system in the preceding steps, not before.


    8. Reinstall your third-party software from fresh downloads or original media, not from backups which may be contaminated.


    9. If you use any third-party web browsers, disable Java in their preferences. As with step 6, this step is mandatory if you’re running any version of Mac OS X older than 10.6. Otherwise it’s optional, but recommended.

  • Grant Bennet-Alder Level 9 (56,674 points)

    Apple software Update for 10.6 and 10.7, posted today, updates Java again and removes some variants of Flashback virus.

  • Linc Davis Level 10 (192,674 points)

    Run the latest Java update released today instead of the F-Secure tool.

  • MadMacs0 Level 5 (4,722 points)


    Linc Davis wrote:


    Run the latest Java update released today instead of the F-Secure tool.

    And report the results please.

  • BobbieW Level 1 (0 points)

    Thanks for the help everyone.  I'm a graphic artist with tons of hardware connected to my computer and thousands of files, so cleaning the system or re-installing the OS is somewhere I don't want to go again... did that in the fall and still recovering. 


    I did talk with the support team from Apple and as we were talking he got a memo that they released a Java update (yesterday) that would clear the Flashback malware.  I also downloaded ClamXAV from the App Store at his recommendation.  It's free and has the best ratings of all the anti-virus software.


    I've been leary of the Java web plugin anyway so I'll take your suggestion and disable that.


    Everything seems to be back to normal today, so far so good.

  • The hatter Level 9 (60,930 points)

    >   I'm a graphic artist with tons of hardware connected to my computer and thousands of files, so cleaning the system or re-installing the OS is somewhere I don't want to go


    You should always have bootable clone of your system. From before the virus or whatever disaster. Another idea is to keep the system and data separate so you have a dedicated OS/Apps boot drive. There really are ways to never have to reinstall, ever, again - maybe apply an update or changes to the operating system between the backup image was made and restored. And yes you can make a system fit on 120-240GB SSD, or use just the outer 350GB even of a 2TB eneterprise drive (for performance).


    Virus can be a special case: even cleaning can be next to impossible.


    Kaspersky pulled their tool for this virus due to some problems and issues, a company that is generally well regarded and was on the forefront of this outbreak. And people using their tool obviously need backups that were clean and untouched.


    Restore from sparse disk image is also a good method. And does not take that long - to create, or to restore.


    Cloning with SSDs is special, not all programs have mastered partition alignment properly but they are such a great device for system performance worth investing in one or more (and now there are PCIe controllers with 400-1000GB of SSD to help graphics and photographers.