Could I still have Flashback if everything comes back negative?

Question

Level 1

0 points

Could I still have Flashback if everything comes back negative?

My university emailed me saying they detected Flashback on my Mac and that they were taking my network priveliges away until I wiped my hard drive and reinstalled the OS. I immediately got on Terminal and inputted the lines of code:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

Both came back saying the file did not exist. I then ran FlashbackChecker for good measure. It said I was not infected.

I let my university know this, asking what caused the alarm. They said they have more advanced technology that can pick up malware I can't locally (I pasted part of the email they sent below). Is this true?

Could I still have Flashback if everything I did came back negative? Is wiping my computer really the only option?

"Because our systems detected that your computer was infected with Flashback and the problem with many malicious

programs like this is that they often are not detected with conventional scans on the computer. The way [university] systems

detect and track outbreaks like this is far more advanced than scans run on a local machine so they can often detect

programs while local scans do not"

Posted on Apr 13, 2012 9:15 AM

Reply

Answer 1

Exsiss Author

Level 1

0 points

Apr 18, 2012 1:54 PM in response to Exsiss

I'm not really sure what happened, but after doing the newest software update, its gone. Not sure if the update wasn't successful when I did it a few days ago or if this is a newer update that solved the problem that the first update wasn't able to solve. Thank you everyone for your help!

Reply

Answer 2

MadMacs0

Level 5

5,221 points

Apr 18, 2012 2:17 PM in response to Exsiss

Exsiss wrote:

I'm not really sure what happened, but after doing the newest software update, its gone.

Did you see my last two posts from yesterday? I believe you still have one more file aboard. It's not dangerous and only takes up a fraction of your login time to post an error in the log, but it will tell you when you were infected and it doesn't need to be there.

Reply

Answer 3

MadMacs0

Level 5

5,221 points

Apr 19, 2012 12:32 AM in response to Exsiss

Exsiss wrote:

I'm not really sure what happened, but after doing the newest software update, its gone.

Sorry to keep bugging you about this, but you are the first user that was proven to have been still infected after the latest update, so I wanted to make sure that Apple got feedback if the update did not work properly.

What I think I am hearing now is that you ran a Java update a few days ago, but had not yet run that latest one which contained the Malware Removal Tool, is that correct?

You can refresh your memory by opening System Preferences->Software Update->Installed Updates tab and it will tell you the date/time you installed each update and version.

My guess is the first update was Java for OS X Lion 2012-002 and the one you just ran was Java for OS X Lion 2012-003. If that is correct then everything is as it should be and you should be clean going forward. If my assumptions are incorrect please let me know so that I can get accurate information fed back to Apple on this.

One last word of caution, in case you were ever fully infected and had privacy information harvested from your computer. Watch all your financial institutions carefully for unauthorized transactions. I've only heard of one user who complained of Credit Card fraud immediately after being infected, but you never know. Also change all of your internet passwords (especially financially related ones) for all the sites visited since the date of infection, if you were ever able to figure that out. If you use the same password for other sites, change them, as well.

Reply