-
All replies
-
Helpful answers
-
May 12, 2012 1:16 PM in response to cmrguitar504by BDAqua,Hmmm, are you running 10.6.8 or later & installed the Security updates?
Java was an attack vector for FlashBack.
Disable Java in your Browser settings, not JavaScript.
http://support.apple.com/kb/HT5241?viewlocale=en_US
http://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=142064
http://support.mozilla.org/en-US/kb/How%20to%20turn%20off%20Java%20applets
Flashback - Detect and remove the uprising Mac OS X Trojan...
http://www.mac-and-i.net/2012/04/flashback-detect-and-remove-uprising.html
In order to avoid detection, the installer will first look for the presence of some antivirus tools and other utilities that might be present on a power user's system, which according to F-Secure include the following:
/Library/Little Snitch
/Developer/Applications/Xcode.app/Contents/MacOS/Xcode
/Applications/VirusBarrier X6.app
/Applications/iAntiVirus/iAntiVirus.app
/Applications/avast!.app
/Applications/ClamXav.app
/Applications/HTTPScoop.app
/Applications/Packet Peeper.app
If these tools are found, then the malware deletes itself in an attempt to prevent detection by those who have the means and capability to do so. Many malware programs use this behavior, as was seen in others such as the Tsunami malware bot.
http://reviews.cnet.com/8301-13727_7-57410096-263/how-to-remove-the-flashback-ma lware-from-os-x/
http://x704.net/bbs/viewtopic.php?f=8&t=5844&p=70660#p70660
The most current flashback removal instructions are F-Secure's Trojan-Downloader:OSX/Flashback.K.
https://www.securelist.com/en/blog/208193454/Flashfake_Removal_Tool_and_online_c hecking_site
More bad news...
-
May 12, 2012 1:49 PM in response to BDAquaby cmrguitar504,Thank you for the response! I am running 10.7.3 and am currently installing a recent Mac OS X software update.
I read through those links and followed the steps to detect infection. As far as I can tell, my computer is not infected with Flashback. I even ran the F-Secure automatic tool and it also determined my computer was clean.
Hopefully the software update I'm currently installing will fix it. Do you have any other suggestions? Thanks again!
-
May 12, 2012 2:28 PM in response to cmrguitar504by BDAqua,I can't imagine why Java is running, but might try...
Little Snitch, stops/alerts outgoing stuff...
-
May 12, 2012 2:29 PM in response to cmrguitar504by Linc Davis,Apple menu > System Preferences > Security & Privacy > Firewall: off
-
May 12, 2012 4:51 PM in response to cmrguitar504by MadMacs0,cmrguitar504 wrote:
What is this!?
5/12/12 2:18:57.550 PM Firewall: java is listening from ::ffff:0.0.0.0:0 proto=6
This command will help narrow down the Applications that use Java...
find /Applications -type d -name *.app -prune -exec sh -c 'ls -R "$1" | grep -q \.jar\$' {} {} \; -print
-
Jul 29, 2013 10:31 AM in response to cmrguitar504by Joe Yooper,Does anyone with this problem by chance have cac reader software installed? I never saw this disappearing window on my mac until a trip to AKO for the software.