Apple Event: May 7th at 7 am PT
so my question is what do i do if i find that my mac was infected with the recent version of the flashback malware using avast anti-virus protection. but when i downloaded and installed apples flashback malware remover tool i did not receive any notification that my mac was infected all. ps i will be rerunning the scan again using avira anti-virus for mac, due to the fact that avast is confusing to use.
MacBook Pro (13-inch Mid 2010), Mac OS X (10.7.5)
so after trying the terminal option and copying and pasting what u told me to this is what the terminal looked like what do i do about this?
Cory-Frankss-MacBook-Pro:~ coryfranks$ rm -f /Library/Application\ Support/Apple/.SafariArchive.tar.gz
rm: /Library/Application Support/Apple/.SafariArchive.tar.gz: Permission denied
Cory-Frankss-MacBook-Pro:~ coryfranks$
Sorry, it worked for me, so I must have given myself some custom permissions to the Library at some point.
Use this command, instead:
sudo rm -f /Library/Application\ Support/Apple/.SafariArchive.tar.gz
followed by the return key. When it asks for a password, enter your admin password (you won't see any typing) and hit return. It will probably give you a dire warning about sudo but then do what it's told.
ok, hopefully ur not gonna mess up my macbook pro lol XD jk
is it bad that i didnt get a warning for anything about sudo
Ps it would only let my copy and paste what my terminal looked like as a link so dont click it
rm: r/Library/Application Support/Apple/.SafariArchive.tar.gz: Permission denied
thermitefist wrote:
is it bad that i didnt get a warning for anything about sudo
No, I think it only does that the first time you use it, so it must be something you used before.
Looks like you got it this time.
Now back to "/Applications/Safari.app/Contents/Resources/.MacareanOfTime.xsl"
I'm not really clear on where this entered your findings. I haven't seen this exact file name before, but the way Flashback worked, it used randomly named files. I can track the name to some legitimate software (XMLSpy) that doesn't appear to be browser related at all, but the period in front of it makes it invisible, which is Flashback's MOA and why you are unable to see it.
Again, I would have expected either the Apple or the F-Secure tools to have taken care of it, but they may rely on another file to give them the name of it, so if that other file isn't there they would not know exactly what to look for. Do you think it may still be there?
ok cool. and idk im running another sophos scan of my local hard drives, so see if its still there, but the "/Application/Safari.app/Contents/Resources/.MacarenaOfTime.xsl" was the original file that it corrupted then it moved to the other file and pathway that i posted.
Ps everytime i write MacarenaOfTime it makes me think of Zelda lol XD
Flashback malware.....
