HT202456: About Flashback malware removal tool

Learn about About Flashback malware removal tool
zp1234

Q: How to use the FlashBack Tool?

I can not access so many websites because it keeps on going to the fake FlashPlayer update page. I have tried everything from deleting my old flash and downloading the original one, updating my software on my computer, downloading the FlashBack removal tool, but it just does not work. I downloaded the tool, opened it and installed it and it literally does nothing and the FlashBack update keeps on coming. I even restarted my laptop, but nothing is happening.

MacBook Pro, OS X Yosemite (10.10.3)

Posted on Jun 28, 2015 1:38 AM

Close

Q: How to use the FlashBack Tool?

  • All replies
  • Helpful answers

  • by greg sahli,

    greg sahli greg sahli Jun 28, 2015 5:28 AM in response to zp1234
    Level 7 (25,395 points)
    Jun 28, 2015 5:28 AM in response to zp1234
  • by Linc Davis,

    Linc Davis Linc Davis Jun 28, 2015 9:19 AM in response to zp1234
    Level 10 (207,963 points)
    Applications
    Jun 28, 2015 9:19 AM in response to zp1234

    This is not Flashback.

    If you get the alerts when visiting more than one well-known website, such as Google, YouTube, or Facebook, then they may be the result of an attack on your router that has caused you to get false results from looking up the addresses of Internet servers. Requests sent to those sites are redirected to a server controlled by the attacker. It's possible, but less likely, that the DNS server used by your ISP has been attacked.

    Back up all data.

    Unlock the Network preference pane, if necessary, by clicking the lock icon in the lower left corner and entering your password. Cllck Advanced, open the DNS tab, and change the server addresses to the following:

              8.8.8.8

              8.8.4.4

    That's Google DNS. Click OK, then Apply.

    In Safari, select

              Safari ▹ Preferences... Privacy Remove All Website Data

    and confirm. If you’re using another browser, empty the cache. Test. If the fake update alerts stop, see below. Otherwise, ask for instructions.

    The router's documentation should tell you how to reset it to the factory default state. Usually there's a pinhole switch somewhere in the back. It may be labeled "RESET." Insert the end of a straightened paper clip or a similar tool and press the button inside for perhaps 15 seconds, or as long as the instructions specify.

    After resetting the router, quit the web browser and relaunch it while holding down the shift key. From the Safari menu bar, select

              Safari Preferences... Privacy Remove All Website Data

    and confirm. Do the equivalent if you use another browser. Open the Downloads folder and delete anything you don't recognize.

    Then go through the router's initial setup procedure. I can't be specific, because it's different for every model. The key points are these:

    1. Don't allow the router to be administered from the WAN (Internet) port, if it has that option. Most do.

    2. Set a strong password to protect the router's settings: at least ten random upper- and lower-case letters and digits. Don't use the default password or any other that could be guessed. Save the password in your keychain. Any password that you can remember is weak.

    3. If the router is wireless, or if you have a wireless access point on the network, use "WPA 2 Personal" security and set a different strong password to protect the network. If the router or access point doesn't support WPA 2, it's obsolete and must be replaced.

    During the time the router was compromised, you were redirected to bogus websites. If you ever connected to a secure site and got a warning from your browser that the identity of the server could not be verified, and you dismissed that warning in order to log in, assume that your credentials for the site have been stolen and that the attacker has control of the account. This warning also applies to all websites on which you saw the fake update alerts.

    Check the router manufacturer's website for a firmware update.

    If you downloaded and installed what you thought was a software update, ask for instructions.