How to find and get rid of the trojan Flashback from Mac OSX!

· Freelance IT

So many viruses, bugs, exploits and trojans made exclusively for windows.
Suddenly a Russian site announced that 600.000 Mac Computers are infected with the Flashback Trojan Horse. This came as an alarming signal to the Mac community which was till this announcement sure about its computer safety. No antivirus software, no worries?
So how do you know if your shiny Macbook Pro or your designers iMac is infested with malware? How do you get rid of the malware and give back the lost pride to your expensive Mac?

The Russian antivirus making company Dr.Web made the announcement and said that the trojan horse is attached to your Mac when you visit malware sites. This trojan horse connects your beloved Mac to a botnet, giving access to the bad guys and making you a possible accomplish to their evil dids. The most awesome detail? Apple itself as a company is housing 24 Macs that are possibly infected. (I hope they know it).
Most of the victims are based in the United States and some more in Canada.
If you live in Europe an infection is unlikely but not impossible.

The trojan uses a vulnerability of the java software suite, which for those running the OS X 10.7 Lion is not installed with the operating system, only if the user has it installed on his own. Of course the older versions of the java suite are installed with the operating!

So for those who run with Lion there is no reason to enter the process and to do the steps we mention, yourself unless you installed the java suite.

However, Apple pulled the patch to correct this vulnerability ..

These are the steps I found on the page of F – Secure and provide to you:

Note: These steps are for advanced users and relatively dangerous, so if you do not know, seek help from a specialist.

Instructions for manual removal of the trojan:

1. Run the following command in Terminal (Terminal) without the “”:

“defaults read / Applications / Safari.app / Contents / Info LSEnvironment”

2. View value DYLD_INSERT_LiBRARIES

3. Proceed to Step 8 If you are presented with the following message:

“The domain / default pair of (/ Applications / Safari.app / Contents / Info, LSEnvironment) does not exist”

4. Otherwise, run the following command in the terminal without the “”:

“Grep-a-o ‘__ldpath__ [- ~] *’% path_obtained_in_step2%”

5. See the value after the “__ldpath__”

6. Run the following commands in terminal (first make sure that there is only one parameter (or number) in step 2).

sudo defaults delete / Applications / Safari.app / Contents / Info LSEnvironment

sudo chmod 644 / Applications / Safari.app / Contents / Info.plist

7. Delete the files presented to you in steps 2 and 5!

8. Run the following command in the Terminal:

defaults read ~ / .MacOSX / environment DYLD_INSERT_LIBRARIES

9. See the result. If you get this message then your system is clean:

“The domain / default pair of (/ Users / joe / .MacOSX / environment, DYLD_INSERT_LIBRARIES) does not exist”

10. Otherwise, run the following command:

grep-a-o ‘__ldpath__ [- ~] *’% path_obtained_in_step9%

11. See what gives you the following “__ldpath__”

12. Run the following commands:

defaults delete ~ / .MacOSX / environment DYLD_INSERT_LIBRARIES

launchctl unsetenv DYLD_INSERT_LIBRARIES

13. Delete the files presented to you in the steps 9 and 11.

(Source = http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml)

Worth mentioning is to say that the trojan scans at first to find the following paths if it finds them, it deletes itself:

/ Library / Little Snitch
/ Developer / Applications / Xcode.app / Contents / MacOS / Xcode
/ Applications / VirusBarrier X6.app
/ Applications / iAntiVirus / iAntiVirus.app
/ Applications / avast!. App
/ Applications / ClamXav.app
/ Applications / HTTPScoop.app
/ Applications / Packet Peeper.app

If you find the above method too difficult to comprehend, you should consider hiring a freelancing professional administrator or freelancing security expert.

3 Comments

Comments RSS
  1. click here

    Hi there! I understand this is kind of off-topic but I had to ask. Does running a well-established blog such as yours take a massive amount work? I’m brand new to operating a blog but I do write in my diary every day. I’d like to start a blog so I can easily share my experience and views online. Please let me know if you have any recommendations or tips for new aspiring bloggers. Appreciate it!

  2. quick healthy meals

    Its such as you learn my mind! You appear to understand a lot about this, like you wrote the guide in it or something. I believe that you simply could do with some p.c. to power the message home a little bit, however instead of that, that is magnificent blog. An excellent read. I will certainly be back.

  3. hey there and thank you to your information ? I’ve definitely picked up something new from proper here. I did alternatively expertise several technical issues using this site, as I skilled to reload the web site many occasions previous to I may get it to load properly. I have been puzzling over if your web hosting is OK? No longer that I’m complaining, but sluggish loading instances occasions will often affect your placement in google and could damage your high quality rating if ads and marketing with Adwords. Well I am including this RSS to my e-mail and can glance out for much extra of your respective intriguing content. Ensure that you update this again soon..

Leave a Reply :-) *_* (-:

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: