So many viruses, bugs, exploits and trojans made exclusively for windows.
Suddenly a Russian site announced that 600.000 Mac Computers are infected with the Flashback Trojan Horse. This came as an alarming signal to the Mac community which was till this announcement sure about its computer safety. No antivirus software, no worries?
So how do you know if your shiny Macbook Pro or your designers iMac is infested with malware? How do you get rid of the malware and give back the lost pride to your expensive Mac?
The Russian antivirus making company Dr.Web made the announcement and said that the trojan horse is attached to your Mac when you visit malware sites. This trojan horse connects your beloved Mac to a botnet, giving access to the bad guys and making you a possible accomplish to their evil dids. The most awesome detail? Apple itself as a company is housing 24 Macs that are possibly infected. (I hope they know it).
Most of the victims are based in the United States and some more in Canada.
If you live in Europe an infection is unlikely but not impossible.
The trojan uses a vulnerability of the java software suite, which for those running the OS X 10.7 Lion is not installed with the operating system, only if the user has it installed on his own. Of course the older versions of the java suite are installed with the operating!
So for those who run with Lion there is no reason to enter the process and to do the steps we mention, yourself unless you installed the java suite.
However, Apple pulled the patch to correct this vulnerability ..
These are the steps I found on the page of F – Secure and provide to you:
Note: These steps are for advanced users and relatively dangerous, so if you do not know, seek help from a specialist.
Instructions for manual removal of the trojan:
1. Run the following command in Terminal (Terminal) without the “”:
“defaults read / Applications / Safari.app / Contents / Info LSEnvironment”
2. View value DYLD_INSERT_LiBRARIES
3. Proceed to Step 8 If you are presented with the following message:
“The domain / default pair of (/ Applications / Safari.app / Contents / Info, LSEnvironment) does not exist”
4. Otherwise, run the following command in the terminal without the “”:
“Grep-a-o ‘__ldpath__ [- ~] *’% path_obtained_in_step2%”
5. See the value after the “__ldpath__”
6. Run the following commands in terminal (first make sure that there is only one parameter (or number) in step 2).
sudo defaults delete / Applications / Safari.app / Contents / Info LSEnvironment
sudo chmod 644 / Applications / Safari.app / Contents / Info.plist
7. Delete the files presented to you in steps 2 and 5!
8. Run the following command in the Terminal:
defaults read ~ / .MacOSX / environment DYLD_INSERT_LIBRARIES
9. See the result. If you get this message then your system is clean:
“The domain / default pair of (/ Users / joe / .MacOSX / environment, DYLD_INSERT_LIBRARIES) does not exist”
10. Otherwise, run the following command:
grep-a-o ‘__ldpath__ [- ~] *’% path_obtained_in_step9%
11. See what gives you the following “__ldpath__”
12. Run the following commands:
defaults delete ~ / .MacOSX / environment DYLD_INSERT_LIBRARIES
launchctl unsetenv DYLD_INSERT_LIBRARIES
13. Delete the files presented to you in the steps 9 and 11.
Worth mentioning is to say that the trojan scans at first to find the following paths if it finds them, it deletes itself:
/ Library / Little Snitch
/ Developer / Applications / Xcode.app / Contents / MacOS / Xcode
/ Applications / VirusBarrier X6.app
/ Applications / iAntiVirus / iAntiVirus.app
/ Applications / avast!. App
/ Applications / ClamXav.app
/ Applications / HTTPScoop.app
/ Applications / Packet Peeper.app