I too was lucky to to avoid infection and found the process to check very uncomplicated. Here are the instructions: Disinfection Manual Removal Caution: Manual disinfection is a risky process; it is recommended only for advanced users. Otherwise, please seek professional technical assistance. F-Secure customers may also contact our Support.
Manual Removal Instructions 1. Run the following command in Terminal: defaults read /Applications/Safari.app/Contents/Info LSEnvironment 2. Take note of the value, DYLD_INSERT_LIBRARIES 3. Proceed to step 8 if you got the following error message: "The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist" 4. Otherwise, run the following command in Terminal: grep -a -o '__ldpath__[ -~]*' %path_obtained_in_step2% 5. Take note of the value after "__ldpath__" 6. Run the following commands in Terminal (first make sure there is only one entry, from step 2): sudo defaults delete /Applications/Safari.app/Contents/Info LSEnvironment sudo chmod 644 /Applications/Safari.app/Contents/Info.plist 7. Delete the files obtained in steps 2 and 5 8. Run the following command in Terminal: defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES 9. Take note of the result. Your system is already clean of this variant if you got an error message similar to the following: "The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist" 10. Otherwise, run the following command in Terminal: grep -a -o '__ldpath__[ -~]*' %path_obtained_in_step9% 11. Take note of the value after "__ldpath__" 12. Run the following commands in Terminal: defaults delete ~/.MacOSX/environment DYLD_INSERT_LIBRARIES launchctl unsetenv DYLD_INSERT_LIBRARIES 13. Finally, delete the files obtained in steps 9 and 11. Note: Some Flashback variants include additional components, which require additional steps to remove. Please refer to ourTrojan-Downloader:OSX/Flashback.K description for additional information and removal instructions. Aloha, Charlie Our new book "YOU MIGHT BE A MORON" is on sale at www.giantdolphin.com click the off the bookshelf link On Apr 5, 2012, at 6:14 PM, Eric Oyen <eric.o...@gmail.com> wrote: > complicated? > > I found the directions over at F-Prot to be very uncomplicated. btw, I was > not infected, but a room mate was. > > Sophos for OS X is pretty accessible (except for the system tray icon that > sits left of the apple scripts icon. I can't seem to gain access to that (or > soundflower for that matter). > > -eric > > On Apr 5, 2012, at 9:05 PM, Ray Foret Jr wrote: > >> Doubtless, by now, y'all have heard of the Flash Back Trojan and the fact >> that 6000 Macs were most likely infected by this thing! I found that the >> removal process for this bugger is quite complex and is done mainly from >> terminal. >> >> All I can tell you here is that you type in the following code in to >> terminal to see if you're infected: >> >> defaults read /Applications/Safari.app/Contents/Info LSEnvironment defaults >> read /Applications/Firefox.app/Contents/Info LSEnvironment defaults read >> ~/.MacOSX/environment DYLD_INSERT_LIBRARIES >> >> IF you get back the message saying that the default pairs does not exist or >> something like that, you are not infected. This nasty virus desgizes itself >> in the form of an update to the Adobe flash player. this hit me the other >> day and so I decided I'd better check to see if I was infected. so far, I >> appear not to be. In light of this, does anybody know of a good anti virus >> app for the Mac which is very accessible? >> >> Sincerely, >> The Constantly Barefooted Ray!!! >> >> Now a very proud and happy Mac user!!! >> >> Skype name: >> barefootedray >> >> Facebook: >> facebook.com/ray.foretjr.1 >> >> >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "MacVisionaries" group. >> To post to this group, send email to macvisionaries@googlegroups.com. >> To unsubscribe from this group, send email to >> macvisionaries+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/macvisionaries?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "MacVisionaries" group. > To post to this group, send email to macvisionaries@googlegroups.com. > To unsubscribe from this group, send email to > macvisionaries+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/macvisionaries?hl=en. > -- You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To post to this group, send email to macvisionaries@googlegroups.com. To unsubscribe from this group, send email to macvisionaries+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/macvisionaries?hl=en.
