Antivirus Firms Release Free Tools for Cleaning Macs Infected by Flashback

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Apr 11, 2012.

  1. macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    Yesterday, Apple disclosed for the first time that it is working to develop a software tool to detect and remove the Flashback malware from infected machines. We also previously profiled Flashback Checker, a simple app designed to allow users to easily see if their Macs are infected but which provides no assistance with disinfection.

    While Apple works on its own official solution, other parties have continued to develop their own increasingly user-friendly tools for dealing with the threat and cleaning infected machines, with some of those tools making their way into the public's hands.

    Russian antivirus firm Kaspersky Lab, which has played a key role in monitoring and publicizing the threat of Flashback, yesterday announced the launch of a free web-based checker where users can simply input the hardware UUID of their Mac to see if it has registered on the firm's servers as an infected machine. The company has also released Flashfake Removal Tool, a free app that quickly and easily detects and removes the malware.

    [​IMG]


    Antivirus firm F-Secure has also announced its own free Flashback Removal app. The app generates a log file detailing whether it has found Flashback on a user's system, and if so quarantines it inside an encrypted ZIP file for disposal.

    F-Secure also points out that Apple has yet to offer any protection for users running systems earlier than Mac OS X Snow Leopard. Flashback uses a vulnerability in Java to install itself without user authorization, and Apple released software patches for Java on Lion and Snow Leopard last week to close that hole and prevent infection on updated systems. Machines running earlier versions of Mac OS X do, however, remain unprotected. Specifically, F-Secure notes that over 16% of Macs are still running Mac OS X 10.5 Leopard, marking a substantial user base that remains vulnerable to the threat.

    Update: Kaspersky Lab has informed MacRumors that the Flashfake Removal Tool has temporarily been pulled after the discovery that in some cases it could erroneously remove certain user settings. A fixed version of the tool will be posted as soon as it is available.

    Update 2: The patched version of the Flashfake Removal Tool is now available through the Kaspersky Lab site.

    Article Link: Antivirus Firms Release Free Tools for Cleaning Macs Infected by Flashback
     
  2. garylapointe, Apr 11, 2012
    Last edited: Apr 11, 2012

    macrumors 6502a

    garylapointe

    Joined:
    Feb 19, 2006
    Location:
    Dearborn (Detroit), MI, USA
    #2
    They should have a great big donate $1 button on it!

    The "solvers" of the biggest infection in Mac history. (Right?)

    Gary
     
  3. macrumors 68040

    Eric S.

    Joined:
    Feb 1, 2008
    Location:
    Santa Cruz Mountains, California
    #3
    I would guess that way over 16% of Macs are running a pre-Snow Leopard OS.
     
  4. macrumors 6502

    d4rkc4sm

    Joined:
    Apr 23, 2011
    #4
    'infected' suggests its a virus. thought macs didnt get viruses. haha
     
  5. macrumors 6502a

    garylapointe

    Joined:
    Feb 19, 2006
    Location:
    Dearborn (Detroit), MI, USA
    #5
    Yes, if 16% are running Leopard. Then everyone running pre-Leopard would certainly increase those numbers.

    Gary
     
  6. macrumors 65816

    Sedulous

    Joined:
    Dec 10, 2002
    #6
    I still don't believe the 600,000 figure.
     
  7. macrumors 6502a

    Kaibelf

    Joined:
    Apr 29, 2009
    Location:
    Chicago, IL
    #7
    I guess being too lazy and, frankly, cheap to spend that $29 seems pretty stupid now, doesn't it? :D
     
  8. macrumors 68040

    Eric S.

    Joined:
    Feb 1, 2008
    Location:
    Santa Cruz Mountains, California
    #8
    Well I would also guess that way over 16% of Macs are running Leopard.
     
  9. macrumors 68000

    GSPice

    Joined:
    Nov 24, 2008
    #9
    Gosh you must be on to something. I guess Mac users are all idiots.

    /sarcasm
     
  10. macrumors 6502

    Joined:
    Nov 2, 2010
    #10
    I assume you're being sarcastic. ... in which case, yes :rolleyes:.
     
  11. macrumors 6502a

    garylapointe

    Joined:
    Feb 19, 2006
    Location:
    Dearborn (Detroit), MI, USA
    #11
    I think technically it's malware, since it tricks the user into installing it. Viruses get in on their own.

    People infected with lead poisoning usually don't necessarily "catch" it, you might have accidentally ingested it.

    Gary
     
  12. macrumors G3

    Apple fanboy

    Joined:
    Feb 21, 2012
    Location:
    Behind the lens, UK
    #12
    Company offers free antivirus software? Is this not just a precursor to getting you to buy there antivirus software. Coming from a PC background I've always been suspicious that Norton and others have 1 department creating viruses whilst another creates antivirus software. Or am I just skeptical?
    Either way as I'm waiting to buy a new iMac I'm less than happy to hear about Mac viruses.
     
  13. macrumors newbie

    Joined:
    Nov 14, 2006
    #13
    damn apparently my computer was infected with this thing...
    any word on exactly what information this malware takes? i should probably change all my passwords shouldn't i?
     
  14. macrumors 6502a

    Ajones330

    Joined:
    Jul 9, 2008
    Location:
    SEC Country
    #14
    I checked and was not infected. I'm always skeptical about companies doing anything for free. What's the catch with Kaspersky?:rolleyes:
     
  15. macrumors 65816

    Joined:
    Jan 3, 2011
    #15
    should we use this removal tool to check. or should we just wait for apple to provide a tool to check and remove?
     
  16. macrumors 68000

    definitive

    Joined:
    Aug 4, 2008
    #16
    whose scanner did you run?
     
  17. macrumors 6502

    Joined:
    Jun 21, 2011
    #17
    MMmyes. Just give us UUID and we check if you infected. Soon, a pyop up wyndow will appyear. Click yyes, and pretty soon, infection will happen, uhm I mean will be checked! Don't worry about all those connections in nyetstat pointing to warez locations. This is the infection removal process and it pyerfectly nyormal.
     
  18. macrumors 68020

    jayducharme

    Joined:
    Jun 22, 2006
    Location:
    The thick of it
    #18
    Interesting that these tools are appearing after Apple announced that a fix of their own is coming....
     
  19. macrumors 6502a

    Dillenger

    Joined:
    Mar 23, 2006
    Location:
    Central, Illinois
    #19
    I think in time they will try to get you to open your walletsky so you can spend some of your moneysky on their Mac anti-virusky.
     
  20. macrumors newbie

    Joined:
    Apr 10, 2012
    #20
    Kaspersky Lab web page is bogus

    A few days ago I did the Terminal commands that F-Secure posted for checking for Flashback trojan (http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml). Redid it today and both times came up negative.

    I downloaded and used an app to do the same (https://github.com/jils/FlashbackChecker/wiki) and also the F-Secure Flashback Removal app. They both also came up negative.

    I used the web-based checker in this article, put in the hardware UUID of my Mac and surprise, surprise, it came up positive.

    I would have thought that MacRumours would've tested them and saw that the Kaspersky Lab web page is bogus!!!!
     
  21. macrumors regular

    Joined:
    Apr 2, 2009
    #21
    Well, there's my answer. :rolleyes:
     
  22. macrumors newbie

    Joined:
    Nov 14, 2006
    #22
    i used the Kaspersky one. but huh comments above do indeed make this look suspicious.
     
  23. macrumors G4

    Rodimus Prime

    Joined:
    Oct 9, 2006
    #23
    bingo.

    Plus I would like to note removing an infection after it happen is just a band-aid fix. Damage was already done and some of these lovely little trogans will make themselves near impossible to remove by killing or stopping the fix from even running.

    I have noticed the time between infection on OSX has been dropping pretty steady and it will not be long before running AV software on OSX will be a near must have much like it is in the windows world.
     
  24. macrumors regular

    ILOVEMYMBP2.2g

    Joined:
    Jun 23, 2007
    #24
    Fishy

    I used this and it said it removed it and then when I restarted my mac i ran the web checker again and it said I still had it? hmmmmmm

    Please someone verify if this is some sort or bad thing or not?
     
  25. macrumors 6502a

    Joined:
    Dec 12, 2010
    #25
    all my macs were clean...:D
     

Share This Page