Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Status
Not open for further replies.

turbobass

macrumors 6502
Original poster
Old news but apparently still growing...caused by an exploit in un-patched Java...

Be careful out there- http://arstechnica.com/apple/news/2...controls-half-a-million-macs-and-counting.ars

Manual disinfection instructions (http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml)


Code:
Disinfection

Manual Removal Instructions

1. Run the following command in Terminal: 

defaults read /Applications/Safari.app/Contents/Info LSEnvironment 

2. Take note of the value, DYLD_INSERT_LIBRARIES
3. Proceed to step 8 if you got the following error message:

"The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist" 

4. Otherwise, run the following command in Terminal: 

grep -a -o '__ldpath__[ -~]*' %path_obtained_in_step2% 

5. Take note of the value after "__ldpath__"
6. Run the following commands in Terminal (first make sure there is only one entry, from step 2): 

sudo defaults delete /Applications/Safari.app/Contents/Info LSEnvironment 

sudo chmod 644 /Applications/Safari.app/Contents/Info.plist 

7. Delete the files obtained in steps 2 and 5
8. Run the following command in Terminal: 

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES 

9. Take note of the result. Your system is already clean of this variant if you got an error message similar to the following: 

"The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist" 

10. Otherwise, run the following command in Terminal: 

grep -a -o '__ldpath__[ -~]*' %path_obtained_in_step9% 

11. Take note of the value after "__ldpath__"
12. Run the following commands in Terminal: 

defaults delete ~/.MacOSX/environment DYLD_INSERT_LIBRARIES 

launchctl unsetenv DYLD_INSERT_LIBRARIES 

13. Finally, delete the files obtained in steps 9 and 11.
 
Status
Not open for further replies.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.