Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Releases Flashback Removal Tool for Macs Running OS X Lion without Java

Chlloret said:
If you read your post with a little bit of distance, you will see that most of it is incomprehensable to the regular user.
Click to expand...

Yes, the "getting started - back up your files" dialog is incomprehensible. :rolleyes:

(attached)


Chlloret said:
What ist Windows server 2011?
Click to expand...

"Windows Home Server 2011" (WHS) is a multiple-client backup (and other) server for home networks. In this context, its backup features are for the most part much more powerful and flexible than Time Capsule, although the novice user simply opens a web page on the server, and it runs the "Add Client Computer" wizard. Click "OK" on three or four dialogs and the default backup schedule is set. An example of a pre-built WHS system is http://www.wegotserved.com/2012/03/05/hands-tranquil-pc-riley-server/

I should have compared WHS to the Time Capsule, sorry for the confusion.
___________________

If you want to see a very amusing 3min clip about a Mac user clueless about backup, see My Motherboard, My Self (Sex and the City - Season 4, Episode 8).
 

Attachments

  • untitled1.jpg
    untitled1.jpg
    95.9 KB · Views: 89
Last edited:
drewcosten said:
Weird situation here. I don't have either of those files on my Mac that I can find (checked both the /Library and ~/Library (on both my account and my wife's account) just to be safe). Neither of those files are there, but something odd just happened. I'd noticed that Air Video Server was no longer running so I checked the Login Items on my wife's account (she's normally the one logged in, I normally just use my iPad) to see if it was still there and saw what I think was PubSabAgent with a yellow triangle alert next to it. I closed System Peferences to double check for those files and when I returned the PubSabAgent seemed to no longer be in Login Items, but now ScreenCapture was there. It could be something to do with having once had AirDisplay running on my account (though why it would show up on her account is beyond me), but I removed it from Login Items to be safe.

Any thoughts from anyone?
Click to expand...

I would highly recommend that you install the "Little Snitch" app, which runs in a demo mode free for 3 hours, then you can restart it as many times as necessary. That way you can see what program(s) are trying to send data out on your Internet connection from your Mac. That is how I found "lurking" parts of the Flashback trojan, even after I had removed it per F-Secure's Terminal instructions. Also, run the Apple Flashback removal app, or the latest Apple Java update, which will also remove the Flashback trojan.

There are new variants of Flashback out there, plus at least one other trojan that I described in the post that you quoted from. Many people appear to have been infected (like myself) before the Java exploit was fixed by Apple, so those infected machines could be running variants of the various trojans on their Mac now. The only sure fire way I know of to find these "lurking trojans" is to use Little Snitch to find them trying to "talk" back to their command and control servers over The Internet, and manually remove the offending program files from your Mac. Hope this is helpful.
 
AidenShaw said:
"Windows Home Server 2011" (WHS) is a multiple-client backup (and other) server for home networks. In this context, its backup features are for the most part much more powerful and flexible than Time Capsule, although the novice user simply opens a web page on the server, and it runs the "Add Client Computer" wizard. Click "OK" on three or four dialogs and the default backup schedule is set. An example of a pre-built WHS system is http://www.wegotserved.com/2012/03/05/hands-tranquil-pc-riley-server/

I should have compared WHS to the Time Capsule, sorry for the confusion.
___________________

If you want to see a very amusing 3min clip about a Mac user clueless about backup, see My Motherboard, My Self (Sex and the City - Season 4, Episode 8).
Click to expand...

Right......and where is this so easy to use WHS lurking in your average Windows Home Premium Install? Even IF my friend had the backup of his machine, would it have worked on his new laptop? My iMac time machine backup runs without a hitch on my macbook air, I really really doubt that that is possible with windows. And yes, plugging in a portable drive and click on "yes" IS faster, easier and stress free against trying to get that running with an extra to buy and installed software. Even a regular recovery of a file, like you erased something but need it a week later, is a no brainer with time machine.

The sex and the city clip is funny but got nothing to do with todays automated backup solutions. Carrie used OS9, 11 years ago. I actually got a Pismo powerbook like hers, upgraded to G4, a GB ram and 9h battery life thanks to two batteries, running 10.5 no sweat. Most beautiful machine ever build.
 
Chlloret said:
Right......and where is this so easy to use WHS lurking in your average Windows Home Premium Install? Even IF my friend had the backup of his machine, would it have worked on his new laptop? My iMac time machine backup runs without a hitch on my macbook air, I really really doubt that that is possible with windows. And yes, plugging in a portable drive and click on "yes" IS faster, easier and stress free against trying to get that running with an extra to buy and installed software. Even a regular recovery of a file, like you erased something but need it a week later, is a no brainer with time machine.
Click to expand...

You don't necessarily have to use WHS if you want time machine type functionality on Windows. WHS is more robust, but every copy of Windows comes with the very appropriately named Backup and Restore.

It isn't quite as...er...swanky nifty keen as Time Machine. It's much simpler, and isn't vastly different than browsing for files through Explorer than TM's three dimensional column of windows. Functionally, it's exactly the same.

To start it up, hit the windows key, type backup, and hit enter. You'll enter into the backup and restore dialog, and from there, it's all about reading what to do next. It requires a couple more steps than TM, but it's still about dead simple to use. Just set a schedule, and direct it to where you want the backups to go, and there you are.
 
adamw said:
I would highly recommend that you install the "Little Snitch" app, which runs in a demo mode free for 3 hours, then you can restart it as many times as necessary. That way you can see what program(s) are trying to send data out on your Internet connection from your Mac. That is how I found "lurking" parts of the Flashback trojan, even after I had removed it per F-Secure's Terminal instructions. Also, run the Apple Flashback removal app, or the latest Apple Java update, which will also remove the Flashback trojan.

There are new variants of Flashback out there, plus at least one other trojan that I described in the post that you quoted from. Many people appear to have been infected (like myself) before the Java exploit was fixed by Apple, so those infected machines could be running variants of the various trojans on their Mac now. The only sure fire way I know of to find these "lurking trojans" is to use Little Snitch to find them trying to "talk" back to their command and control servers over The Internet, and manually remove the offending program files from your Mac. Hope this is helpful.
Click to expand...

Good point. I actually have a Little Snitch license I bought back in November of 2008 I'd forgotten about (I got sick of the constant permission requests and deleted the program). Apparently my license is still good for the latest version so I've got it running again.

ClamXav didn't find anything but various phishing emails in my junk mail folder, but I'm not sure whether its definitions are up to date for the new variant mentioned. Who knows, maybe I had something that deleted itself when it saw I noticed it (unlikely, but this is a new one we don't know as much about yet so I suppose it's possible). :D

Sadly, it looks like I need Java running on my Mac if I want to keep Air Video Server running, but I disabled Java in Safari, Firefox, and Chrome as soon as news of the Flashback Trojan appeared in my Macrumors RSS feed (though I really shouldn't have had it allowed in the first place).

Thanks for the suggestions.
 
Puevlo said:
If they had made Mac OS X trojan-proof in the first place this wouldn't have happened.
Click to expand...

Luckily, making a Trojan-proof operating system is very, very simple. Only two steps really:

1. Create a fully-featured consumer-oriented operating system that balances user freedom and abilities with security concerns.
2. Never release it to the public.

Voila! The impenetrable fortress of computing power.
 
Last edited:
NY Guitarist said:
Is this available for Snow Leopard?

It would be nice to know Apple has thought about protecting users who need to stay on SL too.
Click to expand...

Traditionally Apples used just about any excuse to force users to upgrade to the latest release. It's particularly annoying when ones Mac is optimized and running well on it's present version of OS X. Surely Apple will make the most out of the flashback situation. It's a ticket for them to ignore anyone who's not migrated to 10.7.x.
 
we got the flashback trojan at work from trying to see a video our business was featured in on a local PBS station's website. I tried it from my computer, but when it asked me to download a updated version of Flash, my mac gave me a malware warning message so I didn't do it.

my boss wasn't so lucky, his mac didn't give him a warning, so he downloaded it, turned out to be the Flashback trojan. This was after lots of web searching and downloading free antivirus programs until we found one that could identify it.

Virus barrier found and tried to remove it but the trojan disabled to computer when we tried to get rid of it.

Wish these new tools would have been out a couple weeks ago before we had to reformat and reinstall everything on his computer and lost some data as well. If Apple had not dragged it's feet on this, it could have saved us time and money.
 
fruitycups said:
My friends are laughing at my mac! Help!!
Click to expand...

Apple screwed up with the update and the hackers took advantage. Apple updated Java recently and you are now fully protected against the current variants of "Flashback". If you don´t need it, just disable Java in your browser.

Has anybody tried if "Gatekeeper" could have prevented this? I just wonder if it circumvents it or not.
 
Last edited:
coolfactor said:
You're right that Microsoft makes a valiant effort to issue security fixes for Windows, but that's only because there are so many to fix! I've spent the last 10 hours getting a Windows 7 laptop to be functional again. Windows is crap.
Click to expand...

10 hours....!!!! the problem is not with Windows, the problem is between the seat and keyboard.

Wise choice with the Mac, stick to it ;)
 
Originally Posted by ImperialX
I've had Java running all this time and never had a problem...
Click to expand...
Macman45 said:
Same here, and ran diagnostics on all 3 Macs all are clean, but Have installed the update anyway...No issues so far.
Click to expand...

Very, very few Mac users have been infected. I understan it's less than 2%, and I haven't heard anyone on this slist say they got it, and I think there's at least a few hundred people participating.

If anyone reading this got it, let us know.
 
It seems like some of you are getting very worked about this. I'm simply happy that Apple released a tool that will address the issue - end of story. Complaining about the time it took to release said tool is pointless.

The notion that Apple doesn't care about security is laughable. Calm down people. These things take time.
 
faroukabad said:
we got the flashback trojan at work from trying to see a video our business was featured in on a local PBS station's website. I tried it from my computer, but when it asked me to download a updated version of Flash, my mac gave me a malware warning message so I didn't do it.

my boss wasn't so lucky, his mac didn't give him a warning, so he downloaded it, turned out to be the Flashback trojan. This was after lots of web searching and downloading free antivirus programs until we found one that could identify it.

Virus barrier found and tried to remove it but the trojan disabled to computer when we tried to get rid of it.

Wish these new tools would have been out a couple weeks ago before we had to reformat and reinstall everything on his computer and lost some data as well. If Apple had not dragged it's feet on this, it could have saved us time and money.
Click to expand...
Whatever you talk about, its not flashback. This "trojan" was not funktional, no need to reformat anything, no need for data loss (on a commercially used computer you have no back ups?) and it certainly did not block or disable any computer.
You are the first one that actually seen anything in the wild. Considering the hundrets of thousends of infected Macs that are reported, one is at least a beginning.
We checked all our Macs worldwide and could not find anything, except with the tools of "DrWeb" (never heard of them before this) where ALL of our machines where infected, including Windows machines, Android Phones, iPhones, iPads, iPods, you name it, everything was gone but of course could be fixed with the matching software. Cheap.......

But other then that, it is not looking like a real epedemic. The Java hole was there, no question, maybe even this non functional trojan existed but we could not find anything. But we do not use Java oder Flash anyway, normally not on commercial machines. What for?

----------
macsmurf said:
1% is actually quite a large percentage. It's on par with the Conficker outbreak.

http://www.pcworld.com/businesscent...alware_outbreak_is_bigger_than_conficker.html
Click to expand...

Well, pcworld might think they get a story out of that, but in real life the "outbrake" was rather limited it seems.
Until now, outside controled envirements or with certain anti virus companies, there seem to be no active "infections"
For sure there was no "botnet" as the trojan was not able to communicate.
 
Chlloret said:
We checked all our Macs worldwide and could not find anything, except with the tools of "DrWeb" (never heard of them before this) where ALL of our machines where infected, including Windows machines, Android Phones, iPhones, iPads, iPods, you name it, everything was gone but of course could be fixed with the matching software. Cheap.......
Click to expand...

What do you mean by this statement exactly? Does this mean that my iPad or iPod Touch could have some sort of malware or something and I wouldn't even know it or be able to check for it?
 
Roc P. said:
What do you mean by this statement exactly? Does this mean that my iPad or iPod Touch could have some sort of malware or something and I wouldn't even know it or be able to check for it?
Click to expand...

Well, one wonders? Thats what they want you to believe and if enough people believe it, it becomes the big malware story.
Point is, this "trojan" needs to be installed. By you. So, really, you should know if its on your system. Because you installed it yourself.
 
Chlloret said:
Well, one wonders? Thats what they want you to believe and if enough people believe it, it becomes the big malware story.
Point is, this "trojan" needs to be installed. By you. So, really, you should know if its on your system. Because you installed it yourself.
Click to expand...

I know my 2 Macs running Lion are ok. I have a PPC iMac running Leopard that I think is ok but my family uses it all the time so anything can happen with it. I've got Java disabled in Safari and my Firewall on and switched to OpenDNS so it's a little safer but still. As for my iPad and iPod I don't recall installing anything so they should be ok but how the heck would we really even know?
 
Chlloret said:
Point is, this "trojan" needs to be installed. By you. So, really, you should know if its on your system. Because you installed it yourself.
Click to expand...
Did you read the information about this trojan? Did you read how it can infect without user interaction by exploiting a vulnerability in Java? While the user can prevent this by disabling Java in their browser, if they didn't do that, there is no way they would know when the trojan was installed.
 
GGJstudios said:
Did you read the information about this trojan? Did you read how it can infect without user interaction by exploiting a vulnerability in Java? While the user can prevent this by disabling Java in their browser, if they didn't do that, there is no way they would know when the trojan was installed.
Click to expand...
Sorry, no. The first exploits (all ineffective by the way) did ask for the admin password like any other program.
The latest (rumored) exploit (also ineffective) did download in "drive by" manner but still had to be oked to install, but without the admin password.
Without ANY user interaction it was not possible to install this.
Also, by the time the latest version (that is rumored to still be out there) came along when this was wildly discussed, so who would not have Jave disabled by then? Or indeed installed? If you are just slightly security minded you knew for the last 2 month about this and simply disabled Jave, did not use your Admin account or simply applied some comon sence.
But even IF you got this "trojan" (I did not find anybody yet) so was the result what exactly? Right, nothing at all. Little snitch would have allerted you instantly, if you did not have this, your firewall would have allerted you, if you have that disabled as well, you should at least be curious, why all over sudden your password is asked for an install, you did not start.
If all this does not allert you and you actively ignore any warning, ignore news on the net about it, not install the update and choose to not react at all, you MIGHT have installed the program, but even then, nothing happens.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back