Old news but apparently still growing...caused by an exploit in un-patched Java...
Be careful out there- http://arstechnica.com/apple/news/2...controls-half-a-million-macs-and-counting.ars
Manual disinfection instructions (http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml)
Be careful out there- http://arstechnica.com/apple/news/2...controls-half-a-million-macs-and-counting.ars
Manual disinfection instructions (http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml)
Code:
Disinfection
Manual Removal Instructions
1. Run the following command in Terminal:
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
2. Take note of the value, DYLD_INSERT_LIBRARIES
3. Proceed to step 8 if you got the following error message:
"The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist"
4. Otherwise, run the following command in Terminal:
grep -a -o '__ldpath__[ -~]*' %path_obtained_in_step2%
5. Take note of the value after "__ldpath__"
6. Run the following commands in Terminal (first make sure there is only one entry, from step 2):
sudo defaults delete /Applications/Safari.app/Contents/Info LSEnvironment
sudo chmod 644 /Applications/Safari.app/Contents/Info.plist
7. Delete the files obtained in steps 2 and 5
8. Run the following command in Terminal:
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
9. Take note of the result. Your system is already clean of this variant if you got an error message similar to the following:
"The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist"
10. Otherwise, run the following command in Terminal:
grep -a -o '__ldpath__[ -~]*' %path_obtained_in_step9%
11. Take note of the value after "__ldpath__"
12. Run the following commands in Terminal:
defaults delete ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
launchctl unsetenv DYLD_INSERT_LIBRARIES
13. Finally, delete the files obtained in steps 9 and 11.