Flashback Trojan for OSX (& how to fix)

Discussion in 'macOS' started by turbobass, Apr 4, 2012.

Thread Status:
Not open for further replies.
  1. turbobass macrumors 6502

    Joined:
    May 25, 2010
    Location:
    Los Angeles
    #1
    Old news but apparently still growing...caused by an exploit in un-patched Java...

    Be careful out there- http://arstechnica.com/apple/news/2...controls-half-a-million-macs-and-counting.ars

    Manual disinfection instructions (http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml)


    Code:
    Disinfection
    
    Manual Removal Instructions
    
    1. Run the following command in Terminal: 
    
    defaults read /Applications/Safari.app/Contents/Info LSEnvironment 
    
    2. Take note of the value, DYLD_INSERT_LIBRARIES
    3. Proceed to step 8 if you got the following error message:
    
    "The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist" 
    
    4. Otherwise, run the following command in Terminal: 
    
    grep -a -o '__ldpath__[ -~]*' %path_obtained_in_step2% 
    
    5. Take note of the value after "__ldpath__"
    6. Run the following commands in Terminal (first make sure there is only one entry, from step 2): 
    
    sudo defaults delete /Applications/Safari.app/Contents/Info LSEnvironment 
    
    sudo chmod 644 /Applications/Safari.app/Contents/Info.plist 
    
    7. Delete the files obtained in steps 2 and 5
    8. Run the following command in Terminal: 
    
    defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES 
    
    9. Take note of the result. Your system is already clean of this variant if you got an error message similar to the following: 
    
    "The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist" 
    
    10. Otherwise, run the following command in Terminal: 
    
    grep -a -o '__ldpath__[ -~]*' %path_obtained_in_step9% 
    
    11. Take note of the value after "__ldpath__"
    12. Run the following commands in Terminal: 
    
    defaults delete ~/.MacOSX/environment DYLD_INSERT_LIBRARIES 
    
    launchctl unsetenv DYLD_INSERT_LIBRARIES 
    
    13. Finally, delete the files obtained in steps 9 and 11.
     
Thread Status:
Not open for further replies.

Share This Page