Hi all, Happily I wasn't infected either. I ran software update to try and get Apple's fix for this, but only saw updates for raw camera and iPhoto. Did anyone else find a software update to address this issue? TIA, Donna On Apr 6, 2012, at 12:44 AM, Charlie Doremus wrote:
> I too was lucky to to avoid infection and found the process to check very > uncomplicated. > Here are the instructions: > Disinfection > Manual Removal > > Caution: Manual disinfection is a risky process; it is recommended only for > advanced users. Otherwise, please seek professional technical assistance. > F-Secure customers may also contact our Support. > > > Manual Removal Instructions > > 1. Run the following command in Terminal: > > defaults read /Applications/Safari.app/Contents/Info LSEnvironment > > 2. Take note of the value, DYLD_INSERT_LIBRARIES > 3. Proceed to step 8 if you got the following error message: > > "The domain/default pair of (/Applications/Safari.app/Contents/Info, > LSEnvironment) does not exist" > > 4. Otherwise, run the following command in Terminal: > > grep -a -o '__ldpath__[ -~]*' %path_obtained_in_step2% > > 5. Take note of the value after "__ldpath__" > 6. Run the following commands in Terminal (first make sure there is only one > entry, from step 2): > > sudo defaults delete /Applications/Safari.app/Contents/Info LSEnvironment > > sudo chmod 644 /Applications/Safari.app/Contents/Info.plist > > 7. Delete the files obtained in steps 2 and 5 > 8. Run the following command in Terminal: > > defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES > > 9. Take note of the result. Your system is already clean of this variant if > you got an error message similar to the following: > > "The domain/default pair of (/Users/joe/.MacOSX/environment, > DYLD_INSERT_LIBRARIES) does not exist" > > 10. Otherwise, run the following command in Terminal: > > grep -a -o '__ldpath__[ -~]*' %path_obtained_in_step9% > > 11. Take note of the value after "__ldpath__" > 12. Run the following commands in Terminal: > > defaults delete ~/.MacOSX/environment DYLD_INSERT_LIBRARIES > > launchctl unsetenv DYLD_INSERT_LIBRARIES > > 13. Finally, delete the files obtained in steps 9 and 11. > > Note: > > Some Flashback variants include additional components, which require > additional steps to remove. Please refer to > ourTrojan-Downloader:OSX/Flashback.K description for additional information > and removal instructions. > > Aloha, > > Charlie > > Our new book "YOU MIGHT BE A MORON" is on sale at www.giantdolphin.com click > the off the bookshelf link > > > > On Apr 5, 2012, at 6:14 PM, Eric Oyen <eric.o...@gmail.com> wrote: > >> complicated? >> >> I found the directions over at F-Prot to be very uncomplicated. btw, I was >> not infected, but a room mate was. >> >> Sophos for OS X is pretty accessible (except for the system tray icon that >> sits left of the apple scripts icon. I can't seem to gain access to that (or >> soundflower for that matter). >> >> -eric >> >> On Apr 5, 2012, at 9:05 PM, Ray Foret Jr wrote: >> >>> Doubtless, by now, y'all have heard of the Flash Back Trojan and the fact >>> that 6000 Macs were most likely infected by this thing! I found that the >>> removal process for this bugger is quite complex and is done mainly from >>> terminal. >>> >>> All I can tell you here is that you type in the following code in to >>> terminal to see if you're infected: >>> >>> defaults read /Applications/Safari.app/Contents/Info LSEnvironment defaults >>> read /Applications/Firefox.app/Contents/Info LSEnvironment defaults read >>> ~/.MacOSX/environment DYLD_INSERT_LIBRARIES >>> >>> IF you get back the message saying that the default pairs does not exist or >>> something like that, you are not infected. This nasty virus desgizes >>> itself in the form of an update to the Adobe flash player. this hit me the >>> other day and so I decided I'd better check to see if I was infected. so >>> far, I appear not to be. In light of this, does anybody know of a good >>> anti virus app for the Mac which is very accessible? >>> >>> Sincerely, >>> The Constantly Barefooted Ray!!! >>> >>> Now a very proud and happy Mac user!!! >>> >>> Skype name: >>> barefootedray >>> >>> Facebook: >>> facebook.com/ray.foretjr.1 >>> >>> >>> >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "MacVisionaries" group. >>> To post to this group, send email to macvisionaries@googlegroups.com. >>> To unsubscribe from this group, send email to >>> macvisionaries+unsubscr...@googlegroups.com. >>> For more options, visit this group at >>> http://groups.google.com/group/macvisionaries?hl=en. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "MacVisionaries" group. >> To post to this group, send email to macvisionaries@googlegroups.com. >> To unsubscribe from this group, send email to >> macvisionaries+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/macvisionaries?hl=en. >> > > > -- > You received this message because you are subscribed to the Google Groups > "MacVisionaries" group. > To post to this group, send email to macvisionaries@googlegroups.com. > To unsubscribe from this group, send email to > macvisionaries+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/macvisionaries?hl=en. -- You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To post to this group, send email to macvisionaries@googlegroups.com. To unsubscribe from this group, send email to macvisionaries+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/macvisionaries?hl=en.
