Anti Flashback Trojan2.1.1

I have serious doubts about the credibility of the people claiming this trojan infected 600,000 Mac computers. I think the numbers are a outright lie and exaggerated to scare people into buying AV software. I was not infected, none of my friends or family were infected. And none of the 10,000+ worldwide clients the company I work for had a single reported infection.

I can't glean from the description or from the publisher's website whether this thing will actually remove the malware, or only check for it.

This app is viable if for no other reason than it works on OS X 10.5. Apple has stopped supporting OS versions before Snow Leopard so there's no Java update for Leopard users. They might appreciate a tool that can check their systems for infection. Indeed, so might Tiger users. That said, they would all be well advised in the now riskier climate for Mac security to install an app like ClamXav that still supports older Macs.

I have serious doubts about the credibility of the people claiming this trojan infected 600,000 Mac computers. I think the numbers are a outright lie and exaggerated to scare people into buying AV software. I was not infected, none of my friends or family were infected. And none of the 10,000+ worldwide clients the company I work for had a single reported infection.

apples tool is out now http://www.macupdate.com/app/mac/42634/flashback-malware-removal-tool

You may also try the Kaspersky Flashfake Trojan removal tool : info: http://www.securelist.com/en/blog/208193454/Flashfake_Removal_Tool_and_online_checking_site Download: http://support.kaspersky.com/downloads/utils/flashfake_removal_tool.zip :)

Be cautious of relying on scripts like this one. It is based on instructions for a specific variant from F-Secure, which do not work for all variants. It would be better to rely on some good anti-virus software, like Sophos Anti-Virus for Mac Home Edition or ClamXav, both of which are completely free, with no subscriptions or time limitations. And no, I'm not associated with either product.

All references to the F-Secure document for cleaning this malware are out-of-date. The correct one for removing the current variant that has supposedly infected over 600,000 Macs is http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_k.shtml which has been out for over a week now.

This may not be the most sophisticated software, but the developer has responded quickly and provided it for free (so far there's nothing else on MacUpdate - their review process is somewhat quirky.) I checked the script and it's not a trojan installer as one user suggested. See for yourself: -- -- Anti Flashback-Trojan -- -- Created by Moritz Wette on 06.04.12. -- Copyright 2012 Moritz Wette. All rights reserved. -- on scan1() try set command to do shell script "defaults read /Applications/Safari.app/Contents/Info LSEnvironment" --set output to words of (do shell script command) return true on error errmsg if (errmsg contains "does not exist") then return false end try end scan1 on scan2() try do shell script "defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES " return true on error errmsg if (errmsg contains "does not exist") then return false end try end scan2 on scan3() try do shell script "defaults read /Applications/Firefox.app/Contents/Info LSEnvironment" return true on error errmsg if (errmsg contains "does not exist") then return false end try end scan3 on scan4() try do shell script "defaults read /Applications/Google Chrome.app/Contents/Info LSEnvironment" return true on error errmsg if (errmsg contains "does not exist") then return false end try end scan4 (*on remove1() try do shell script "grep -a -o '__ldpath__[ -~]*' " + scan1_return on error errmsg display dialog errmsg end try try do shell script "sudo defaults delete /Applications/Safari.app/Contents/Info LSEnvironment" on error errmsg display dialog errmsg end try try do shell script "sudo chmod 644 /Applications/Safari.app/Contents/Info.plist" on error errmsg display dialog errmsg end try end remove1*) (*on remove2() try do shell script "grep -a -o '__ldpath__[ -~]*' %path_obtained_in_step9%" on error errmsg display dialog errmsg end try try do shell script "defaults delete ~/.MacOSX/environment DYLD_INSERT_LIBRARIES" on error errmsg display dialog errmsg end try try do shell script "launchctl unsetenv DYLD_INSERT_LIBRARIES" on error errmsg display dialog errmsg end try end remove2*) on run set f to 0 scan1() if (scan1() = true) then set f to f + 1 scan2() if (scan2() = true) then set f to f + 1 scan3() if (scan1() = true) then set f to f + 1 scan4() if (scan2() = true) then set f to f + 1 if (f > 0) then set temp to display dialog "Your computer is infected!" with icon 0 buttons {"Okay"} if (button returned of result = "Remove The Flashback-Trojan") then --if (scan1() = true) then remove1() --if (scan2() = true) then remove2() --display dialog "Your computer should be clean now!" --open location "http://www.moritzwette.com/donate" end if else display dialog "Your computer may be clean!" open location "http://www.moritzwette.com/donate" end if end run

If you are concerned about the Flashback Trojan and want to check out, and, if necessary, fix your Mac using only Terminal, first go to this page (linked by the Ars Technica site): http://www.f-secure.com/weblog/archives/00002336.html, and then this followup page: http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml That way you can avoid any anxiety about using this or similar items of software.

Just a comment: the info about the supposed 600'000 infected Macs comes from only 1 source, some called "Dr Web", a russian hacker or troll. All this is a scam ..

See "Flashback Checker Script" available here: http://macstuff.beachdogs.org/blog/

This Applescript application is completely bogus. It's just a wrapper for some shell commands that don't make sense and that the "developer" obviously doesn't understand. Don't download.

My computer is clean!