HowTo: Check/Fix Mac Infected w/ Flashback Trojan


Flashback Trojan

According to Russian antivirus company Dr. Web, there are about 600,000 Macs around the world that are infected by different variations of the Flashback trojan and are now part of a fast-growing Mac botnet. Of the 600,000 infected Macs the majority are located in North America – 57% from the US and 20% in Canada.

If you own a Mac and would like to check whether its infected or not, you can follow these step-by-step instruction provided by the folks from F-Secure.

NOTE: This procedure is risky and could be a bit tricky so it is recommended only for advanced users. If you think you’re not capable of doing it yourself, you can request a friend or a professional technician to assist you.

1. Open up Terminal (Finder > Applications > Utilities > Terminal).
2. Key in and run the following command in Terminal:

3. Take note of the value, DYLD_INSERT_LIBRARIES
4. Proceed to step 8 if you got the following error message:

5. Otherwise, run the following command in Terminal:

6. Take note of the value after “__ldpath__
7. Run the following commands in Terminal (first make sure there is only one entry, from step 2):

8. Delete the files obtained in steps 2 and 5
9. Run the following command in Terminal:

10. Take note of the result. Your system is already clean of this variant if you got an error message similar to the following:

11. Otherwise, run the following command in Terminal:

12. Take note of the value after “__ldpath__
13. Run the following commands in Terminal:

14. Finally, delete the files obtained in steps 9 and 11.

If you get both “does not exist” errors on Step 4 and 10, it basically means that your Mac is not infected by the latest Flashback trojan variation. However, other Flashback trojan variations include additional components which require additional removal steps. Please refer to this link for further information and removal instructions.

I performed the procedure on my Mac and fortunately for me, it isn’t one of the 600,000 infected machines. I strongly recommend that you do the same thing and check to make sure whether your Mac is infected or not. It won’t hurt if you do and its always better to be safe than sorry.

Anyone here who got infected by the latest Flashback trojan or a different variant? What did you do to fix/disinfect your machine?

Owner and editor of JaypeeOnline. Self-proclaimed geek. New media writer and consultant. WordPress advocate. Loves blogging, gadgets, video games and sports. You can follow him on Google+, Facebook or Twitter.

1 Comment

  1. ^_^

    April 13, 2012 at 1:33 AM

    Why does step #4 if “does not exist” tell you to go to step#8 only for it to tell you to “8. Delete the files obtained in steps 2 and 5″

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">