Thursday, April 05, 2012

Two simple commands to check your Mac for Flashback malware

First, launch terminal.  If you're not sure how, enter "Terminal" in spotlight (the magnifying glass in the upper right of your display).

Then, enter each these commands exactly as shown, pressing "enter" after each.  Your entry will not be bolded or in color.  Each command is one line, though it may display wrapped below.


defaults read /Applications/Safari.app/Contents/Info LSEnvironment 

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

(Spaces in each command after 'defaults' and 'read', space after 'Info' in the first command)


The defaults command allows users to read, write, and delete Mac OS X user defaults from a command-line shell. 

Both of the commands above use the "read" option to safely check for the malware.

If both commands return a sentence ending in "does not exist", your system is free of this malware.

Full test and removal instructions:

http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml


Thanks to F-Secure.

No comments: