• Welcome to MUGOO Message Board.
 

News:

Many thanks to Dan Millar for creating our board logo, the "mapple"! 
To go to the main MUGOO website, click the big banner above ...

Main Menu

FlashBack Checker

Started by Dan Millar, April 10, 2012, 05:23:36 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Dan Millar

April 10, 2012, 05:23:36 PM
Hey Guys and Gals,

It's here. it's real, and I'm not gonna say I told you so.

Use this tool first to see if you've been compromised:

https://github.com/jils/FlashbackChecker/downloads

If your test comes back clear, you're like 99% of us - no infection.

If you're running 10.6 or 10.7, immediately check for software updates via the -menu/Software Updates mechanism. Apple has patched the vulnerability and you will have nothing to worry about - for now.

If you're running 10.5.x or less, turn Java off in your Safari preferences - it's under the security tab.

If your test comes back positive, i.e. you're infected, try Intego's free AV software download/trial, it apparently has the smarts to remove the nasty bits causing the problem. You can get Intego's software here:

http://www.intego.com/virusbarrier

At this point, it appears that Intego, F-Secure and ClamXav all have the ability to block this trojan/virus if they're kept up to date.

I recommend you do NOT use the virus checker that Kaspersky Labs has posted, the one that asks you to enter your UUID. This confidential info is being collected in an insecure manner - just use the checker given above.

I still highly recommend ClamXav, it's free, it works, and it has the definitions to stop this virus in it's tracks, though it cannot remove it. The process to manually remove this virus involves a complete scrub of your hard disk, and either a restore from backup or completely new installation of the OS, etc. - not too horrible if you use Time Machine and all your stuff is backed up, otherwise it's a very Windows-like experience for Mac users, i.e. no fun at all. Check out the Intego website if you suspect that your machine needs "scrubbing", and you don't want to go through the nightmare of rebuilding your system and data.

Good luck and...

Happy, Healthy Mac'ing!

Dan
To be good is noble, but to teach others how to be good is nobler and less trouble.
Mark Twain

GNV

#1
April 10, 2012, 09:39:47 PM
Thanks for the help.  Very reassuring!

Dan Millar

#2
April 13, 2012, 10:00:42 AM
Hey Mac Gang,

Apple has released a "fix" for Flashback infections, and here's a link to the description if you haven't seen it elsewhere:

http://support.apple.com/kb/HT5242

This patch is available via Software Update, and only applicable to OS X 10.7 Lion - for everyone else, both F-Secure and Kaspersky have also released "scrubbers" that will remove Flashback if it is detected on your machine. Here are those links:

Flashflake tool from Kaspersky: https://www.securelist.com/en/blog/208193454/Flashfake_Removal_Tool_and_online_checking_site

F-Secure Flashback removal tool: http://www.f-secure.com/weblog/archives/00002346.html

I sincerely hope no one needs to use these tools - any infections out there? I think the "600,00" macs, plus "287 in Cupertino" is hyperbole at best... I personaly haven't heard of a single instance in the wild, bit I stand to be corrected!

Happy Mac'ing!

Dan


To be good is noble, but to teach others how to be good is nobler and less trouble.
Mark Twain
Print
Go Up Pages1
User actions