Following my piece the other day on how an estimated 600,000 Macs are infected with the Flashback Trojan, I’ve been getting a lot of questions and queries about how to tell if a system is infected witht his malware, and what to do if it is.
How to tell if your Mac is infected with the Flashback Trojan?
To tell if you’re infected with the Flashback Trojan, fire up Terminal (in the Utilities folder under Applications) and copy and paste each of the commands below into the window:
- defaults read /Applications/Safari.app/Contents/Info LSEnvironment
- defaults read /Applications/Firefox.app/Contents/Info LSEnvironment
- defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
How to remove the Flashback Trojan?
If your system is infected, then you’ve got your work cut out for you. At present, there’s no automatic removal tool for Flashback so you’re going to have to do the job manually.
The best, most comprehensive removal guide I’ve seen has been created by Finnish security firm F-Secure. I’d suggest that you carefully read these instructions before attempting to follow them, and it might be a good idea to print them out so you can cross out each step as you do it. Failure to follow all the steps carefully will result in incomplete removal of the malware.
You now need to patch your system - immediately! The easiest way to do this is to fire up Software Update and bring in all the updates your system needs. Depending on how long it has been since you last downloaded updates, this may take some time.
Next, I recommend that you download and install antivirus software. Sophos Anti-Virus for Mac Home Edition and ClamXav 2 are both excellent products and won’t set you back a dime. If you’d rather go for a paid-for solution then I suggest that you take a look at Intego’s VirusBarrier X6 or Internet Security Barrier X6.
Finally, I recommend disabling Java in your Mac’s web browser. If you don’t use Java – and not many people do nowadays, which is why Apple doesn’t include it with OS X 10.8 ‘Lion’ – then I recommend uninstalling it completely so you get rid of a serious source of vulnerabilities.