How to detect and remove Flashback malware from Mac OS X – Part 3

F-Secure’s analysis offers a detailed method for detecting and ultimately removing the malware from your system, though you can easily detect the malware in its known variants by running the following three commands sequentially in the OS X Terminal utility:

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
defaults read /Applications/Firefox.app/Contents/Info LSEnvironment

If your system is not infected then the output of these commands will state in part that the domain/default pair “does not exist”; however, if it is infected then Terminal will output a path that points to the malware, and you can follow the instructions provided in F-Secure’s analysis to remove the malware from your system.

If the last two queries return the report that there is some malware, then remove manually and the best way to stay protected in the future is to uninstall the web browsers and download their latest versions from authentic websites and reinstall them.

If the first query returns the value that your computer is infected, follow F-Secure’s instructional procedure to remove it and stay protected in the future.

Short URL: https://www.newspakistan.pk/?p=18809

Posted by Usman Khalid on Apr 12 2012. Filed under Sci-Tech. You can follow any responses to this entry through the RSS 2.0. You can skip to the end and leave a response. Pinging is currently not allowed.