Got a tip for us? Share it...

New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

Antivirus Firms Release Free Tools for Cleaning Macs Infected by Flashback

Yesterday, Apple disclosed for the first time that it is working to develop a software tool to detect and remove the Flashback malware from infected machines. We also previously profiled Flashback Checker, a simple app designed to allow users to easily see if their Macs are infected but which provides no assistance with disinfection.

While Apple works on its own official solution, other parties have continued to develop their own increasingly user-friendly tools for dealing with the threat and cleaning infected machines, with some of those tools making their way into the public's hands.

Russian antivirus firm Kaspersky Lab, which has played a key role in monitoring and publicizing the threat of Flashback, yesterday announced the launch of a free web-based checker where users can simply input the hardware UUID of their Mac to see if it has registered on the firm's servers as an infected machine. The company has also released Flashfake Removal Tool, a free app that quickly and easily detects and removes the malware.


Antivirus firm F-Secure has also announced its own free Flashback Removal app. The app generates a log file detailing whether it has found Flashback on a user's system, and if so quarantines it inside an encrypted ZIP file for disposal.

F-Secure also points out that Apple has yet to offer any protection for users running systems earlier than Mac OS X Snow Leopard. Flashback uses a vulnerability in Java to install itself without user authorization, and Apple released software patches for Java on Lion and Snow Leopard last week to close that hole and prevent infection on updated systems. Machines running earlier versions of Mac OS X do, however, remain unprotected. Specifically, F-Secure notes that over 16% of Macs are still running Mac OS X 10.5 Leopard, marking a substantial user base that remains vulnerable to the threat.

Update: Kaspersky Lab has informed MacRumors that the Flashfake Removal Tool has temporarily been pulled after the discovery that in some cases it could erroneously remove certain user settings. A fixed version of the tool will be posted as soon as it is available.

Update 2: The patched version of the Flashfake Removal Tool is now available through the Kaspersky Lab site.

Top Rated Comments

(View all)

30 months ago
I still don't believe the 600,000 figure.
Rating: 17 Votes
30 months ago

I checked and was not infected. I'm always skeptical about companies doing anything for free. What's the catch with Kaspersky?:rolleyes:


I think in time they will try to get you to open your walletsky so you can spend some of your moneysky on their Mac anti-virusky.
Rating: 15 Votes
30 months ago
Interesting that these tools are appearing after Apple announced that a fix of their own is coming....
Rating: 9 Votes
30 months ago

'infected' suggests its a virus. thought macs didnt get viruses. haha


Gosh you must be on to something. I guess Mac users are all idiots.

/sarcasm
Rating: 8 Votes
30 months ago
They should have a great big donate $1 button on it!

The "solvers" of the biggest infection in Mac history. (Right?)

Gary
Rating: 8 Votes
30 months ago
A few days ago I did the Terminal commands that F-Secure posted for checking for Flashback trojan (http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml). Redid it today and both times came up negative.

I downloaded and used an app to do the same (https://github.com/jils/FlashbackChecker/wiki) and also the F-Secure Flashback Removal app. They both also came up negative.

I used the web-based checker in this article, put in the hardware UUID of my Mac and surprise, surprise, it came up positive.

I would have thought that MacRumours would've tested them and saw that the Kaspersky Lab web page is bogus!!!!
Rating: 7 Votes
30 months ago

All Mac antivirus software is a scam. My mom's friend paid a lot of money to get her Mac cleaned of "viruses". Anyway "Mac antivirus" is an oxymoron.


People who don't admit that "virus" and "malware" mean the same thing to most people miss the point.

If your identity and credit card numbers are sent to criminals in the Ukraine - is it "OK" if malware sent the info and "bad" if a virus sent the info?

I'd think that most people would label it as "bad" regardless of minor technical details of the infection.

And add to that the simple truth that viruses aren't really that common anymore - OS changes have made the threat of viruses fairly small. When you get a product like Norton, you're buying "anti-malware" protection - even if the product name contains the word "antivirus" for historical familiarity.
Rating: 7 Votes
30 months ago

'infected' suggests its a virus. thought macs didnt get viruses. haha

They don't, since this isn't a virus. Viruses aren't the only form of malware that can infect computers.

I guess being too lazy and, frankly, cheap to spend that $29 seems pretty stupid now, doesn't it? :D

Choosing not to upgrade to Snow Leopard or Lion doesn't have anything to do with being lazy or cheap. There is no need to upgrade, simply for the sake of upgrading. Leopard still runs quite well for many users.

Company offers free antivirus software?

There are many free antivirus apps on both Windows and Mac platforms. It's nothing new.

Either way as I'm waiting to buy a new iMac I'm less than happy to hear about Mac viruses.

You can be happy again. This isn't a virus, and there never has been one since Mac OS X was released. This is a trojan, and not the first one.

I used this and it said it removed it and then when I restarted my mac i ran the web checker again and it said I still had it?

To be certain, just use the Terminal commands (http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_k.shtml) that have already been posted everywhere.


Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 10 years ago. The only malware in the wild that can affect Mac OS X is a handful of trojans, which can be easily avoided by practicing safe computing (see below). Also, Mac OS X Snow Leopard and Lion have anti-malware protection (http://support.apple.com/kb/ht4651) built in, further reducing the need for 3rd party antivirus apps.
Mac Virus/Malware FAQ (http://guides.macrumors.com/Mac_Virus/Malware_FAQ)
[LIST=1]
[*]Make sure your built-in Mac firewall is enabled in System Preferences > Security > Firewall


[*]Uncheck "Open "safe" files after downloading" in Safari > Preferences > General


[*]Uncheck "Enable Java" in Safari > Preferences > Security. This will completely protect you from the Flashback malware (http://support.apple.com/kb/HT5244). Leave this unchecked until you visit a trusted site that requires Java, then re-enable only for your visit to that site. (This is not to be confused with JavaScript, which you should leave enabled.)


[*]Change your DNS servers to OpenDNS servers by reading this (http://guides.macrumors.com/Mac_Virus/Malware_FAQ#Why_am_I_being_redirected_to_other_sites.3F).


[*]Be careful to only install software from trusted, reputable sites. Never install pirated software. If you're not sure about an app, ask in this forum before installing.


[*]Never let someone else have access to install anything on your Mac.


[*]Don't open files that you receive from unknown or untrusted sources.


[*]Make sure all network, email, financial and other important passwords are complex, including upper and lower case letters, numbers and special characters.


[*]Always keep your Mac and application software updated. Use Software Update for your Mac software. For other software, it's safer to get updates from the developer's site or from the menu item "Check for updates", rather than installing from any notification window that pops up while you're surfing the web.
[/LIST]
That's all you need to do to keep your Mac completely free of any virus, trojan, spyware, keylogger, or other malware. You don't need any 3rd party software to keep your Mac secure.

If you insist on running antivirus, ClamXav (http://www.clamxav.com/) is one of the best choices, since it isn't a resource hog, detects both Mac and Windows malware and doesn't run with elevated privileges. You can run scans when you choose, rather than leaving it running all the time, slowing your system. ClamXav has a Sentry feature which, if enabled, will use significant system resources to constantly scan. Disable the Sentry feature. You don't need it. Also, when you first install ClamXav, as with many antivirus apps, it may perform an initial full system scan, which will consume resources. Once the initial scan is complete, periodic on-demand scans will have much lower demands on resources.
Rating: 7 Votes
30 months ago
I would guess that way over 16% of Macs are running a pre-Snow Leopard OS.
Rating: 7 Votes
30 months ago

'infected' suggests its a virus. thought macs didnt get viruses. haha


I think technically it's malware, since it tricks the user into installing it. Viruses get in on their own.

People infected with lead poisoning usually don't necessarily "catch" it, you might have accidentally ingested it.

Gary
Rating: 7 Votes

[ Read All Comments ]