Verifying your system for Flashback.G

Nasty little Mac trojan floating around, either penetrates via old versions of Java or installs via a fake certificate message claiming to be Apple. Once installed it tries to sniff out username and passwords entered in your browser. To check and remove it:

If you suspect you’ve already been infected, you can check by launching Terminal (in /Applications/Utilities/) and pasting in the code below, and pressing Return:

ls /Users/Shared/.*.so

If the response you see in Terminal includes “No such file or directory,” you’re in the clear. If you instead see a list of one or more files with a .so extension and no “no such file” declaration, you may well have fallen victim to the malware.

If you do find that you’re infected, removing the files referenced above or installing antivirus software like Intego’s should remove any traces of Flashback.

Advertisements