As iPhone spyware and computer spy software continue to scare the daylight out of personnel associated with Apple and its aficionados, knowing how to counter these little monsters is becoming increasingly important.
Furthermore, Flashback Trojan’s ‘cat among the pigeons’ act – the 600,000 or so Mac devices playing the pigeons to Flashback’s cat – has made Apple’s vulnerability all the more conspicuous. And this in turn has meant that iPhone spyware and computer spy software gurus, are all lying in the wait, awaiting openings to exploit. This is why knowing how to get rid of the aforementioned cat is becoming increasingly important, lest it gulps your pigeon one day. Even so, for that to happen, first you need to know whether or not a cat is prowling around nearby in the first place.
Finding out If Your Mac Has Flashback Trojan
In order to find out if your device is Flashback Trojan infected, you need to go to ‘Terminal’ and then enter the following commands.
- defaults read/applications/safari.app/contents/InfoLSEnvirontment
- defaults read/applications/firefox.app/contents/InfoLSEnvironment
- defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
If all is well, you will see a message denying the presence of the default pair, which would confirm that the Mac device is clean. On the contrary, if the Terminal reveals a path leading to a malware file, then you’ve hit the bull’s eye – not that it would be a moment of ecstasy for you.
Removing the Flashback Trojan
If you do manage to hit the aforementioned bull’s eye, know that the roles of being the hunter and the hunted were reversed sometime in the past. And overcoming the infection is a Herculean task – and not just an Average Joe Hercules, one that knows how to stabilize the Applecart. Here’s how you do it:
- Run the command: grep-a –o ‘_ldpath_ [-~]*’%path_obtained %
- Note the value after “_ldpath_”
- And then run this command: sudo defaults delete/applications/safari.app/contents/infoLSEnvironment sudo chmod 644/applications/safari.app/contents/info/plist
- Delete the file that you received after the ldpath command
- Then run the command: defaults read ~/.MacOSC/environment DYLD_INSERT_LIBRARIES. If you get an error it would mean that the system is clean.
- If there is no error, run the command: grep –a –o ‘_ldpath_[ -~]*’%path_obtained%
- Note the value after “_ldpath_”
- Run the command: defaults delete ~/.MacOSX/environment DYLD_INSERT_LIBRARIES launchct1 unsetenv DYLD_INSERT_LIBRARIES
- Delete the files
- Run the command: 1s-1A ~/library/launchagents/
- Note the filename
- Run the command: defaults read ~/library/launchagents/%filename_obtained% programarguments
- Note the path. If the name of the file does not begin with “.”, then you are all clear on this front
- Delete the files
What Next?
Now that you know that your security had been breached what you need to do is shore up your defense as soon as possible. And of course the simplest way to do that is firing up the Software Update. Then you need to install anti-virus software; this would help you ensure that computer spy software (download computer monitoring software here) and all sorts of malware stay at bay.
Natalia David, an author significantly contributes towards Cell phone and PC security Software, computer spy software, iPhone spyware and spy software for blackberry. If you want to know more about Natalia you can follow her on twitter @NataliaDavid4
I thought that macs were not able to get virus's lol
Very nice information admin…its just not a article it helps me to know more about virus .thanx
Thanks for the info, i have been hit hard lately by some trojan and maybe this one is it.