People used to think that the Apple / Mac platform was immune to viruses and trojans. For the most part… it was true… sorta. In the past the Mac platform had such a small percentage of the overall PC market that the bad guys pretty much focused on the Windows platform for their cooties. That, and the fact that the Mac platform had less vulnerabilities to begin with. Well, as of today there are about 600,000 Macs that have been infected with the BackDoor.Flashback.39 trojan virus. This Apple attacking trojan exploits a now patched Java issue.
While this sucks… it is time to move on. Let’s figure out if you have the BackDoor.Flashback.39 trojan virus and show you how to remove it.
Caution: Manual disinfection is a risky process; it is recommended only for advanced users. Otherwise, please seek professional technical assistance.
Manual Removal Instructions
- 1. Run the following command in Terminal:
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
- 2. Take note of the value, DYLD_INSERT_LIBRARIES
- 3. Proceed to step 8 if you got the following error message:
“The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist”
- 4. Otherwise, run the following command in Terminal:
grep -a -o ‘__ldpath__[ -~]*’ %path_obtained_in_step2%
- 5. Take note of the value after “__ldpath__”
- 6. Run the following commands in Terminal (first make sure there is only one entry, from step 2):
sudo defaults delete /Applications/Safari.app/Contents/Info LSEnvironment
sudo chmod 644 /Applications/Safari.app/Contents/Info.plist
- 7. Delete the files obtained in steps 2 and 5
- 8. Run the following command in Terminal:
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
- 9. Take note of the result. Your system is already clean of this variant if you got an error message similar to the following:
“The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist”
- 10. Otherwise, run the following command in Terminal:
grep -a -o ‘__ldpath__[ -~]*’ %path_obtained_in_step9%
- 11. Take note of the value after “__ldpath__”
- 12. Run the following commands in Terminal:
defaults delete ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
launchctl unsetenv DYLD_INSERT_LIBRARIES
- 13. Finally, delete the files obtained in steps 9 and 11.