Tuesday, 23 December 2014

How to remove a Flashback Mac virus

Mac and PC are equally affected by the virus these days. One of the most dominating Trojan virus called Flashback has hit more than thousands of users. These Trojan viruses injected into our Mac through downloads, attachment etc. This is a destructive virus which gets into the computer even without first gaining an administrative password. To get it eradicate completely, let us first see that how to diagnose a virus and then what is the best way to remove it.

How to find a virus?

To find the virus in Mac, let us first determine whether the CPU has virus or not. For this you should be aware of the 'Universally Unique Identifier' (UUID) of the Mac. To know the UUID of the Mac, first go to Finder and choose the menu item 'About this Mac', reveal the 'More Info' option and choose that. Then you will see the Hardware UUID. Just then locate and copy the Hardware UUID which is a series of 32 numerals and letters. Then you need to check that number on a particular website i.e. Flashbackcheck.com. At this point, follow the prompts and enter the UUID when prompts. At last after certain steps of this procedure, you get to know that whether your system has virus or not.

How to remove it?

To remove this Flashback virus manually, just follow the below steps to do so:

1) First open the Terminal and type the following command on Terminal:defaults read
/Applications/Safari.app/Contents/Info LSEnvironment

2) After typing the command successfully, note down the value of DYLD_INSERT_LIBRARIES

3) If you get the error message The domain/default pair of the command mentioned in step 1 does not exist, then move on to step 8 i.e. run the following command:

4) If you didnt get any error, run the command in Terminal:
grep -a -o ‘__ldpath__[ -~]*’ %path_obtained_in_step2%.

5) Now again note down the value after '_Idpath_'

6) Now, before running the next commands in terminal, make sure that there is only one step after Step 2. After checking run the below commands: sudo defaults delete
/Applications/Safari.app/Contents/Info LSEnvironmentsudo chmod 644 /Applications/Safari.app/Contents/Info.plist

7) Now just delete the files obtained in step 2.

8) Now run the following command in terminal: defaults read

9) If after running this command, you get an error that the domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist, then it means that the system is clean of this variant. If not, then run the below command on the terminal,
grep -a -o ‘__ldpath__[ -~]*’ %path_obtained_in_step9%
Again take note of the value of '_idpath_'.

10) Now after following the above command, again run the below command

11) At last, delete the files obtained in step 9.

Points to remember which will help you to protect Mac from these attacks:

  • Use non-admin account for the daily purpose activities like surging on internet, chatting, mail check etc.
  • Google chrome is considered to be secure for surfing on internet as it comes with the inbuilt feature of sanboxed flash player i.e. Its own functionality. Also, it is recommended that always use a secure browser to be on the safer side.
  • Uninstalling java and flash player is considered to be the good security features to get safe from these virus attacks. And remember that Apple do not regularly update these features.
  • Installing good antivirus and updating the latest program is considered the good practice.
  • Try to install the good firewall software which will show you the exact network usage and will also prompt you to block or allow the application to connect to that network or not.

Thus follow these points to be on the safer side which will definitely save you from these virus attacks. If still not able to solve the problem, then use Sophos antivirus utility, a free antivirus solution for Mac.