Mac
and PC are equally affected by the virus these days. One of the most
dominating Trojan virus called Flashback has hit more than thousands
of users. These Trojan viruses injected into our Mac through
downloads, attachment etc. This is a destructive virus which gets
into the computer even without first gaining an administrative
password. To get it eradicate completely, let us first see that how
to diagnose a virus and then what is the best way to remove it.
How
to find a virus?
To
find the virus in Mac, let us first determine whether the
CPU has virus or not. For this you should be aware of the
'Universally Unique Identifier' (UUID) of the Mac. To know
the UUID of the Mac, first go to Finder and choose the menu
item 'About this Mac', reveal the 'More Info' option and
choose that. Then you will see the Hardware UUID. Just then
locate and copy the Hardware UUID which is a series of
32 numerals and letters. Then you need to check that number on a
particular website i.e. Flashbackcheck.com. At this point, follow the
prompts and enter the UUID when prompts. At last after
certain steps of this procedure, you get to know that whether your
system has virus or not.
How
to remove it?
To
remove this Flashback virus manually, just follow the below steps to
do so:
1) First
open the Terminal and type the following command on Terminal:defaults
read
/Applications/Safari.app/Contents/Info LSEnvironment
2) After typing the
command successfully, note down the value of DYLD_INSERT_LIBRARIES
3) If
you get the error message The domain/default pair of the command
mentioned in step 1 does not exist, then move on to step 8 i.e. run
the following command:
~/.MacOSX/environment
DYLD_INSERT_LIBRARIES.
4) If
you didnt get any error, run the command in Terminal:
grep -a -o ‘__ldpath__[
-~]*’ %path_obtained_in_step2%.
5) Now
again note down the value after '_Idpath_'
6) Now,
before running the next commands in terminal, make sure that there is
only one step after Step 2. After checking run the below
commands: sudo defaults delete
/Applications/Safari.app/Contents/Info LSEnvironmentsudo chmod 644
/Applications/Safari.app/Contents/Info.plist
7) Now
just delete the files obtained in step 2.
8) Now
run the following command in terminal: defaults read
~/.MacOSX/environment
DYLD_INSERT_LIBRARIES.
9) If
after running this command, you get an error that the domain/default
pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does
not exist, then it means that the system is clean of this variant. If
not, then run the below command on the terminal,
grep -a -o ‘__ldpath__[
-~]*’ %path_obtained_in_step9%
Again
take note of the value of '_idpath_'.
10) Now
after following the above command, again run the below
command
~/.MacOSX/environment
DYLD_INSERT_LIBRARIESlaunchctl unsetenv DYLD_INSERT_LIBRARIES
11) At
last, delete the files obtained in step 9.
Points
to remember which will help you to protect Mac from these attacks:
- Use non-admin account for the daily purpose activities like surging on internet, chatting, mail check etc.
- Google chrome is considered to be secure for surfing on internet as it comes with the inbuilt feature of sanboxed flash player i.e. Its own functionality. Also, it is recommended that always use a secure browser to be on the safer side.
- Uninstalling java and flash player is considered to be the good security features to get safe from these virus attacks. And remember that Apple do not regularly update these features.
- Installing good antivirus and updating the latest program is considered the good practice.
- Try to install the good firewall software which will show you the exact network usage and will also prompt you to block or allow the application to connect to that network or not.
Thus
follow these points to be on the safer side which will
definitely save you from these virus attacks. If still not able to
solve the problem, then use Sophos antivirus utility,
a free antivirus solution for Mac.