Kind of surprised I have not seen any Post on the subject of the Backdoor.Flashback.39 java virus, so here goes.

Mac Runors posted Apple Releases Update to Java for OS X to Version 1.6.0_31 (http://www.macrumors.com/2012/04/03/apple-releases-update-to-java-for-os-x-to-version-1-6-0_31/), they soon followed it up on Thursday April 5, 2012 with Apple Releases Second Update to Java in Two Days (http://www.macrumors.com/2012/04/06/apple-releases-second-update-to-java-in-two-days/)

Here is a safe and easy way to check if you have the "Backdoor.Flashback.39" java virus
Go to your Application Folder/Utility Folder/Open Terminal
Type (copy and paste also works) the following line
ls -la ~/.MacOSX/environment.plist
If you get a "No such file or directory", you are ok.

There have been a fair number of posts regarding the Flashback Trojans in two forums here, but not really specific to the .39 version.

And Apple also released updates to protect 10.6 and 10.7 users last week that's available via Software Update.

Anyway, the Terminal method adds some comfort if one is to check.

I'm not sure but I read a different command. LS is just checking if environment.plist is there which can be there for other reasons.

The commands I've seen on most sites are:
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
defaults read /Applications/Firefox.app/Contents/Info LSEnvironment
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

You should see a message after each command that says it does not exist.

How about "command not found"?

I'm not sure this is exactly the same trojan, but Ars Technica has an article on a free app which checks for the "Flashback" infection.

I've checked my machine, all clear


Checking for Mac Flashback infestation? There's an app for that (http://arstechnica.com/apple/news/2012/04/checking-for-mac-flashback-infestation-theres-an-app-for-that.ars?comments=1#comments-bar)

How about "command not found"?

That means you made some error in the command. It's easy to add a space when we copy/paste (don't forget that a space is a character) or if you typed it manually then you made a typo. It's a legit BSD command that will work if done right.

just did it - here's a null result

ls -la ~/.MacOSX/environment.plist
[15-David-6:~] dmacdoc% ls -la ~/.MacOSX/environment.plist
ls: /Users/dmacdoc/.MacOSX/environment.plist: No such file or directory
[15-David-6:~] dmacdoc%

I'm not sure this is exactly the same trojan, but Ars Technica has an article on a free app which checks for the "Flashback" infection.

I've checked my machine, all clear


Checking for Mac Flashback infestation? There's an app for that (http://arstechnica.com/apple/news/2012/04/checking-for-mac-flashback-infestation-theres-an-app-for-that.ars?comments=1#comments-bar)

Thanks for posting this, I was waiting for someone to develop an App as Terminal makes me nervous because I know nothing about it.

Downloaded the App, ran it, all clear.

I was waiting for someone to develop an App as Terminal makes me nervous because I know nothing about it.

All the more reason to educate yourself about BSD. You're already a BSD user as a Mac user but just not at the text interface level. There are really only a few commands that can truly mess anything up.

I have been a BSD user since 1987 and also became a Mac user around 1990 so I was thrilled when OS X adopted the BSD kernel and framework. It's an extremely powerful tool to use if you know it.

Many people see a text interface and automatically think it's either intimidating or primitive. The truth is that BSD is the most secure and capable OS out there and has a flavour to suit all. OS X and OpenBSD for me.

My point is that rather than be nervous you should learn more about what is under the hood of your OS.

All the more reason to educate yourself about BSD. You're already a BSD user as a Mac user but just not at the text interface level. There are really only a few commands that can really mess anything up.

I have been a BSD user since 1987 and also became a Mac user around 1990 so I was thrilled when OS X adopted the BSD kernel and framework. It's an extremely powerful tool to use if you know it.

Many people see a text interface and automatically think it's either intimidating or primitive. The truth is that BSD is the most secure and capable OS out there and has a flavor to suit all. OS X and OpenBSD for me.

My point is that rather than be nervous you should learn more about what is under the hood of your OS.

Undoubtedly true zen.state.

I will get right on it after all the other more pressing things I should do like, losing weight, stopping smoking, painting more, exercising on a regular basis, making more money, learning Spanish and French (to be fluent and more employable) etc.... ;)

I'm so illiterate about BSD, I had to Google it to know what it is/means. :eek:

Undoubtedly true zen.state.

I will get right on it after all the other more pressing things I should do like, losing weight, stopping smoking, painting more, exercising on a regular basis, making more money, learning Spanish and French (to be fluent and more employable) etc.... ;)

I'm so illiterate about BSD, I had to Google it to know what it is/means. :eek:


Most Mac users will know the name "Darwin (http://en.wikipedia.org/wiki/Darwin_(operating_system))". Darwin = Apple's BSD.

I understand it's very intimidating at first. I suffer from dyslexia (although it's described as "mild" by doctors) and was able to master BSD. Fear often comes from a lack of knowledge so the more we know the less we fear.

The problem in the internet culture (this is not directed at you) is that a lot of people have a head filled with facts from a billion google or wiki searches but they don't actually truly know anything about most of it as they have never experienced it. As we all know... when it comes to education theory is great but without practical experience we really have nothing but empty facts.

Most Mac users will know the name "Darwin (http://en.wikipedia.org/wiki/Darwin_(operating_system))". Darwin = Apple's BSD.

I understand it's very intimidating at first. I suffer from dyslexia (although it's described as "mild" by doctors) and was able to master BSD. Fear often comes from a lack of knowledge so the more we know the less we fear.

The problem in the internet culture (this is not directed at you) is that a lot of people have a head filled with facts from a billion google or wiki searches but they don't actually truly know anything about most of it as they have never experienced it. As we all know... when it comes to education theory is great but without practical experience we really have nothing but empty facts.

Darwin? You mean that rev/evolutionary fellow? ;)

Nope Darwin means nothing to me beyond that.... I came from a Windows background only having moved to Macs about 10 years ago or so... so if you said DOS I would know what you are talking about.

A very true statement and one that I lived my life by... challenging my fears and self doubts on a regular basis...

By way of example, despite having a university degree, almost every job I have had I started at the bottom with next to zero knowledge and worked my way up, not being confident in my knowledge but confident in my intelligence and ability to learn. I have always said "a good job is one where you get paid to learn". So far it has served me relatively well.

I guess what I am saying is that learning BSD is not a priority or even on my bucket list... I just have too many far more pressing and desired uses of my time at this point in my life...This does not diminish your observation that if I knew more about what's under the hood of my OS I would be better off...

When I said I was nervous about using Terminal I didn't mean I was afraid of it so much as I have no knowledge of it and so didn't want to muck anything up, as the first thing I read on the internet about the current threat suggested that one should not enter the commands into Terminal they were citing unless you knew what you were doing as you could cause harm to your OS... that was enough for me to back away and wait for an "App for that" as I have no knowledge of Terminal... I have used it on few occasions but not when there is such a disclaimer.

so if you said DOS I would know what you are talking about.

Don't confuse DOS and BSD. The only thing they have in common is that they are both text based. BSD is easily 1000x more capable.

Don't confuse DOS and BSD. The only thing they have in common is that they are both text based. BSD is easily 1000x more capable.

I'm quite sure you are right... it is the other points that I made that are more important to me.

Thanks for your expressed concern for my personal betterment and I know you are right, it just doesn't rank very high for me in terms of my personal priorities.

I'm quite sure you are right... it is the other points that I made that are more important to me.

All the other things were well said and I understand your points all round. I just didn't want you to confuse DOS and BSD. Totally different animals. BSD is UNIX. DOS is Microsoft's first OS that is not at all based on UNIX.

All the other things were well said and I understand your points all round. I just didn't want you to confuse DOS and BSD. Totally different animals. BSD is UNIX. DOS is Microsoft's first OS that is not at all based on UNIX.

Once again thanks for your concern for my personal betterment zen.state, other people wouldn't take the time... It is appreciated. :)

I'm not sure this is exactly the same trojan, but Ars Technica has an article on a free app which checks for the "Flashback" infection.

I've checked my machine, all clear


Checking for Mac Flashback infestation? There's an app for that (http://arstechnica.com/apple/news/2012/04/checking-for-mac-flashback-infestation-theres-an-app-for-that.ars?comments=1#comments-bar)

This application seems to only check some browsers.
I see a check for Safari and Firefox - when I check the f-secure web site they also show terminal command for Chrome and iCab.

This application seems to only check some browsers.
I see a check for Safari and Firefox - when I check the f-secure web site they also show terminal command for Chrome and iCab.

All the better krs... but as Safari and Firefox is all that matters to me because they are all I use the app OldeBullDust linked to and is just the ticket...

Your link is definitely useful to others though and for those that use other browsers they should definitely check out the link you posted...

Maybe you could post the link that you posted over in the other thread here just for full coverage.

You know screature, I'm getting a bit nervous about all this since ehMac won't for some reason accept one of my posts about Flashback.

I tried posting it in two different threads, sent it to the Major both as a PM and an eMil via ehMac, not direct, and I always get a blank page back.
I have no clue why.....

The "tool" I used to check for the Flashback trojan (after checking via the terminal commands) was called test4flashback.
I just read up a bit more about it and that application seems to be perfectly legit.
Don't know exactly how they check and what they check - all you get is the final answer.

It was after I did the check using test4flashback that ehMac gave me back a blank page when I tried to add another post.
Maybe just coincidence.

Let's see if this one goes.

Well - that post obviously had no problem.

The message ehMac won't accept for some reason is this one (copied it as a picture):


http://1stclass.mylargescale.com/krs/Flashback%20message.jpg



This is all plain text - anyone see any issues that could explain ehMac's behaviour?

Well - that post obviously had no problem.

The message ehMac won't accept for some reason is this one (copied it as a picture):


http://1stclass.mylargescale.com/krs/Flashback%20message.jpg



This is all plain text - anyone see any issues that could explain ehMac's behaviour?

Strange indeed.. maybe report it to the mods or EhMax...

Downloaded the app and apparently no infection but now when I click on the link it tells me arstechnica is infected.
Link is back to normal now.

I came home today to find one of my airport expresses not working, only to find out it had been hacked and was now called "Free Viruses - Guest". My only guess is that my computer has been affected by the virus, even though all the tests that were stated in this thread turned up nothing. Do you think these two are linked?

I came home today to find one of my airport expresses not working, only to find out it had been hacked and was now called "Free Viruses - Guest". My only guess is that my computer has been affected by the virus, even though all the tests that were stated in this thread turned up nothing. Do you think these two are linked?

Do you remember exactly which tests you used?
The terminal commands or one of the test applications that are floating around on the net?

I'm wondering if some of these test applications are actually malware themselves

Run Software Update as of today to rid your Mac of the intruder. :)

Run Software Update as of today to rid your Mac of the intruder. :)

Ran it, but my airport is pooched. I have two and it was set up as a WDS - seems the second one in the chain is now pooched as I've tried everything to get it to work, but can't get it to flash green. Could be worse I guess.

Run Software Update as of today to rid your Mac of the intruder. :)

Good timing. Turns out I was infected! :eek: The update reported one variant removed even though the following checks said there weren't any files found...

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

defaults read /Applications/Firefox.app/Contents/Info LSEnvironment