How to find and remove the Flashback trojan

According to Russian antivirus firm Dr. Web, over 600,000 Macs worldwide are infected with the Mac flashback trojan. The trojan can be installed if you visit a malicious website, and it will attempt to connect your Mac to a botnet.

Unfortunately, for the moment the only solution is to head into Terminal and copy and paste a few commands — so the process is recommended only for advanced users. If you’re comfortable with that, head to Applications > Utilities, launch Terminal and dig in — here’s how to quickly find out if you’ve got Flashback:

How to remove Flashback trojan from Mac OX
Flashback trojan

1. Run the following command in Terminal:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

2. Take note of the value, DYLD_INSERT_LIBRARIES

3. Proceed to step 8 if you got the following error message:
“The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist”

4. Run the following command in Terminal:

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

5. Take note of the result. Your system is already clean of this variant if you got an error message similar to the following:
“The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist”

If your results show anything other than “does not exist,” we recommend to check the F-Secure website and following the full instructions to eradicate the Flashback trojan.

Mac users to download and install a security update released by Apple from support.apple.com/kb/HT5228 to prevent infection of their systems by BackDoor.Flashback.39.

); ga('send', 'pageview');