Flashback.C Trojan-Downloader

Similar Messages

• Is 10.5 vunerable to the Flashback.G Trojan?

  If 10.5 is up to date, is it vunerable to the Flashback.G Trojan that was reported on 2/24?  All of the news items about this speak only of 10.6 or 10.7.  They imply that if OS X is up to date, then there are no worries. 

  Few malicious titles actually exist for Mac OS X, and those that do almost entirely rely upon duping users to install software that pretends to be legitimate, however A new version of an existing Trojan Horse posing as a legitimate Flash Player installer (named “Flashback.A” by a security firm) is designed to disable updates to the default Mac OS X anti-malware protection system, potentially leaving the system open to the manual installation of other malware without any system warnings. In order to prevent a potential infection with “Flashback” Trojans, Mac users are advised to obtain their copy of Adobe Flash Player directly from Adobe’s official website and to disable the "Open 'safe' files after downloading" option in Apple's Safari browser to avoid automatically running files downloaded from the Internet.
  http://www.appleinsider.com/articles/11/10/19/fake_adobe_flash_malware_seeks_to_ disable_mac_os_x_anti_malware_protection.html
  UPDATE regarding the Flashback Trojan:
  http://blog.intego.com/new-flashback-trojan-horse-variant-uses-novel-delivery -method-to-infect-macs/
  and also: http://blog.intego.com/flashback-mac-trojan-horse-infections-increasing-with -new-variant/

• MS Essentials Error code. 0x80508023, and is unable to romove Trojan Downloader:Win32/Zlob

  I'm using MS Essentials on my Windows 7 it detects an Quarantines Trojan Downloader:Win32/Zlob whenever I run Windows Experience Index re-assessment. Iam unable to remove it.

  Hi
  Perhaps look at a another tool like stinger from Mcafee or ESET to remove the virus for you.
  Hope this helps. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Is the flashback.39 trojan really infecting Macs?

  Is there any truth to the claim made by an article on Macworld that was posted on April 5th about a Backdoor Flashback.39 Trojan?  They say the Dr. Web says it has infected over 300,000 Macs in the US. 

  I give many people help on this forum and many others, both Mac and Windows.
  Your original Question posted in a Hardware forum was kind of foolish to say the least. A publication like MacWorld would not post an article about Malware without first checking it out. Wouldn't you think? A simple Google search on it turns up 14 Million hits.
  https://www.google.com/webhp?source=search_app#hl=en&sclient=psy-ab&q=flashback+ trojan+mac&oq=Flashback+troja&aq=1&aqi=g-z1g3&aql=&gs_l=hp.1.1.0i3j0l3.1903l1903 l3l4624l1l1l0l0l0l0l77l77l1l1l0.frgbld.&pbx=1&bav=on.2,or.r_gc.r_pw.r_cp.r_qf.,c f.osb&fp=c541f35354c9590f&biw=1280&bih=939
  Just on the first page of the results there are several hit from different New Pubs about it. Are they all wrong, Lying.
  Why not contact Macworld and ask them if they are posting Lies about this.
  Sorry if I offended you BUT.

• After installing Firefox UK Comodo security keeps scanning 2 files in omni.jar folder as Trojan downloader agents, do I ignore?

  I have been using Property Bee as an add on for Right Move with previous version of Firefox. When it updated recently it kept showing alert warnings for trojans in temporary internet files.These were wiped and the whole system was scanned. Got rid of previous Firefox and downloaded v5. This not tested with Prop Bee but a forum said it would by installing 'nightly tester tools' and forcing compatibility - did this but now getting omni.jar message:TrojanDownloaderagent.~EWH@226922441 C:\ProgramFiles\MozillaFirefox\omni.jarlchrome/toolkit/content/global/cpow/child.html and.....content/global/plugins.html..........Is Comodo giving false alerts and should be ignored?

  This might be a false positive. There have been some discussions about that detection on the Comodo forums. I can't read all the posts, but maybe you have time?
  [https://forums.comodo.com/empty-t74144.0.html False Virus confirm this please?]
  [http://forums.comodo.com/antivirus-help-cis/help-after-new-update-t74101.0.html;msg528400#msg528400 Help after new update]
  [http://forums.comodo.com/empty-t74143.0.html;msg528464 Unresolved trojan]
  [http://forums.comodo.com/empty-t74116.0.html FP on TrojWare.HTML.Exploit.Codebase.~Exec@226875254 ?]

• : I am unable to download the latest update last attempt. 10-02-11. This malware was detected in my system when I first downloaded Firefox: Trojan-Downloader.JS.DarDuk.g

  Cannot download latest update.
  Fear Trojan is infecting my system preventing this task.

  Well...... I am good and ticked....after being FRUSTRATED for many hours and days.... trying to get my player working with XP Pro....nothing tricky....just wanted the original software loaded for transferring my CD's to my ZEN Xtra.
  I got so p----d I hunted down my original disc......go figure everything works fine aqain....
  What a crock going to the Creative web site and attempting their downloads.......why do they not have this disc loaded and ready to download....!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  Gee maybe if enough people screw up with doing FIRMWARE updates they can create another revenue stream....by the way firmware should be the last thing to attempt and only then if all else has failed....if it DON"T HURT DON"T FIX !!!!
  Just the fact that there are so many forum issues tell me that I may have been wrong in my advice to friends to seek Creative unit vs an iPod.
  This is simple technology and should not be so difficult or so convoluted (decepti've?) in compatability issues with new software releases, new computer purchases etc...... there seems to be a serious lack of commitment to being a 'value ad' type of company. My original disc works fine !!
  Why is this not available if you can provide proof of purchase or if the product was registered originally.
  Hmmmmm.......

• My home page is firefox. Today when I signed on firefox I recieved a message from my antivirus that mozilla attempted to download the following file from your site. Trojan-Downloader.JS.Iframe.cgq

  When I clicked on Firefox to start and as it opened my antivirus immediately named the Trojan, keeping the Trojan from downloading to my machine. The Trojan was found within Mozilla at C:\Users\nameofmachine\APPDATA\LOCAL\MOZILLA\FIREFOX\Profiles\8m239aat.default\Cache\2\BD It appears subsequent attempts have not happened.

  Thank you very much Computer Whiz. I suspected the the pop-ups should be allowed & I made saure the box was not blocking in"Tools> Unfortunately I went back to CBC Archives on line but the window had no change. There was no "pop-up" from HDS Link Detector. The video clip just played as it normally does in the "on-line" player. The HDS icon in the lower right hand corner of the window is red (meaning"enabled", so it seems the "pop0up" should appear when I go to the CBC site. Maybe it's an extra difficult video to get a pop-up? I don't know how those other guys manged to download the video using HDS Link Detector. Here is the link to the video that I've tried to capture for a year:
  http://www.cbc.ca/player/Digital+Archives/CBC+Programs/Television/Tabloid/ID/1404668920/
  Anyway, THANKS very much for the courtesy in trying to be so helpful. Best wishes!

• I have a trojan on my mac. The trojan downloads illegal content until my hard drive is full. How do I remove the trojan?

  I noticed that my hard drive was getting full to the point that my computer had no space left. OmniDiskSweeper told me where all the data was. When I went to that folder I saw a TON of illegally downloaded content. I immediately trashed it to get my drive space back, but noticed something was downloading these files again. ClamAV did not find anything and Sophos has been running very slowly. Does anyone know what this is or how to remove it?

  Please read this whole message before doing anything.
  This procedure is a diagnostic test. It won’t solve your problem. Don’t be disappointed when you find that nothing has changed after you complete it.
  Third-party system modifications are a common cause of usability problems. By a “system modification,” I mean software that affects the operation of other software — potentially for the worse. The following procedure will help identify which such modifications you've installed. Don’t be alarmed by the complexity of these instructions — they’re easy to carry out and won’t change anything on your Mac. 
  These steps are to be taken while booted in “normal” mode, not in safe mode. If you’re now running in safe mode, reboot as usual before continuing. 
  Below are instructions to enter some UNIX shell commands. The commands are harmless, but they must be entered exactly as given in order to work. If you have doubts about the safety of the procedure suggested here, search this site for other discussions in which it’s been followed without any report of ill effects. 
  Some of the commands will line-wrap or scroll in your browser, but each one is really just a single line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, and you can then copy it. The headings “Step 1” and so on are not part of the commands. 
  Note: If you have more than one user account, Step 2 must be taken as an administrator. Ordinarily that would be the user created automatically when you booted the system for the first time. The other steps should be taken as the user who has the problem, if different. Most personal Macs have only one user, and in that case this paragraph doesn’t apply. 
  Launch the Terminal application in any of the following ways: 
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.) 
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens. 
  ☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid. 
  When you launch Terminal, a text window will open with a line already in it, ending either in a dollar sign (“$”) or a percent sign (“%”). If you get the percent sign, enter “sh” and press return. You should then get a new line ending in a dollar sign. 
  Step 1 
  Triple-click the line of text below on this page to select it:
  kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}' | open -f -a TextEdit 
  Copy the selected text to the Clipboard by pressing the key combination command-C. Then click anywhere in the Terminal window and paste (command-V). A TextEdit window will open with the output of the command. If the command produced no output, the window will be empty. Post the contents of the TextEdit window (not the Terminal window), if any — the text, please, not a screenshot. You can then close the TextEdit window. The title of the window doesn't matter, and you don't need to post that. No typing is involved in this step.
  Step 2 
  Repeat with this line:
  { sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|org\.(amav|apac|cups|isc|ntp|postf|x)/{print $3}'; sudo defaults read com.apple.loginwindow LoginHook; sudo crontab -l; } 2> /dev/null | open -f -a TextEdit 
  This time you'll be prompted for your login password, which you do have to type. Nothing will be displayed when you type it. Type it carefully and then press return. You may get a one-time warning to be careful. Heed that warning, but don't post it. If you see a message that your username "is not in the sudoers file," then you're not logged in as an administrator. 
  Note: If you don’t have a login password, you’ll need to set one before taking this step. If that’s not possible, skip to the next step. 
  Step 3
  { launchctl list | sed 1d | awk '!/0x|com\.apple|org\.(x|openbsd)/{print $3}'; crontab -l 2> /dev/null; } | open -f -a TextEdit 
  Step 4
  ls -A /e*/{la,mach}* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta}* L*/Fonts .la* 2> /dev/null | open -f -a TextEdit  
  Important: If you formerly synchronized with a MobileMe account, your me.com email address may appear in the output of the above command. If so, anonymize it before posting. 
  Step 5
  osascript -e 'tell application "System Events" to get name of every login item' | open -f -a TextEdit 
  Remember, steps 1-5 are all copy-and-paste — no typing, except your password. Also remember to post the output. 
  You can then quit Terminal.

• I have an iMac running OS 10.4.11. How can I check to see if I have the Flashback Trojan (and remove it, if I have it)? IMy Safari is also crashing frequently. Any suggestions?

  I have an iMac running OS 10.4.11. How can I check to see if I have the Flashback Trojan (and remove it, if I have it)? IMy Safari is also crashing frequently. Any suggestions?

  Hi Barry, is this an Intel iMac, or a PPC iMac?
  Disable Java in your Browser settings, not JavaScript.
  http://support.apple.com/kb/HT5241?viewlocale=en_US
  http://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=142064
  http://support.mozilla.org/en-US/kb/How%20to%20turn%20off%20Java%20applets
  Flashback - Detect and remove the uprising Mac OS X Trojan...
  http://www.mac-and-i.net/2012/04/flashback-detect-and-remove-uprising.html
  In order to avoid detection, the installer will first look for the presence of some antivirus tools and other utilities that might be present on a power user's system, which according to F-Secure include the following:
  /Library/Little Snitch
  /Developer/Applications/Xcode.app/Contents/MacOS/Xcode
  /Applications/VirusBarrier X6.app
  /Applications/iAntiVirus/iAntiVirus.app
  /Applications/avast!.app
  /Applications/ClamXav.app
  /Applications/HTTPScoop.app
  /Applications/Packet Peeper.app
  If these tools are found, then the malware deletes itself in an attempt to prevent detection by those who have the means and capability to do so. Many malware programs use this behavior, as was seen in others such as the Tsunami malware bot.
  http://reviews.cnet.com/8301-13727_7-57410096-263/how-to-remove-the-flashback-ma lware-from-os-x/
  http://x704.net/bbs/viewtopic.php?f=8&t=5844&p=70660#p70660
  The most current flashback removal instructions are F-Secure's Trojan-Downloader:OSX/Flashback.K.
  https://www.securelist.com/en/blog/208193454/Flashfake_Removal_Tool_and_online_c hecking_site
  More bad news...
  https://www.securelist.com/en/blog/208193467/SabPub_Mac_OS_X_Backdoor_Java_Explo its_Targeted_Attacks_and_Possible_APT_link
  Removal for 10.5...
  http://support.apple.com/kb/DL1534

• Confusion on trojan/virus download

  I was going over to Hotmail and a pop up came up on my iMac stating that a possible trojan was detected. Having my guard down -- being on an iMac -- I hit "download," which when finished immediately prompted five more downloads to start. I immediately shut down the computer and am wondering what I can do now to "save" my iMac before turning it back on. (I have time machine/capsule, too, but would a backup also have the trojan downloaded on that, as well?)

  You may find this User Tip on Viruses, Trojan Detection and Removal, as well as general Internet Privacy, useful:
  http://discussions.apple.com/thread.jspa?threadID=1764179&tstart=0
  Regarding MacScan, First update the MacScan malware definitions before scanning. You can also contact their support team for any additional support - [email protected]
  Security of OS X generally:
  http://www.apple.com/macosx/security/
  http://www.nsa.gov/ia/_files/os/applemac/I731-007R-2007.pdf
  Security Configuration for Version 10.5 Leopard:
  http://images.apple.com/server/macosx/docs/LeopardSecurity_Config_2ndEd.pdf
  This Blog entry is also worth a read:
  http://blog.damballa.com/?p=1055
  Other sources of malware include sites like Facebook and Hotmail.

• Trojan .exe and zip.000 showing up in /private/tmp and private/var/folders

  I continually have .exe files and zip.000 files showing up inside two folders on my iMac. My antivirus software (Trend Micro Smart Surfing for Mac) finds and quaranteens them daily. Usually it is about six a day. Today it found 18 or so. I am not worried about them themselves since they are a windows problem, but I can't seem to figure out where they are coming from. Is there a way to track these folders and find what is placing these files in there? Thanks for any help!
  OSX Lion 10.7.4

  Well, it's running somewhere on your Mac, see if any clues here...
  http://www.intego.com/mac-security-blog/
  http://www.zdnet.com/cross-platform-trojan-checks-your-os-attacks-windows-mac-li nux-7000000656/
  Disable Java in your Browser settings, not JavaScript.
  http://support.apple.com/kb/HT5241?viewlocale=en_US
  http://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=142064
  http://support.mozilla.org/en-US/kb/How%20to%20turn%20off%20Java%20applets
  Flashback - Detect and remove the uprising Mac OS X Trojan...
  http://www.mac-and-i.net/2012/04/flashback-detect-and-remove-uprising.html
  In order to avoid detection, the installer will first look for the presence of some antivirus tools and other utilities that might be present on a power user's system, which according to F-Secure include the following:
  /Library/Little Snitch
  /Developer/Applications/Xcode.app/Contents/MacOS/Xcode
  /Applications/VirusBarrier X6.app
  /Applications/iAntiVirus/iAntiVirus.app
  /Applications/avast!.app
  /Applications/ClamXav.app
  /Applications/HTTPScoop.app
  /Applications/Packet Peeper.app
  If these tools are found, then the malware deletes itself in an attempt to prevent detection by those who have the means and capability to do so. Many malware programs use this behavior, as was seen in others such as the Tsunami malware bot.
  http://reviews.cnet.com/8301-13727_7-57410096-263/how-to-remove-the-flashback-ma lware-from-os-x/
  http://x704.net/bbs/viewtopic.php?f=8&t=5844&p=70660#p70660
  The most current flashback removal instructions are F-Secure's Trojan-Downloader:OSX/Flashback.K.
  https://www.securelist.com/en/blog/208193454/Flashfake_Removal_Tool_and_online_c hecking_site
  More bad news...
  https://www.securelist.com/en/blog/208193467/SabPub_Mac_OS_X_Backdoor_Java_Explo its_Targeted_Attacks_and_Possible_APT_link

• HT1444 Java download

  how do I install java on mac

  Hello,
  We're dependent on Apple for Java Updates for 10.4, 10.5, & 10.6, so there are no more.
  And if you're on IntelMac, you want to disable it for Security reasons.
  Disable Java in your Browser settings, not JavaScript.
  http://support.apple.com/kb/HT5241?viewlocale=en_US
  http://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=142064
  http://support.mozilla.org/en-US/kb/How%20to%20turn%20off%20Java%20applets
  Flashback - Detect and remove the uprising Mac OS X Trojan...
  http://www.mac-and-i.net/2012/04/flashback-detect-and-remove-uprising.html
  In order to avoid detection, the installer will first look for the presence of some antivirus tools and other utilities that might be present on a power user's system, which according to F-Secure include the following:
  /Library/Little Snitch
  /Developer/Applications/Xcode.app/Contents/MacOS/Xcode
  /Applications/VirusBarrier X6.app
  /Applications/iAntiVirus/iAntiVirus.app
  /Applications/avast!.app
  /Applications/ClamXav.app
  /Applications/HTTPScoop.app
  /Applications/Packet Peeper.app
  If these tools are found, then the malware deletes itself in an attempt to prevent detection by those who have the means and capability to do so. Many malware programs use this behavior, as was seen in others such as the Tsunami malware bot.
  http://reviews.cnet.com/8301-13727_7-57410096-263/how-to-remove-the-flashback-ma lware-from-os-x/
  http://x704.net/bbs/viewtopic.php?f=8&t=5844&p=70660#p70660
  The most current flashback removal instructions are F-Secure's Trojan-Downloader:OSX/Flashback.K.
  https://www.securelist.com/en/blog/208193454/Flashfake_Removal_Tool_and_online_c hecking_site
  More bad news...
  https://www.securelist.com/en/blog/208193467/SabPub_Mac_OS_X_Backdoor_Java_Explo its_Targeted_Attacks_and_Possible_APT_link
  Open Terminal & paste this command in to see which bversion you have...
  java -version

• Flashback support in 10.5 seems unreasonable

  I understand that Apple want to forget older versions of the OS but simply because a newer version comes out doesn't mean we all have to run out and spend thousands of dollrs to replace perfectly good SW. The SW I have currently does everything I need and I don't see a compelling reason to replace all of my photo and video SW. I'm also not interested in turning my 3 headed mac into a glorified iPhone.
  Am I alone in this or being unreasonable? The update is not complex so why won't they do this?
  I also like how the communities no longer support this version.

  I agree, iOS is terrible on a Desktop Computer, & now Windows & every flavor of Linux is going that way.
  I also like how the communities no longer support this version.
  Huh, I'm here everyday trying to help!???
  ClamXAV, free Virus scanner...
  http://www.clamxav.com/
  Free Sophos...
  http://www.sophos.com/products/enterprise/endpoint/security-and-control/mac/
  Little Snitch, stops/alerts outgoing stuff...
  http://www.obdev.at/products/littlesnitch/index.html
  Disable Java in your Browser settings, not JavaScript.
  http://support.apple.com/kb/HT5241?viewlocale=en_US
  http://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=142064
  http://support.mozilla.org/en-US/kb/How%20to%20turn%20off%20Java%20applets
  Flashback - Detect and remove the uprising Mac OS X Trojan...
  http://www.mac-and-i.net/2012/04/flashback-detect-and-remove-uprising.html
  In order to avoid detection, the installer will first look for the presence of some antivirus tools and other utilities that might be present on a power user's system, which according to F-Secure include the following:
  /Library/Little Snitch
  /Developer/Applications/Xcode.app/Contents/MacOS/Xcode
  /Applications/VirusBarrier X6.app
  /Applications/iAntiVirus/iAntiVirus.app
  /Applications/avast!.app
  /Applications/ClamXav.app
  /Applications/HTTPScoop.app
  /Applications/Packet Peeper.app
  If these tools are found, then the malware deletes itself in an attempt to prevent detection by those who have the means and capability to do so. Many malware programs use this behavior, as was seen in others such as the Tsunami malware bot.
  http://reviews.cnet.com/8301-13727_7-57410096-263/how-to-remove-the-flashback-ma lware-from-os-x/
  http://x704.net/bbs/viewtopic.php?f=8&t=5844&p=70660#p70660
  The most current flashback removal instructions are F-Secure's Trojan-Downloader:OSX/Flashback.K.
  https://www.securelist.com/en/blog/208193454/Flashfake_Removal_Tool_and_online_c hecking_site

• Flashback virus here.... now gone ???

  Hi all,
  I recently posted one of the trillions of discussions regarding the Flashback virus here:
  file://localhost/Users/michaelm/Desktop/Power%20PC%20apps%20crash%20on%20startup %20in%20OS...-%20Apple%20Support%20Communities.webloc
  I confirmed that my 10.5.8 Leopard run Mac Pro did indeed have the virus.  All the behaviors were there: Power PC/Rosetta run apps were crashing on start up and the Terminal utility showed the presence of the dreaded DYLD_INSERT_LIBRARIES.  After that, I was out of town for about a week and the Mac Pro was shut down for that period and upon my return, I was to wipe and reinstall to start fresh.  While away, I read some more articles about the virus and some remedies and removal techniques, so I returned home hopeful that the wipe and reinstall would not be necessary.
  But.... when I fired up the Mac Pro today after a week of being shut down, it seems the virus was gone.  ???  Is this possible?  I entered the following lines in Terminal and got 'does not exist' on all of them!
  defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
  defaults read /Applications/Safari.app/Contents/Info LSEnvironment
  defaults read /Applications/Firefox.app/Contents/Info LSEnvironment
  My older Power PC/Rosetta run apps started up fine with no crashes.  I also turned off Java in Safari preferences.  So the question is, what to do now? Should I immediately update to 10.6 Snow Leopard (I have too many Rosetta run apps right now to shift to Lion) and get all native softwares up to date?  I would imagine that Snow Leopard would be safer at this point than my old Leopard.  Should I install a Mac virus protection app as well?  Should I also keep Java OFF at all times?
  Thanks! Mike

  Hi Mike, this thing is changing, so it may even move itself around, or uninstall some things to hide or change itself.
  Disable Java in your Browser settings, not JavaScript.
  http://support.apple.com/kb/HT5241?viewlocale=en_US
  http://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=142064
  http://support.mozilla.org/en-US/kb/How%20to%20turn%20off%20Java%20applets
  Flashback - Detect and remove the uprising Mac OS X Trojan...
  http://www.mac-and-i.net/2012/04/flashback-detect-and-remove-uprising.html
  In order to avoid detection, the installer will first look for the presence of some antivirus tools and other utilities that might be present on a power user's system, which according to F-Secure include the following:
  /Library/Little Snitch
  /Developer/Applications/Xcode.app/Contents/MacOS/Xcode
  /Applications/VirusBarrier X6.app
  /Applications/iAntiVirus/iAntiVirus.app
  /Applications/avast!.app
  /Applications/ClamXav.app
  /Applications/HTTPScoop.app
  /Applications/Packet Peeper.app
  If these tools are found, then the malware deletes itself in an attempt to prevent detection by those who have the means and capability to do so. Many malware programs use this behavior, as was seen in others such as the Tsunami malware bot.
  http://reviews.cnet.com/8301-13727_7-57410096-263/how-to-remove-the-flashback-ma lware-from-os-x/
  http://x704.net/bbs/viewtopic.php?f=8&t=5844&p=70660#p70660
  The most current flashback removal instructions are F-Secure's Trojan-Downloader:OSX/Flashback.K.
  Check now whether your Mac is infected by Backdoor.Flashback.39!
  http://public.dev.drweb.com/april/

• Help! My iMac has a trojan

  This happens only with Chrome, not any other browser (yet).
  To start off, I think this is something similar to Trojan.flashback or Trojan.yontoo. I say this only because it behaves similarly but the removal kits for these two didn't solve the problem.
  In detail, this happens only with Chrome (for now). Whenever I click a link, it would lead to a random ad by replacing the current page or popup page. I would have to refresh the page and click the same link again to get to where I want to go. Another thing I noticed is that when I search in Google, there is a random ad on the right-hand side, which says (this ad not by this site).
  I have been unsuccessful in getting rid of this and I would appreciate much help.
  OS 10.6.8
  Java and Software all up-to-date.
  So far I have tried the following:
  1. Checking internet plugins folder under Library, and deleting suspicious ones.
  2. ClamXav scan
  3. Dr.Web light

  That is such an incredible lie it's unreal. I suppose that security updates are pointless then right, becasue if there are no vulnerabilites you can't be hacked either. Both hackers and viruses use the same doors after all. I also suppose there wasnt a recent Java/Flash virus crisis that caused Apple to stop releasing updates to Flash through the Software Update and give the privilege back to Adobe who were faster at doing it anyway. Oh and these are all lies:
  http://mac-antivirus-software-review.toptenreviews.com/history-of-macintosh-viru ses.html
  http://nakedsecurity.sophos.com/2013/02/19/apples-own-macs-bitten-by-java-based- malware-attack/
  http://www.huffingtonpost.com/2013/02/19/apple-java-update-mac-download-security _n_2720300.html
  The problem with Mac viruses and the reason they are so dangerous is that every Mac fan and even Apple themselves will tell you till tehy are blue in the face that they don't exist just to save face. See here:
  http://nakedsecurity.sophos.com/2008/12/03/mac-anti-virus-support-advice-disappe ars-off-apple-website/
  Finally, I recommend trying this:
  http://us.norton.com/mac-flashback/promo
  If it comes up blank then you have Flashback trapped in your Chome Flash Player (Chrome doesnt use the built in Flash, it has it's own copy). Delete Chrome using Appcleaner (You MUST use a utility that deletes Chrome's libraries for this to work) then redownload (from a different browser) and install afterward and post back.