How deal with FLASHBACK trojan?

Similar Messages

• How dangerous is Flashback Trojan and how do I protect my iMac with OSX 10,6?

  I just recently updated to 10.6.3 which, as far as I know does not have built-in protection from stuff like Flashback Trojan.  When I click on "Software Update" all I get is an inactive, blank screen.  I was told that if I clicked on that I would be able to download Apple's patch preventing this from infecting my iMac.  HELP!

  Download and apply the latest Combo updater for OS X 10.6: http://support.apple.com/kb/DL1399
  After doing this, try using Software Update again to ensure everything is up to date. If it still doesnt work, then at least do the following:
  1. Open the program "Java Preferences" in the Utilities folder.
  2. If it gives you a warning about needing to install Java, click Not Now and stop (you're done).
  3. If it opens without giving you any warnings, then download and apply this update: http://support.apple.com/kb/DL1516
  Doing this will update your system and patch the Java vulnerability that allows this hack to happen.

• Flashback trojan fix already in?

  Is there already a fix in apple updates for flashback trojan?

  How deal with FLASHBACK trojan?
  Remove OSX/Flashback.I Trojan

• FLASHBACK TROJAN?

  any info about flash back trojan?

  Adobe is aware of malware posing as its Flash Player and warns users to ignore any updates that didn't originate on its own servers. "Do not download Flash Player from a site other than adobe.com," said David Lenoe, Adobe's product security program manager, in an entry on Adobe Product Security Incident Response Team's PSIRT blog. "This goes for any piece of software (Reader, Windows Media Player, QuickTime, etc). If you get a notice to update, it's not a bad idea to go directly to the site of the software vendor and download the update directly from the source. If the download is from an unfamiliar URL or an IP address, you should be suspicious."
  The ‘Flashback Trojan’:
  A version of an existing Trojan Horse posing as a legitimate Flash Player installer (named “Flashback.A” by a security firm) is designed to disable updates to the default Mac OS X anti-malware protection system, potentially leaving the system open to the manual installation of other malware without any system warnings. The latest Macs do not have Plash Player included. In order to prevent a potential infection with “Flashback” Trojans, Mac users should always obtain their copy of Adobe Flash Player directly from Adobe’s official website and to disable the "Open 'safe' files after downloading" option in Apple's Safari browser to avoid automatically running files downloaded from the Internet. Also, do not turn on Java in Safari Preferences/Security. Few websites use Java. Javascript is something entirely different and should be left active.
  http://www.appleinsider.com/articles/11/10/19/fake_adobe_flash_malware_seeks_to_ disable_mac_os_x_anti_malware_protection.html
  Flashback Trojan - Detection, and how to remove (with caution):
  http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml

• Any discussion on flashback Trojan?

  Any suggestions on what communities to ask about the flashback Trojan ?

  Adobe is aware of malware posing as its Flash Player and warns users to ignore any updates that didn't originate on its own servers. "Do not download Flash Player from a site other than adobe.com," said David Lenoe, Adobe's product security program manager, in an entry on Adobe Product Security Incident Response Team's PSIRT blog. "This goes for any piece of software (Reader, Windows Media Player, QuickTime, etc). If you get a notice to update, it's not a bad idea to go directly to the site of the software vendor and download the update directly from the source. If the download is from an unfamiliar URL or an IP address, you should be suspicious."
  The ‘Flashback Trojan’:
  A version of an existing Trojan Horse posing as a legitimate Flash Player installer (named “Flashback.A” by a security firm) is designed to disable updates to the default Mac OS X anti-malware protection system, potentially leaving the system open to the manual installation of other malware without any system warnings. The latest Macs do not have Plash Player included. In order to prevent a potential infection with “Flashback” Trojans, Mac users should always obtain their copy of Adobe Flash Player directly from Adobe’s official website and to disable the "Open 'safe' files after downloading" option in Apple's Safari browser to avoid automatically running files downloaded from the Internet. Also, do not turn on Java in Safari Preferences/Security. Few websites use Java. Javascript is something entirely different and should be left active.
  http://www.appleinsider.com/articles/11/10/19/fake_adobe_flash_malware_seeks_to_ disable_mac_os_x_anti_malware_protection.html
  Flashback Trojan - Detection, and how to remove (with caution):
  http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml
  You can also use this to check whether you have been infected (for Intel Macs only)and remove it if required:
  http://www.macupdate.com/app/mac/42571/anti-flashback-trojan
  Last, but by no means least, use Open DNS, which is the simplest way of preventing infection in the first place. Open DNS also protects against phishing attacks, and speeds up your internet connection:
  http://blog.opendns.com/2012/04/09/worried-about-mac-malware-just-set-up-opendns /
  How to get it:
  https://store.opendns.com/get/home-free

• What is the risk, and how to detect, Trojan infection with Flashback/Flashfake? (PowerMac G5 OS X 10.5.8)

  What is the risk, and how to detect, Trojan infection with Flashback/Flashfake? (PowerMac G5 OS X 10.5.8)

  Hey Kappy, without even looking I can tell you anything is better than the GeForce4MX cards, but see
  See japamacs page here on the best AGP cards for G4s & G5s...
  http://www.jcsenterprises.com/Japamacs_Page/Blog/4B4B7BA2-7ABB-47F1-87AC-B03D379 42BEE.html
  Rated slowest on top, fastest on bottom, hopefully japamac will drop in shortly.
  Oh, & they need way more RAM...
  http://www.everymac.com/systems/apple/powermac_g4/specs/powermac_g4_933_qs.html
  http://eshop.macsales.com/MyOWC/Upgrades.cfm?sort=pop&model=155&type=Memory

• HT5228 How can I tell if my  computer has been infected with the Trojan?

  How can I tell if my computer has been infected with this latest Trojan (or with any Trojan)?  I did install the latest update to Java when I was told by my iMac that new software was available for my computer, which was just 2 or 3 days ago (first week of April).  Now it is being said that there was a Java Trojan.
  Many thanks for any replies!

  Log out and log back in, if you haven’t done so recently. Launch the Terminal application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ If you’re running Mac OS X 10.7 or later, open LaunchPad. Click Utilities, then Terminal in the page that opens.
  Step 1
  Copy or drag — do not type — the line below into the Terminal window, then press return:
  launchctl getenv DYLD_INSERT_LIBRARIES
  Post the lines of output, if any, that appear below what you just entered (the text, please, not a screenshot.)
  Step 2
  Repeat with this line (triple-click anywhere in it to select the whole line):
  find /Applications /System/Library/CoreServices -type d -name *.app -exec defaults read {}/Contents/Info LSEnvironment \; 2> /dev/null | grep DYLD_INSERT_LIBRARIES
  The command will take a noticeable amount of time to run. Wait for a new line ending in a dollar sign (“$”) to appear.
  If you get no output from either step, you're not infected with any variant of Flashback that I know of.

• HT5228 How to find out if your Mac has the Flashback Trojan EASY WAY!!!!

  http://www.cnn.com/2012/04/06/tech/web/mac-flashback-trojan-check/index.html
  Just did it works great and they also have a post on how to remove it as well.

  Here is an even easier way, it will remove most infections too:
  I have created a user tip and malware checker/removal tool: https://discussions.apple.com/docs/DOC-3271

• How to deal with several itunes users in a house

  I will try to be brief but explain what I don't know how to configure.
  We have three children. We have 5 laptops that work wirelessly, and we have music and photos all stored on a shared NAS drive. We moved our iTunes music folder successfully to it when we set up.
  1. We set everyone's folder location, under preferences, to the folder on the NAS drive.--- It won't stay. With any reboot or interruption in signal it switches back to the individual computer's hard drive. This is a pain, because every time you reset it, you have to wait for 30 gigs of music to update. This has been asked before and no one answers it. Is it a bug and is Apple aware?
  2. I understand that we can "share" our libraries. But how do we deal with the issue of individual family members purchasing songs from iTunes? As in, I would like to add songs my teen bought to my ipod, but how do I know if there is new music beside asking them to "log" all their purchased so I can manually look for them. We can't just sync every time. They have nanos, and I don't want to have to weed through Christmas music, audio books, and Kidz Bop each time and delete them. What about someone finding they are not "authorized" to play a song? We can have 5 authorized no? I tried to drag something from a shared library onto an ipod and it wouldn't let me.
  Please help. My last question dropped to page three by the end of the day with no response.

  I guess then I need to read more about my NAS drive, because it is always on. I read in another thread about the same issue the question was asked, "Is your NAS drive mounted?" I have no idea what that means. There was other ideas of making alias of the NAS iTunes folder and putting in on the laptop's dock, but I didn't quite understand that either.
  I thought NAS was a rapper. Well, I have no idea what a NAS drive is. But it should have no influence on iTunes' behavior. If that drive is always on and visible on your Desktop (= "mounted"), iTunes shouldn't change its settings re. its Library.
  It would be easier to draw all this instead of explaining, but, well, we are not that far yet.
  0: If you set up on all Macs that iTunes stores its files on one drive, iTunes should not change this on any of them as long as it is always on, as you said. If it does, thought, something is wrong. Don't ask me, what.
  Ok, just to make this even more complicated, LOL if each person has their own laptop and ipod, and everyone in the household has used their 5 authorizations on each other's computers, then theoretically, when everyone accesses the itunes library they should be able to copy the songs onto their devices?
  1: You can play all your music on this external drive from anywhere in the house.
  2: You can activate the DRM files on every Mac in the house and play them.
  3: You canNOT use one iPod on more than one Mac, regardless if the music is DRM or not. iPod 1 is associated with Mac A, iPod 2 with Mac B etc. If you change that, all music from iPod 1 will be deleted before the music from Mac B will be copied to it. So, it's always 1:A, 2:B etc., not iPod 1 : Mac A & B & C... Otherwise, your iPods would be regular external hard drives from which you could copy tons of music to someone else's PC, which is illegal. That's why all the music on an iPod is made invisible. And even after making it visible with special utilities (I tried that once), you won't be able to recognize which song is which. CDs are not stored together, etc. Apple would not have got the permissions for the iTunes Store / iPods from the music industry if it was the perfect utility for illegal music sharing.
  Did I savvy what you meant?

• How can I create unique partnerships to deal with like EDI messages?

  I have an EDI to Application partnership setup currently that deals with translating MEDRUC type EDIFACT messages to a mainframe format. The setup is
  Sender = PARTNERA,
  Receiver = PARTNERB
  DocType = MEDRUC.
  In the Input EDI tab the
  Sender Qualifier ID = ZZ:PARTNERA
  Receiver Qualifier ID = ZZ:PARTNERB
  Standard = EDIFACT
  Version = D
  Release Number = 97B.
  Use UNG to locate partnerships = No
  EDIFACT messages contain all this information in their UNB and UNH segments which is where SunONE IS B2B looks to then match against the relevant partnership. My problem is this does not go to enough granularity for me to distinguish uniqueness for the second partnership I need to create.
  The problem is the "Association assigned code" field in the UNH for EDIFACT messages is not catered for anywhere in the partnership details area. This means then that whilst my existing partnership deals with Simplified Billing Claim MEDRUC's which is Association assigned code = SBC20, I can't create an EDI to Application partnership for PARTNERA and PARTNER B to cater for Two Way Gap Claiming MEDRUC's which are Association assigned code = TWC10, ie the two messages are D97B MEDRUC type messages only distinguished from each other by this Association assigned code.
  Any ideas how can I then create a unique EDI to Application partnership for this TWC10 MEDRUC message?
  What I am thinking I will have to do is make this second partnership Application to Application and create a custom service to wrap the MEDRUC message with a HREC/TREC and use the parameters in the HREC to dictate the DocType rather than use the UNB/UNH segments in the MEDRUC?

  Hmmm. It looks like way back when the decision was made on how specific the keys had to be, they didn't get quite specific enough for your case. I'm not super experienced with EDIFACT but I'll throw out some suggestions based on my HREC and X12 knowledge.
  A. Could you handle both instnaces through the same partnership, but alter the map to create unique outputs based on the two different types? At least of the cards would need to be handled through Route, but you could have that picked up by a simple Outprep / Gateway Service list that put the data where you wanted it.
  B. Before Parse, run a custom service that is capable of inspecting for which type of data it is, then modify one of the key fields in place to find the Second partnership. Really getting adventurous, maybe you could alter keys in the UNG to make the distinction. This assumes that you don't have both types of documents in the same interchange.
  C. Your idea may be workable. Can you give some more detail on the make-up of the Service list and the destination/processing of the two differnt types of MEDRUC?
  Thanks.

• I need to reinstall my computer, how do I deal with Premiere pro and After effects?

  Hello,
  As my question states I need to reinstall my computer (laptop) and I'm not quite sure on how to deal with Premiere pro and After effects.
  I am thinking that I need to do some sort of backup and save my projects and footage on a sepparate drive.
  If I reinstall my computer, install my creative suit production premium, and move back all of my projects and footage, won't I have to re-link every single clip?
  I am currently workning on several different projects and having to re-link everything is something I don't even want to think about, that would take me days if not weeks.
  Another option on my mind would be to use Creative cloud. I do have the free version but I have never used it even once before and I'm not quite sure what the purpose of the cloud is and if this is a way to use it.
  I have no idea how to go about this computer reinstalation without either loosing tons of work or having to re-link every single clip used.
  I am videoediting only as a hobby so I have no experience working with other people and sharing projects or the like, wich is my understanding of what the cloud is for.
  Any and all help would be grealty appreciated, I know this is probably really easy but ever since i got my Suit I haven't reinstalled, upgraded och changed my computer so I am just clueless as to how to go about this.
  I have Creative suit production premium, I also have the free Creative cloud.
  It is only Premiere pro and After effects that I am using and am worried about.
  Thank you for any help.
  -Lisa Kajupank
  (and oh, I just notice my name - umustbejoking - I think I just wrote that cause they wouldn't let me use anything else, saying it was already taken. So nevermind that haha.)
  Message was edited by: umustbejoking

  If the computer's running Mac OS X, move the cursor to the very top of the computer's screen, click on Store, and choose Authorize this Computer.
  If the computer's running Windows, press the Alt and S keys and choose Authorize this Computer, or click here, follow the instructions, click on Store in the menu bar, and choose Authorize this Computer.
  (84620)

• Has anyone experienced problems with Mackeeper? I did not complete downloading this software. Yet, occasionally when on the internet, I will have the MacKeeper multi-colored circle replace my pointer. How do you deal with this?

  Has anyone experienced problems with Mackeeper? I did not complete downloading this software. Yet, occasionally when on the internet, I will have the MacKeeper multi-colored circle replace my pointer. How do you deal with this?

  Welcome to Apple Support Communities
  Don't download MacKeeper. Users complain about this app and it damages OS X. Also, Mac OS X knows how to take care of itself, so you don't need any other cleaning application that may damage OS X. See > https://discussions.apple.com/docs/DOC-3691

• How to deal with deadlock on wwv_flow_data table when http server times out

  There are some threads about a deadlock on the wwv_flow_data table. None of them contain a real explanation for this behaviour. In my case I will try to explain what I think is happening. Maybe it helps somebody who is hitting the same matter.
  In my case with APEX 3.2.1 I am navigating from one page to another. Doing this APEX will lock the table wwv_flow_data. As soon as the other page is shown the lock will be released. But now this other page contains a bad performing query (standaard report region). After 5 minutes the http server (modplsql) will time out and present the message "No response from the application server" on the screen. In the meanwhile the query is still running on the database server and the lock stays on the wwv_flow_data table.
  Normal user behaviour will be that the user will use the back button to return to the previous page and tries it again to navigate to the other page or
  the user will try to refresh the page with the bad performing query.
  And voila now you will have a deadlock on the wwv_flow_data table since a second session is trying to do the same thing while the first hasn't finished yet.
  How to deal with it?
  First of all. Have a good look at the bad performing query. Maybe you can improve it that it will succeed before the http server will timeout.
  In my case the 11gr1 optimizer couldn't handle a subquery factoring clause in the best way. After changing it back to a classical inline query the problem was solved.
  Secondly you could increase the timeout parameter of the http server. Although this not the best way.
  Maybe it would better if APEX in a next version would release the lock on the table wwv_flow_date earlier or do a rollback just before the moment that the http server is timing out.
  regards,
  Mathieu Meeuwissen

  Hello Shmoove,
  I saw your reply here and you probably understand the problems the HTTP 100 response may cause.
  I am trying to send image that was taken by getSnapshot. The problem is that the server respond with this HTTP 100 message.
  I suspect that the reason that my server doesn't recognize the file that I'm sending from J2me is that the "server to client" response to the 100 message comes after the second message of (see what the TCPIP viewer shows down here):
  POST /up01/up02.aspx HTTP/1.1
  Content-Type: multipart/form-data; boundary=xxxxyyyyzzz
  Connection: Keep-Alive
  Content-length: 6294
  User-Agent: UNTRUSTED/1.0
  Host: szekely.dnsalias.com:80
  Transfer-Encoding: chunked
  400: Client to Server (126 bytes)
  78
  --xxxxyyyyzzz
  Content-Disposition: form-data; name="pic"; filename="david.jpg"
  Content-Type: application/octet-stream
  400: Connected to Server
  400: Server to Client (112 bytes)
  HTTP/1.1 100 Continue
  Server: Microsoft-IIS/5.1
  Date: Wed, 23 Mar 2005 00:47:02 GMT
  X-Powered-By: ASP.NET
  Any help will be appreciated,
  David

• How to deal with "Script stopped responding" in general Part 3

  OK, I have asked about this issue before, and am back because it won't go away.
  First, I have tried resetting Firefox. Yesterday was the most recent time.
  I have tried using add-on Script Blockers.
  The Script Blocker program worked for a while. The problem is that the primary source of the script problems are Hotmail and Gmail, and I need to have these functioning and open. Plus it is not easy to determine what a script does before deciding to let it in.
  So I'm going to start from the computer user perspective: Why does this happen at all?
  I understand the need for scripts to be used for websites to function. What I don't understand is why my entire computer slows to a crawl, some programs get cut off entirely, and then I have to try to figure out what webpage is causing the problem...slowly. Even when I click the box to stop the script, my computer is still incredibly slow for an unreasonable amount of time. By unreasonable amount, I mean that it is so long that I can't even close Firefox within 5 minutes just to make it stop. By unreasonable amount, I mean I have actually just set my computer to restart so that Firefox will be forced closed and then cancel the restart when Firefox shuts down.
  What can Hotmail, Gmail, or any other program be doing that is of sufficient importance that it can essentially take over the computer? Nothing that isn't critical to the functioning of the computer should have this power. There is nothing critical about a script on Hotmail while I'm not even using that should let it take over all of the computer's resources. I would rather have Hotmail crash and shut off than have it let a script take over my computer. I can click on my Hotmail start up button within seconds while a script that won't respond might take 15 minutes to deal with.
  So can someone please explain to me why this system exists? Why isn't there a command that says "a script may use up this amount of processing power only" that allows a person to keep using their computer while the script futily whirls away? Why isn't there a way to have an automatic setting like "let a script try to run for X seconds and if it doesn't work just stop it"? Why doesn't a window pop-up on the computer screen regardless of where the script problem is to alert you what webpage is causing the problem instead of making the user guess?
  There doesn't even seem to be much purpose to the scripts. If I stop a script that is not responding on Hotmail, I can still use Hotmail when the computer recovers. So why does this happen?
  This system seems insane to me. Honestly, I don't understand why scripts are allowed to do this. Can someone at least help with an explanation of why this happens? Why there isn't a way to make it stop? In a world of apps it seems like something that would kill non-responding scripts after a brief time would be a winner. How did we reach this chokepoint in computer functioning and why haven't we figured out how to stop it?
  Thank you for any help, whether it be fixing the problem or just explaining the purpose.

  Hi auzziewog, a couple of thoughts on long pauses.
  In some cases, this is caused by Firefox waiting on content from the server, or loading some content into a plugin. Other than blocking some extraneous content in pages and setting plugins to "Ask to Activate" (click-to-play) on the Add-ons page, this is a hard problem to solve.
  If the problem is a script (the eventual appearance of the dialog suggests that possibility), please see the above reference post.
  Perhaps it is a combination of those things, since scripts often run after some other elements are loaded...

• How do I deal with constant "error loading content" messages?

  I'm constantly seeing error messages on my Apple TV (2nd gen) on content I easily watch on my other iDevices. What gives? This thing is rapidly becoming a vy expensive paper weight. Possibly the worst Apple product I've yet purchased. Am I alone in this?  What can I do?

  You cannot connect to TC using USB.
  Plug the TC into the computer using ethernet.
  Press and hold the reset button on the TC for about 10sec.. until front led rapidly flashes.. release it.
  Open the airport utility and make sure you can locate the TC. Check the disk page that the disk started up without errors.
  When you say
  Sodrawi wrote:
  How do I deal with the error message at my Time Capsule saying "There is a problem to connect to server xxxx-Time-Capsule.local."
  I am guessing you mean Time Machine.
  If TM still cannot find the TC disk.. reset TM and redo the setup.
  Read A4 here.
  http://pondini.org/TM/Troubleshooting.html