Possible new version of Flashback trojan

Dear all,
today I experienced some problems just like the people in these two threads:
https://discussions.apple.com/thread/3355170?tstart=0
https://discussions.apple.com/message/16280207#16280207
Among others, my finder sidebar suddenly said SD5, SD6, SD7 instead of "Devices", "Shared" etc., and Skype crashed when trying to start it.
Examining Skype's crash report revealed the following line:
0x154c000 -  0x1574ff3 +.AiseesoftFLVConverter.so ??? (???) <23EEF509-128B-B224-D44D-313574EE83D3> /Users/Shared/.AiseesoftFLVConverter.so
which happened to share resemblance with the file <user>/.MacOSX/environment.plist, the content of which contained :
<dict>
     <key>DYLD_INSERT_LIBRARIES</key>
     <string>/Users/Shared/.AiseesoftFLVConverter.so</string>
</dict>
While I've renamed the two files, and my system has returned to normal behaviour, I'm not entirely sure I've deleted every part of the trojan. As for the files that are mentioned in the links above, I've moved and renamed the environment.plist file, but I wasn't able to find any of the other files mentioned:
.MacOSX/environment.plist
Library/LaunchAgents/com.apple.SystemUI.plist
Library/Preferences/perflib
Library/Preferences/Preferences.dylib
Library/Logs/swlog
I'll be happy to provide any further information/trojan files if someone thinks there's something they can do with it.
One problem remains, as can be seen in the following screen shot. My <user>/Library/Preferences/ directory seems to have been altered or tampered with in some way, is there any chance there is still an active and malicious part of the trojan on my computer?
All help is appreciated! Thanks in advance

Thanks for the replies!
I've been aware of malicious Flash installers and therefore have been very cautious to install Flash from the official Adobe website only. I haven't downloaded any program from non-official websites. Here's my download list in the past couple of days before I discovered the malware:
VLC 2.0 from the official website
Several files from my internal university page (I assume this isn't infected though, mostly zip files containing MATLAB and Maple scripts)
I tried to open the .so file in an editor to see if there was any more information about the malware in there, but when I did, Finder issued the following warning:
(renamed the files to "<filename>OLD")
Normally, when you download something, the respective download link is included in the file's info, so naturally I checked it out, but it did not contain a link.
So, I'm afraid I can't provide a link, sorry. Any chance there's a hidden directory of downloaded files somewhere?
To clarify about the files' contents:
~/.MacOSX/environment.plist contained (in the standard plist format which I didn't include):
<dict>
     <key>DYLD_INSERT_LIBRARIES</key>
     <string>/Users/Shared/.AiseesoftFLVConverter.so</string>
</dict>
Users/Shared/.AiseesoftFLVConverter.so is a ~420 KB file, I uploaded it to the following link.
Caution! Malware, download at your own risk
http://www.mediafire.com/?e3qlnmhs6y97ia2
Caution! Malware, download at your own risk
I only renamed it to "<filename>OLD" and I haven't tampered with it in any other way. (I also sent it to a friend to help me examine it and he wasn't infected, so I assume just downloading the file should be safe. I added a disclaimer so people don't blindly click on it without knowing what they're getting into. )
Skype crash report from yesterday when the "symptoms" of the virus occured
http://pastebin.com/cDYnWq06
java -version returns the following:
java version "1.6.0_29"
Java(TM) SE Runtime Environment (build 1.6.0_29-b11-402-10M3527)
Java HotSpot(TM) 64-Bit Server VM (build 20.4-b02-402, mixed mode)
My Mac OS X was also up to date with the exception of the security update from the beginning of February 2012, but I installed it following the incident.
I am also aware of all kinds of man-in-the-middle attacks using counterfeit certificates, so I'm very cautious when I see pop-ups like that. I'm sure I didn't approve any certificate like shown in the Intego article.
Any to clarify once more, I didn't update my Flash using anything other than the official Adobe site, and that must have been quite longer ago than two days.
So according to the file opening dialogue above, the AiseesoftFLVConverter.so file was downloaded on 19/02/2012. According to the Finder's own tools, the only two other files that were created during that day were the folder ".MacOSX" and the file in it, "environment.plist". AiseesoftFLVConverter.so itself was created on 21/01/2012, and no other relevant files were created during that day.
I deinstalled XCode a couple of months ago to have some space for other data, so I can't do this myself. But if someone who's interested in this stuff could try examining the .so file using otool and see if there's something interesting, that'd be really cool.
Although I'm almost sure I've deactivated the virus, I'll safe reformat my drive and put a clean install on it. Is there any further information I can provide at this time?
Is there any way for me to find out where I got the virus? To me there's no obvious answer, as I try to be as safe as possible when browsing the internet, apparently not safe enough though. I'd be glad to help prevent an attack like this from affecting others, so if there's anything I can do, please let me know. Also, is there a team at Apple directly who work on anti-malware who I can contact and send the files to?
Thanks for the help!

Similar Messages

  • I accidentally deleted Garageband on my MacBook Pro, version 10.6.8.  The new version of Garageband is only compatible with 10.9 and above.  Is it possible to still get the older version?  OR, can I get another copy of the startup CD  for my computer

    I accidentally deleted GarageBand on my MacBook Pro, version 10.6.8.  The new version of GarageBand is only compatible with 10.9 and above.  Is it possible to still get the older version?  OR, can I get another copy of the startup CD that came with my computer so that I can reinstall GarageBand?

    The new version of GarageBand is only compatible with 10.9 and above.
    If your Mac can run MacOS X 10.6.8, it probably can be upgraded to Yosemite, if you don't have to stick to Snowleopard for other reasons.
    Is it possible to still get the older version?
    Amazon or eBay are still selling iLife '11 installer disks, and you could reinstall GarageBand from these DVDs. But it will be expensive.
    Have you checked your backups, if you can restore GarageBand from a backup?
    OR, can I get another copy of the startup CD that came with my computer so that I can reinstall GarageBand?
    Sometimes the AppleStore Support will replace missing installer CDs for a fee.

  • In the new version of Thunderbird it seems impossible to set that attachments are shown as"Read only". It was possible in previous versions. Can anybody help?

    In previous version of Thunderbird it was possible to set that incoming attachments are shown as "Read only". The solution was to set browser.helperApps.deleteTempFileOnExit as TRUE. In the latest version, no matter how I set this value,. the attachments ARE NOT shown as Read Only. As I need my attachments to be shown as Read Only, I had to restore older versions of Thunderbird. Does anybody have an idea how I can solve this in the new version of Thunderbird ?

    ''Wayne Mery [[#answer-672415|said]]''
    <blockquote>
    hmm, https://bugzilla.mozilla.org/show_bug.cgi?id=1009465 and https://bugzilla.mozilla.org/show_bug.cgi?id=1095893 seem relevant
    </blockquote>
    I don't see a solution on these links. I am not a computer expert, but it was easy to fix in previous versions of Thunderbird. I can't do it now with the latest version, on either Windows 7 or 8.

  • With my new version of numbers it is not possible to print the celnumbers. That is difficult for my bookkeeping.

    with my new version of numbers it is not possible to print the celnumbers. That is difficult for my bookkeeping.
    How to solve this problem?

    Hi Jaspers,
    A Header Row and a Header Column might work for you
    Or two extra Tables to show the Row and Column labels
    Regards,
    Ian.

  • I'm using FF 3.5.18 and I do not want newer versions because : using in the Open in New Tab page opens the near tab and not as a FF 3.5.18 or is it possible to do that open in new tabs would be the end. of the new FF version

    I'm using FF 3.5.18 and I do not want newer versions because : using in the Open in New Tab page opens the near tab and not as a FF 3.5.18 or is it possible to do that open in new tabs would be the end. of the new FF version

    You can change a preference to make tabs open
    # at the end of all open tabs
    # immediately after the current tab.
    See: http://kb.mozillazine.org/About:config
    *Type '''about:config''' in the URL bar and press the Enter key.
    *If you see the warning, accept it (promise to be careful).
    *Filter = browser.tabs.insertRelatedAfterCurrent
    *Look at the "Value" column ('''false'''=open at end, '''true'''=open after current tab); Value = true is the default.
    *Double-click that preference to toggle the value from true to false, or false to true
    *Restart Firefox (File > Restart Firefox)
    See: http://www.mydigitallife.info/2010/02/01/change-firefox-to-open-new-tab-at-far-right-end-of-tabbar-disable-insert-next-to-current-active-tab/

  • Will it be possible to create new version of document only after releasing

    Dear Expert,
                      is it possible to create a new version of the document only after release of the document...i don't want document version should be created other then release status.
    Bhuwan

    Hello,
    Since you are a technical consultant also, probably you are in a better position to deside how to achieve this.
    You will have to develop a user exit which will check status/ Release Indicator of  Document when new version option is clicked through CV01N/ 2N/ 3N/ 4N transaction and take necessary action. 
    Regards,
    Milind Dumbre

  • Now i got the answer that i phone cant be downgradable from 7 to 6.1.If it possible thats good.I expect newer version will be better,one fuction i liked in older version is contact picture size is full screen

    now i got the answer that i phone cant be downgradable from 7 to 6.1.If it possible thats good.I expect newer version will be better,one fuction i liked in older version is contact picture size is full screen

    tell apple: http://www.apple.com/feedback/

  • How do I update the browser on the MacBookPro?  I would like to get newer version of Safari; however, if that is not possible, is there a version of anything that I can get for MAC OS 10.5.8?

    How do I update the browser on the MacBookPro?  I would like to get newer version of Safari; however, if that is not possible, is there a version of anything that I can get for MAC OS 10.5.8?

    Hi kwalker08865,
    It would appear that the most recent version of Safari that is compatible with OS X 10.5.8 would be Safari 5.0.6. If this would meet your needs, you can find more information and a download link on the following page:
    Safari 5.0.6 for Leopard
    Regards,
    - Brenden

  • HT1222 Is it possible for me to update to new version if i have a gevey sim?

    Is it possible for me to update to new version if i have a gevey sim?

    My Airport Card Info. is
    Wireless Card Firmware Version: 9.52
    can you teach me how to connect in a WPA personal security?? Please??
    Because our router only has WPA and WPA2 and neither of the settings, after i put in the password, would connect to the internet... It would only gives me an error message "the wireless network (name of the network) does not support the requested encryption method".
    I am also trying to connect this Ibook into the personal hotspot feature of Iphone 4s but it is still not recoginizing the security settings. It will give me the same error....
    Thanks for the message anyways...
    So what is the next upgrade for OS X 10.4.11??

  • How do I resize the window of pages in the new version? It takes up most of my desktop. I would like to make it tall and narrow, which was possible in the old pages, but I cannot seem to do it in the new version.

    How do I resize the window of pages in the new version? It takes up most of my desktop. I would like to make it tall and narrow, which was possible in the old pages, but I cannot seem to do it in the new version.

    I agree it is a very bad and wasteful design especially for users on small laptop screens.
    You can drag it to whatever shape you want from the bottom left corner.
    Click on the paintbrush to make the Format side panel disappear. However you will need to use that side panel for most formatting.
    Peter

  • HT201364 Hi friends, I have a Mac Pro OS X 10.5.8, I want to upgrade newer version its possible, please help to get a solution thanks

    Hi friends, I have a Mac Pro OS X 10.5.8, I want to upgrade newer version its possible, please help to get a solution
    thanks
    Mujeeb

    See options below:
    Upgrading to Snow Leopard
    You can purchase Snow Leopard through the Apple Store: Mac OS X 10.6 Snow Leopard - Apple Store (U.S.). The price is $19.99 plus tax. You will be sent physical media by mail after placing your order.
    After you install Snow Leopard you will have to download and install the Mac OS X 10.6.8 Update Combo v1.1 to update Snow Leopard to 10.6.8 and give you access to the App Store. Access to the App Store enables you to download Mavericks if your computer meets the requirements.
         Snow Leopard General Requirements
           1. Mac computer with an Intel processor
           2. 1GB of memory
           3. 5GB of available disk space
           4. DVD drive for installation
           5. Some features require a compatible Internet service provider;
               fees may apply.
           6. Some features require Apple’s iCloud services; fees and
               terms apply.
    Upgrading from Snow Leopard to Lion or Mavericks
    To upgrade to Mavericks you must have Snow Leopard 10.6.8, Lion, or Mountain Lion installed. Purchase and download Mavericks (Free) from the App Store. Sign in using your Apple ID. The file is quite large, over 5 GBs, so allow some time to download. It would be preferable to use Ethernet because it is nearly four times faster than wireless.
         OS X Mavericks- System Requirements
           Macs that can be upgraded to OS X Mavericks
             1. iMac (Mid 2007 or newer) — Model Identifier 7,1 or later
             2. MacBook (Late 2008 Aluminum, or Early 2009 or newer) —
                 Model Identifier 5,1 or later
             3. MacBook Pro (Mid/Late 2007 or newer) — Model Identifier 3,1 or later
             4. MacBook Air (Late 2008 or newer) — Model Identifier 2,1 or later
             5. Mac mini (Early 2009 or newer) — Model Identifier 3,1 or later
             6. Mac Pro (Early 2008 or newer) — Model Identifier 3,1 or later
             7. Xserve (Early 2009) — Model Identifier 3,1 or later
    To find the model identifier open System Profiler in the Utilities folder. It's displayed in the panel on the right.
    Are my applications compatible?
             See App Compatibility Table — RoaringApps.
    Upgrading to Lion
    If your computer does not meet the requirements to install Mavericks, it may still meet the requirements to install Lion.
    You can purchase Lion at the Online Apple Store. The cost is $19.99 (as it was before) plus tax.  It's a download. You will get an email containing a redemption code that you then use at the Mac App Store to download Lion. Save a copy of that installer to your Downloads folder because the installer deletes itself at the end of the installation.
         Lion System Requirements
           1. Mac computer with an Intel Core 2 Duo, Core i3, Core i5, Core i7,
               or Xeon processor
           2. 2GB of memory
           3. OS X v10.6.6 or later (v10.6.8 recommended)
           4. 7GB of available space
           5. Some features require an Apple ID; terms apply.

  • I want to upgrade the software (currently I have Mac OS X 10.6.4) but when the mac is downloading the new version i get an error message and is not possible get the most updated software: Mac OS X 10.6.8 or either the most recent itunes why?!?!?!

    I want to upgrade the software (currently I have Mac OS X 10.6.4) but when the mac is downloading the new version i get an error message and is not possible get the most updated software: Mac OS X 10.6.8 or either the most recent itunes why?!?!?!

    Then you either have a network problem or a hardware problem or a corrupted hard drive. You might try:
    Repair the Hard Drive and Permissions
    Boot from your Snow Leopard Installer disc. After the installer loads select your language and click on the Continue button. When the menu bar appears select Disk Utility from the Utilities menu. After DU loads select your hard drive entry (mfgr.'s ID and drive size) from the the left side list.  In the DU status area you will see an entry for the S.M.A.R.T. status of the hard drive.  If it does not say "Verified" then the hard drive is failing or failed. (SMART status is not reported on external Firewire or USB drives.) If the drive is "Verified" then select your OS X volume from the list on the left (sub-entry below the drive entry,) click on the First Aid tab, then click on the Repair Disk button. If DU reports any errors that have been fixed, then re-run Repair Disk until no errors are reported. If no errors are reported click on the Repair Permissions button. Wait until the operation completes, then quit DU and return to the installer.
    If DU reports errors it cannot fix, then you will need Disk Warrior and/or Tech Tool Pro to repair the drive. If you don't have either of them or if neither of them can fix the drive, then you will need to reformat the drive and reinstall OS X.
    You can also try downloading from another computer on a different network connection.

  • After installation of OS X Maverick my iPhoto(9.2.3.) is not working anymore! Is the only possibility buying the new version??

    Hello,
    after I installed the new OS X Maverick on my Mac Book Air the iPhoto programm (9.2.3) is not working anymore.
    Is there an other possibility than buying the new version of it to get it running again?

    Repair permissions with Disk Utility.

  • How can I alter the track sequence of an album? It used to be possible through Get Info on old iTunes, but it doesn't seem to be an option in the new version.

    How can I alter the track sequence of an album? It used to be possible through Get Info on old iTunes, but it doesn't seem to be an option in the new version.

    Right click - get info.

  • I have some adobe programs of version cs3. Is it possible to upgrade to a newer version? Possibly cs5 or newer?

    There are some essential features I need for my work that I aren't available in cs3, so I was wondering whether it is possible to upgrade this version to cs5 or 6, or to CC. If this is possible, is it a free upgrade or can I pay a lump sum of money for an upgraded new version. I am definitely not prepared to pay a huge amount of money for a new version when I have already paid for cs3. Can anyone help me out?

    No you cannot upgrade from CS3 (too old).
    You can still buy CS6 (full version) Creative Suite 6  or rent CC.

Maybe you are looking for

  • Pages simply will not open

    Hi, My apologies if this has been covered, but I'm at my wits end with my ipad 2. I've updated to iOS7 a month ago and my iMac only yesterday to Mavericks. Now, Pages simply will not open on my iPad. I had no problems with pages until the Maverick up

  • Mysql and Weblogic 10.3.5

    I was working fine with mysql on weblogic 10.3.2. But with weblogic 10.3.5 it's getting problem. There are two jars in wlserver_10.3\server\ext\jdbc\mysql\ 1)mysql-connector-java-commercial-5.0.3-bin.jar 2)mysql-connector-java-commercial-5.1.14-bin.j

  • Flash player not working in IE11 on Windows 8.1

    I am on Windows 8.1 and working with Windows 8.1 When I test Flash, I get this screen When I check if the player is enabled or disabled I get this screen (seems that Flash is enabled): When I check for ActiveX, this is the result: What can I do to ge

  • Z field added in std table not reflected in PA30

    Hi experts, I m trying to enhance IT 0021 with some additional fields.. I have added a field in IT0021 through PM01. Also i have assigned the custom program generated for IT0021 to the standard program in  "Assign Enhancement"  in PM01. The problem i

  • Plug in s** off

    Hello Whenever i try to look at a webpage that has an applet embedded in it (using any browser) i get kicked out of the browser. I know this has something to do with the java plug in. As the Java cuppa coffee icon appears in the bottom right of the t