Flashback Removal Tool

Security company F-Secure released a tool today to automate the detection and clean-up of the Flashback Trojan. The virus has been infecting Mac computers, which are generally mistaken as impervious to viruses.

The tool can be downloaded from F-Secure’s website and comes as a zipped file. Once downloaded, a user must unzip the file, and follow instructions to find the virus. If the trojan exists on the computer, the tool will isolate it in a password protected file in your “Home” file. The password to this file is “infected.” It will also save a log file of all its activities on your computer. The tool will also give instructions for how to clean your system up.

F-Secure chief research officer Mikko Hypponen pointed out in a blog post that Apple hasn’t built in a way to detect the Flashback Trojan in its Xprotect OS X antivirus tool. Apple has also failed to patch the JavaScript hole in OS X versions 10.5 and earlier, which Hypponen says accounts for 16 percent of Macs, though the majority of Apple computers have been protected.

The Flashback Trojan entered Mac computers by exploiting a hole in Apple’s version of JavaScript. The company does not use the publicly available version of JavaScript. A victim is exposed to the virus by visiting an infected website, which prompts the user to download and install a browser plugin (such as Flash) to view content on the site. Soon after the Flashback Trojan was discovered, Apple released a patch to its customized JavaScript. At the same time, F-Secure provided instructions on how to find and get rid of the virus by inputting a few commands into the “terminal” program on Macs. Today’s tool eliminates the need to manually enter these commands.