http://news.cnet.com/8301-1009_3-574.../?tag=mncol;1n
When the trojan executes it checks your system for these directories:
- /Library/Little Snitch
- /Developer/Applications/Xcode.app/Contents/MacOS/Xcode
- /Applications/VirusBarrier X6.app
- /Applications/iAntiVirus/iAntiVirus.app
- /Applications/avast!.app
- /Applications/ClamXav.app
- /Applications/HTTPScoop.app
- /Applications/Packet Peeper.app
If any one of those are found it commits suicide. If you don't have any of those directories it's easy to see if you've been infected or not.
Simply run this command in terminal:
Code:
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
You should get this error:
Code:
The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist
Then run this command:
Code:
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
You should get this error:
Code:
The domain/default pair of (/Users/YOURUSER/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist
If you get both of those errors than you're Flashback free! If you don't get those errors then removal can be found here