easy way to know if “flashback Trojan” infected your mac (osx lion)

This last days, many people spoke about the new “Flashback Trojan” in OSX 10.7 (for more info, click here).

The way to know if you are infected requires some work with the terminal (two commands). Some users “hate” the terminal or simply not know it is there, that is why I wrote a simple applescript (fast and dirty) that check in a click (to my dear friend Dario).
 
The resultant application (created with applescript editor) is included in this post (Check Flashback Trojan 0.1.zip), or you can check the source code:
display dialog "Lets go to check two simple values, if the result is not equal to OK, run some antivirus or do your job with the terminal app. Also, check http://goo.gl/3FWfA" with icon stop with title "Simple Flashback Trojan detect tool"

try
	set test1 to do shell script "defaults read /Applications/Safari.app/Contents/Info LSEnvironment  > /tmp/nada 2>&1; cat /tmp/nada | grep -i not"
	set test1 to result

	if test1 contains "does not exist" then
		display dialog "Step 1: OK" with icon note
		do shell script "rm -f /tmp/nada"
	else
		display dialog "Step 1: Something is wrong with Info LSEnvironment" with icon stop
	end if
end try

try
	set test2 to do shell script "defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES  > /tmp/nada2 2>&1; cat /tmp/nada2 | grep -i not"
	set test2 to result

	if test2 contains "does not exist" then
		display dialog "Step 2: OK" with icon note
		do shell script "rm -f /tmp/nada2"
	else
		display dialog "Step 2: Something is wrong with DYLD_INSERT_LIBRARIES" with icon stop
	end if
end try
Screen_shot_2012-04-05_at_9
0screen_shot_2012-04-05_at_9
1screen_shot_2012-04-05_at_9
Screen_shot_2012-04-06_at_12
Bye,
Posted in Home Tagged with: , , , ,
5 comments on “easy way to know if “flashback Trojan” infected your mac (osx lion)
  1. Kyle says:

    This was definitely full disclosure. Appreciate your posting the script and making it so user friendly.Awesome job, my friend!

  2. ChanGux says:

    Kyle, thank you for test it :)

  3. Shelagh Delves-Broughton says:

    I had already downloaded the second fix before I saw your page. Wish I had seen this first so I might have known if I had been infected.In any event, is sheer pleasure to find someone that can not only make a tool such as yours which checks to see if you are infected but beyond that, explains how to do it in such an easy fashion, even a newbie would grasp!Rarely do people make it easy.We could use more like yourself!!Thank you for having done so!

  4. ChanGux says:

    Ever welcome, Shelagh!

  5. pollitos en fuga says:

    you re the best thank you for save the macs

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

 

Member of The Internet Defense League

IPv6 detector

Still using IPv4? 54.90.127.10 Show stats
%d bloggers like this: