in Home

easy way to know if “flashback Trojan” infected your mac (osx lion)

This last days, many people spoke about the new “Flashback Trojan” in OSX 10.7 (for more info, click here).

The way to know if you are infected requires some work with the terminal (two commands). Some users “hate” the terminal or simply not know it is there, that is why I wrote a simple applescript (fast and dirty) that check in a click (to my dear friend Dario).
 
The resultant application (created with applescript editor) is included in this post (Check Flashback Trojan 0.1.zip), or you can check the source code:
display dialog "Lets go to check two simple values, if the result is not equal to OK, run some antivirus or do your job with the terminal app. Also, check http://goo.gl/3FWfA" with icon stop with title "Simple Flashback Trojan detect tool"

try
	set test1 to do shell script "defaults read /Applications/Safari.app/Contents/Info LSEnvironment  > /tmp/nada 2>&1; cat /tmp/nada | grep -i not"
	set test1 to result

	if test1 contains "does not exist" then
		display dialog "Step 1: OK" with icon note
		do shell script "rm -f /tmp/nada"
	else
		display dialog "Step 1: Something is wrong with Info LSEnvironment" with icon stop
	end if
end try

try
	set test2 to do shell script "defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES  > /tmp/nada2 2>&1; cat /tmp/nada2 | grep -i not"
	set test2 to result

	if test2 contains "does not exist" then
		display dialog "Step 2: OK" with icon note
		do shell script "rm -f /tmp/nada2"
	else
		display dialog "Step 2: Something is wrong with DYLD_INSERT_LIBRARIES" with icon stop
	end if
end try
Screen_shot_2012-04-05_at_9
0screen_shot_2012-04-05_at_9
1screen_shot_2012-04-05_at_9
Screen_shot_2012-04-06_at_12
Bye,

Write a Comment

Comment

 

  1. This was definitely full disclosure. Appreciate your posting the script and making it so user friendly.Awesome job, my friend!

  2. I had already downloaded the second fix before I saw your page. Wish I had seen this first so I might have known if I had been infected.In any event, is sheer pleasure to find someone that can not only make a tool such as yours which checks to see if you are infected but beyond that, explains how to do it in such an easy fashion, even a newbie would grasp!Rarely do people make it easy.We could use more like yourself!!Thank you for having done so!