This last days, many people spoke about the new “Flashback Trojan” in OSX 10.7 (for more info, click here).
The way to know if you are infected requires some work with the terminal (two commands). Some users “hate” the terminal or simply not know it is there, that is why I wrote a simple applescript (fast and dirty) that check in a click (to my dear friend Dario).
The resultant application (created with applescript editor) is included in this post (Check Flashback Trojan 0.1.zip), or you can check the source code:
display dialog "Lets go to check two simple values, if the result is not equal to OK, run some antivirus or do your job with the terminal app. Also, check http://goo.gl/3FWfA" with icon stop with title "Simple Flashback Trojan detect tool" try set test1 to do shell script "defaults read /Applications/Safari.app/Contents/Info LSEnvironment > /tmp/nada 2>&1; cat /tmp/nada | grep -i not" set test1 to result if test1 contains "does not exist" then display dialog "Step 1: OK" with icon note do shell script "rm -f /tmp/nada" else display dialog "Step 1: Something is wrong with Info LSEnvironment" with icon stop end if end try try set test2 to do shell script "defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES > /tmp/nada2 2>&1; cat /tmp/nada2 | grep -i not" set test2 to result if test2 contains "does not exist" then display dialog "Step 2: OK" with icon note do shell script "rm -f /tmp/nada2" else display dialog "Step 2: Something is wrong with DYLD_INSERT_LIBRARIES" with icon stop end if end try