Summary. In April 2012, the Backdoor Flashback trojan virus was discovered to have infected over 600,000 Apple computers world-wide. This virus is also known as the Flashfake virus or the Backdoor.Flashback.39 virus.
Previous Apple malware required a deceived user to approve installation of fake software.
The Flashback virus infected computers without user input or awareness. Even computers running the latest enterprise/corporate version of Symantec AntiVirus for Apple were infected.
For this reason, the virus spread quickly without detection. This page offers steps to detect and remove the virus.
Detection and Removal Instructions. Follow these instructions to detect and remove the Flashback virus.
- Go to FlashbackCheck.com and provide your computer’s UUID number to see if your computer is infected.
- Note: This may not accurately report your computer’s status. For example, our testing shows that a UUID from a previously infected computer that has been cleaned, and completely removed from the Internet, is still reported as infected. The botnet controlling server that has taken control over several hundred thousand Apple computers maintains a directory of the infected computer’s UUID numbers. Apparently, even after the computer is cleaned, the server retains the UUID.
- Visit the F-Secure web page dedicated to Flashback detection and removal. Follow the instructions to download the detection and removal tool.
- Visit the Apple About Flashback malware web page to learn more and be sure to run Apple Software Update (found under the Apple menu in the upper left corner).
Detection and Removal Tools. These are some Flashback detection and removal programs. Our research showed that an infected computer was reported as not infected when an administrator account was used to scan with Norton’s detection and removal tool. The Dr. Web software download is a relatively big program. So we recommend the F-Secure Flashback Detection and Removal Tool.
- Dr. Web Detection Tool
- F-Secure Flashback Detection and Removal
- Norton Flashback Detection and Removal
Further Reading. The following articles provide more information about the Flashback trojan virus.
- “About Flashback malware,” 14 April 2012, Apple
- “Flashback Mac botnet shrinks, says Symantec,” 12 April 2012, ComputerWorld
- “How to disable the Java web plug-in in Safari,” 10 April 2012, Apple
- “Kaspersky Lab Confirms Flashfake / Flashback Botnet Infected more than 600,000 Mac OS X Computers, Describes Ramifications and Remedies,” 9 April 2012, Kaspersky Lab
- “Kaspersky Lab Suspends Buggy Flashback Removal Tool,” 13 April 2012, PC Magazine
- “‘Mac Virus’ Fix: Apple Releases New Update For Flashback Trojan,” 13 April 2012, Huffington Post
- “New targeted Mac OS X Trojan requires no user interaction,” 14 April 2012, ZDNet
- “What you need to know about the Flashback trojan,” 6 April 2012, MacWorld
Page Visitors. Below is a map showing some recent visitors to this page. Click here or image for larger view.