05 April 2012

600,000 Macs infected with botnet virus

Details at CNET, with links to complicated analytic and corrective procedures.

I found an easier tip in the top comment at Reddit:

To see if you haven't got it:
In terminal run:
defaults read /Applications/Safari.app/Contents/Info LSEnvironment

You should get this error:
The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist

Then run:
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

You should get this error:
The domain/default pair of (/Users/YOURUSER/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist

If you do you are clean of this variant!

I had never run "Terminal" before and didn't know what it was for, but it worked.  Both our home Macs are clean.  Blogging will go on.

6 comments:

  1. All my Macs were clean!

    Terminal is the window into the guts of Unix, the operating system. I spend almost as much time in the terminal as I do in the GUI. If you ever get interested in programming, the terminal is where you should start poking around.

    ReplyDelete
  2. The malware will request an administrator password, and if one is supplied, it will install its package of code into the Applications folder. If a password is not offered, the malware will install to the user accounts where it can run in a more global manner.

    So you should be clear if you can't recall any unusual requests for a password?

    ReplyDelete
  3. And lots of terminal fun and games here: http://www.macworld.com/article/1045860/terminaltricks.html

    ReplyDelete
  4. Whew! Thanks for that. I read the CNET stuff and couldn't make heads or tails of it. This was easy, and my Mac is clean.

    Now I guess I can blame the slow speed on the fact that Time Warner bought out my local cable company.

    ReplyDelete
  5. Thanks for sharing, and it's only the trust we have in you that made us all just do this blindly without question!

    ReplyDelete