Free Tools Remove Flashback Trojan From Macs

IT ManagementLeave a Comment

Share this Post

Last week we brought you news of the Flashback botnet, a particularly nasty piece of malware that infects users' computers by way of a Java vulnerability that allows it to be installed just by visiting an infected website.

Shortly after news of the new Flashback variant broke, Apple rolled out an update to Java that fixed the exploit that it used. Just a few days later, a second Java update was rolled out. Though Apple didn't say so specifically, the second update probably dealt with Flashback as well.

Initially the only way to detect and remove Flashback from an infected machine was through Terminal. Thankfully, F-Secure posted a straightforward walkthrough that would guide users through the process. Unfortunately, Terminal can be a bit daunting for those who have never used it before. Now, though, a couple of free tools have popped up that will simplify the process.

FlashbackChecker is a free tool available from GitHub that, as the name suggests, checks for Flashback. You just download and run the software, and click the button that says "Check for Flashback Infection." If your machine is clean, you'll get a message that says "No Signs of infection were found." If, however, you're unlucky enough to be one of the 600,000 or so people who are infected, then you'll still have to get into terminal and follow F-Secure's walkthrough to remove Flashback.

FlashbackChecker checks for Flashback

The other tool comes courtesy of Kapersky Labs. Flasflake Removal Tool identifies Flashback and similar program called Flashflake. Unlike FlashbackChecker, though, Flashflake Removal Tool actually removes Flashback (and Flashflake) from infected machines.

Flashflake Removal Tool removes Flashback and Flashflake

Both tools are free, and both remove the need to go into Terminal to see if your machine is infected. If you suspect your machine might be infected, download one of them and see. If you don't think your machine is infected, you should probably still double check.

Leave a Reply