Flashback malware removal tool roundup
In the past week, a number of reputable companies have released tools to automatically remove the Flashback malware from OS X systems.
The Apple community is tackling the Flashback malware threat for OS X. Despite these efforts, the malware is still out there with the potential to infect unpatched Mac systems or even those that are patched, but for which the user fell for the fake Flash updater traps used by earlier variants of the malware.
You can check for the presence of the malware using our instructions or others, or use automated online options such as Dr. Web's checker to determine if your system may be compromised. So far, a number of tools have been released by some reputable security firms that will detect and remove this threat from OS X systems.
F-Secure Flashback Remover
The first of these tools is F-Secure's Flashback remover, which will extract known variants of the malware from its location within applications and user accounts, and save them in a benign zip file, which can then be destroyed or sent in for analysis.
Kaspersky Flashfake removal tool
The second such tool is from Kaspersky labs and is called the Flashfake removal tool. This tool runs a number of Unix commands within an AppleScript that will remove any known malware and notify you of the results. Unlike F-Secure's option, it will just remove the malware and not quarantine it.
Symantec Flashback Remover
Symantec was the third to release its Flashback removal option, which it has supplied as a shell script and Ruby script combination. Unlike those from Kaspersky and F-Secure, Symantec's solution runs within the OS X terminal but launches by double-clicking the script file located within the downloaded disk image.
Apple MRT tool
Apple followed an announcement of its own Flashback removal tool (available via Software Update) with the release of one that accompanies yet another update to the Java runtime for both OS X 10.6 and 10.7. This tool is reminiscent of the tool Apple released to remove the MacDefender malware, and is a native Cocoa application instead of being a script-based tool as is the case with other options. The program will run when the Java update is applied, and will remove the malware and upload the results to Apple's servers, followed by deleting itself from the system.
Apple today released a separate stand-alone version of its MRT utility
; however, it is only for OS X Lion users who do not have Java installed on their systems. This appears to be an effort to help detect earlier variants of the malware that these users might have encountered. So far there is no such option from Apple for other versions of its Mac operating system.
Note that these tools are not full antivirus scanners, and instead are simple run-once scripts programs that are intended to quickly clear the problem instead of providing ongoing protection.
While Apple's malware tool is a good sign to see from the company, unfortunately it will only work on systems running OS X 10.6 or later, since Apple has stopped supporting prior versions of OS X. Therefore, if you are running an older version of the Mac operating system, then be sure to use one of the first three tools to check your system, or follow our instructions for manually running the commands necessary to check for and remove the malware.