Oct 13, 2016 - I accidentally downloaded a fake Adobe Flash Flash update on my Mac. How to Remove a Fake Adobe Flash Update From a Mac. The Flashback Trojan is the latest malware attack to target Apple's Mac platform. Here's your guide to what it is, whether you have it, and how to get rid of it.
These instructions are NOT applicable to Flash Player included with Microsoft Edge or Internet Explorer on Windows 8 and later or with Google Chrome on all supported operating systems. Please visit the Flash Player Help page for instructions on enabling (or disabling) Flash Player in various browsers.
If you use a Mac, see Uninstall Flash Player | Mac.
If Flash Player is installed on your computer, the following box displays the version of Flash Player and your operating system. If Flash Player is not installed, an error message appears.
The Flash Player uninstaller executes on both the 64-bit and 32-bit version of the Windows operating systems.
Save the file in a location where you can find it easily after you restart your computer. For example, save it on your Windows desktop.
Note: To uninstall Flash Player beta, use the corresponding Flash Player beta uninstaller available in Adobe Labs.
2. Exit all browsers and other programs that use Flash
The uninstaller does not work if any programs that use Flash are running on your computer.
- Look at the taskbar. If the taskbar contains program icons for a browser or for a game that uses Flash, right-click each icon and choose Close. This example shows a browser in the taskbar:
Look at the icons in the system tray for programs that run in the background. Examples include AOL Instant Messenger, Yahoo! Messenger, and games that use Flash (any file with a name that ends in .swf). If you see such an icon, right-click the icon and choose Exit, as shown in this example:
- Double-click the icon of the uninstaller that downloaded to your computer.
- Follow the prompts. Click Yes if you see the message 'Do you want to allow the following program to make changes to this computer?'
- Copy and paste the following and click OK.C:Windowssystem32MacromedFlash
- Follow steps a, b, and c for the following:
C:WindowsSysWOW64MacromedFlash
%appdata%AdobeFlash Player
%appdata%MacromediaFlash PlayerNote:Beginning with Flash Player 11.5, uninstalling the Flash Player resets the AutoUpdateDisable and SilentAutoUpdateEnable settings in mms.cfg to their default values, which are:- AutoUpdateDisable=0
- SilentAutoUpdateEnable=0
If you are running the Flash Player uninstaller as part of your deployment process, redeploy any custom changes that you have made to either AutoUpdateDisable or SilentAutoUpdateEnable.
- Open your browser and check the status of Flash Player.
More like this
Twitter™ and Facebook posts are not covered under the terms of Creative Commons.
Legal Notices | Online Privacy Policy
Apple's Mac platform has long been promoted as safer than the competition, but as Mac sales and market share grow, it's become a bigger target.
Nowhere is that clearer than with the Flashback Trojan, a gnarly piece of malware designed to steal personal information by masquerading as very mainstream browser plug-ins. Yesterday Russian antivirus company Dr. Web said that an estimated 600,000 Macs are now infected as a result of users unknowingly installing the software.
So here's a quick FAQ on the Flashback Trojan, including information on what it is, how to tell if you have it, and steps you can take to get rid of it.
What exactly is Flashback?
Flashback is a form of malware designed to grab passwords and other information from users through their Web browser and other applications such as Skype. A user typically mistakes it for a legitimate browser plug-in while visiting a malicious Web site. At that point, the software installs code designed to gather personal information and send it back to remote servers. In its most recent incarnations, the software can install itself without user interaction.
Flashback is a form of malware designed to grab passwords and other information from users through their Web browser and other applications such as Skype. A user typically mistakes it for a legitimate browser plug-in while visiting a malicious Web site. At that point, the software installs code designed to gather personal information and send it back to remote servers. In its most recent incarnations, the software can install itself without user interaction.
When did it first appear?
Flashback as we know it now appeared near the end of September last year, pretending to be an installer for Adobe's Flash, a widely used plug-in for streaming video and interactive applications that Apple no longer ships on its computers. The malware evolved to target the Java runtime on OS X, where users visiting malicious sites would then be prompted to install it on their machine in order to view Web content. More advanced versions would install quietly in the background with no password needed.
Flashback as we know it now appeared near the end of September last year, pretending to be an installer for Adobe's Flash, a widely used plug-in for streaming video and interactive applications that Apple no longer ships on its computers. The malware evolved to target the Java runtime on OS X, where users visiting malicious sites would then be prompted to install it on their machine in order to view Web content. More advanced versions would install quietly in the background with no password needed.
How did it infect so many computers?
The simple answer is that the software was designed to do exactly that. In its initial incarnation, the malware looked very similar to Adobe's Flash installer. It didn't help that Apple hasn't shipped Flash on its computers for well over a year, arguably creating a pool of users more likely to run the installer in order to view popular Web sites that run on Flash. In its newer Java-related variants, the software could install itself without the user having to click on anything or provide it with a password.
The simple answer is that the software was designed to do exactly that. In its initial incarnation, the malware looked very similar to Adobe's Flash installer. It didn't help that Apple hasn't shipped Flash on its computers for well over a year, arguably creating a pool of users more likely to run the installer in order to view popular Web sites that run on Flash. In its newer Java-related variants, the software could install itself without the user having to click on anything or provide it with a password.
What also didn't help is the way that Apple deals with Java. Instead of simply using Java's current public release, the company creates and maintains its own versions. As it turns out, the malware writers exploited one particular vulnerability that Oracle patched in February. Apple didn't get around to fixing its own Java version until April.
What has Apple done about it?
Apple has its own malware scanner built into OS X called XProtect. Since Flashback's launch, the security tool has been updated twice to identify and protect against a handful of Flashback variants.
Apple has its own malware scanner built into OS X called XProtect. Since Flashback's launch, the security tool has been updated twice to identify and protect against a handful of Flashback variants.
A more recent version of the malware, however, got around XProtect by executing its files through Java. Apple closed off the malware's main entry point with a Java update on April 3, and has since released a removal toolas part of a subsequent Java update.
Of note, the Java security fixes are only available on Mac OS X 10.6.8 and later, so if you're running OS X 10.5 or earlier, you will still be vulnerable. Apple has stopped supplying software updates for these operating systems.
How do I tell if I have it?
Right now the easiest way to tell if your computer has been infected is to head to security firm F-Secure and download its Flashback detection and removal software. Follow the instructions here on how to get and use it. Security company Symantec offers its own, Norton-branded standalone tool, which you can get here.
Right now the easiest way to tell if your computer has been infected is to head to security firm F-Secure and download its Flashback detection and removal software. Follow the instructions here on how to get and use it. Security company Symantec offers its own, Norton-branded standalone tool, which you can get here.
Alternately, you can run a trio of commands in Terminal, a piece of software you'll find in the Utilities folder in your Mac's Applications folder. If you want to find it without digging, just do a Spotlight search for 'Terminal.'
Once there, copy and paste each one of the code strings below into the terminal window. The command will run automatically:
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
defaults read /Applications/Firefox.app/Contents/Info LSEnvironment
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
defaults read /Applications/Firefox.app/Contents/Info LSEnvironment
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
If your system is clean, the commands will tell you that those domain/default pairs 'does not exist.' If you're infected, it will spit up the patch for where that malware has installed itself on your system.
Uh oh, I have it. How do I remove it?
Using one of the above, aforementioned tools from F-Secure or Norton will automatically get rid of the malware from your computer without any further steps. If you are, for some reason, wary of using one of these third-party tools, CNET's Topher Kessler provides a step-by-step guide on how to remove Flashback from your Mac. This process also requires hopping into Terminal and running those commands, then tracking down where the infected files are stored, then manually deleting them.
Using one of the above, aforementioned tools from F-Secure or Norton will automatically get rid of the malware from your computer without any further steps. If you are, for some reason, wary of using one of these third-party tools, CNET's Topher Kessler provides a step-by-step guide on how to remove Flashback from your Mac. This process also requires hopping into Terminal and running those commands, then tracking down where the infected files are stored, then manually deleting them.
For good measure, it's also a good idea to change your online passwords at financial institutions and other secure services that you may have used while your computer was compromised. It's unclear if this data was being targeted, logged, and sent as part of the attack, but it's a smart preventive behavior that's worth doing on a regular basis.
Related stories
So now that fixes are here, am I safe?
In a word, no. The Flashback authors have already shown themselves inclined to keep altering the malware to sidestep new security fixes.
In a word, no. The Flashback authors have already shown themselves inclined to keep altering the malware to sidestep new security fixes.
CNET's advice is primarily to download any software only from trusted sources. That includes the sites of known and trusted software makers, as well secured repositories such as CNET's Download.com. Also, as another rule of thumb, it's a good idea to keep third-party add-ons as up to date as possible so as to stay current with any security updates. If you want to stay even safer, stay away from Java and other system add-ons unless they're needed by a trusted piece of software or a Web service.
CNET blogger Topher Kessler and CNET senior editor Seth Rosenblatt contributed to this report.
Updated at 1:40 p.m. PT on April 5 with updated removal instructions. Updated on April 6 at 7:44 a.m. PT with info on a second update from Apple, and at 1:55 p.m. PT with information about Dr. Web's Web-based detection utility. Updated on April 9 at 12:30 p.m. PT with independent confirmation that Dr. Web's form is safe for people to use. Updated once again at 4 p.m. PT on April 12 to note the release and details of Apple's own removal tool.
Apple is killing iTunes: Here's what happens to your music now.
How to make your phone screen darker on Android: Follow these tips to reduce screen brightness.
- readingMac Flashback malware: What it is and how to get rid of it (FAQ)
- Jun 9iOS 13 vs. Android Q: iPhone beats Android in some significant ways
- Jun 9iOS 13 could have the health and fitness tools I need
- Jun 9The new iPod Touch looks just like the old one and it's kind of nice
- Jun 8Every important new thing iOS 13 will bring your iPhone this fall
- See All