Wednesday 11 April 2012

Free Mac malware removal tools (Flashback)

OS X, the operating system that powers modern Apple Mac computers, has been under attack by a threat that may have compromised more than half a million computers.

The Flashback Trojan is possibly the most prevalent malware threat yet unleashed against the Mac. So far Apple has made little comment but recently announced that it would create a tool to detect and remove the threat. It also suggests disabling Java, which seems a rather short-term and inconvenient solution.

Until that tool arrives worried owners can check their systems and remove the threat courtesy of anti-virus companies keen to help and, no doubt, hoping to make a good first impression on a significant new market.

Dr.Web Anti-Flashback online checker
To see if you are infected...

Dr.Web Light Scanner for OS X
(direct download | web page) clean the system, if you are. This is a free anti-virus scanner for OS X.

F-Secure Flashback Removal
(direct download | web page)
Dedicated Flashback removal tool.

Kaspersky Flashfake Removal Tool
(direct download | web page)
Dedicated Flashback removal tool.

Symantec OSX.Flashback.K Removal Tool
(direct download | web  page)
Dedicated Flashback removal tool.


UPDATE (12/04/2012): I have uploaded a ten year-old article I wrote about OS X security. Much of it is still relevant today, sadly.

UPDATE (12/04/2012, 1714): Added Symantec OSX.Flashback.K Removal Tool.

UPDATE (13/04/2012, 1058): Apple has announced the Java security update, which takes the extraordinary measure of disabling Java applets. You can turn them on but, if you don't use that feature for an unspecified period of time it will disable them again. I understand the logic of this approach, but it seems a little anti-user rather than anti-malware to me.


  1. I believe there is a high risk of doing actually a huge disservice to Mac users, if they get used to downloading "cleanup scripts" without checking the trustworthiness of the download site. If the links in this article were replaced with malware links, I believe many of even pretty savvy users could not tell the difference.

    I'd rather only link to the provider's cleanup tool download page (in https) instead of the tool binary directly, so that at least the download location is obvious and credible. In this kind of articles I would also highlight the importance to be alert what to run because this may not be as obvious to Mac users than is for Windows users (which I don't think is too obvious either).

  2. That's a fair point. I have now added web page links but continued to list direct downloads for the convenience of those who prefer them.

  3. I have Tiger (10.4.11), so cannot make use of the new update. I'm not even sure I'm infected, have tried various suggested options to find out, but results have been ambiguous. What to do? Thanks for any help you may provide.

    By the way, Hack, #6, might be "A debilitating and persistent cough"; #7, "Vernacular for taxicab".