Want CNET to notify you of price drops and the latest stories?

F-secure releases free Flashback removal script for OS X

The new free tool adds to the growing community effort to help affected Mac users remove the malware from their systems.

Topher Kessler MacFixIt Editor
Topher, an avid Mac user for the past 15 years, has been a contributing author to MacFixIt since the spring of 2008. One of his passions is troubleshooting Mac problems and making the best use of Macs and Apple hardware at home and in the workplace.
Topher Kessler
2 min read

The Flashback malware for OS X has been one of the largest attacks to date on OS X, which at its peak on April 6 affected an estimated 600,000 systems running OS X. While developments regarding this malware's mode of infection and the scope of the problem have been concerning, efforts by those in the Mac community are underway to tackle and remove the problem. So far, these efforts have cut the number of infected systems in half in just under five days.

This effort has stemmed from the availability of instructions on how to manually detect and remove the malware, detailed analysis of the problem by F-Secure and others, and detection tools made available by security firm Dr. Web and even by those in the Apple community discussions. There have also been extensive efforts by those on the Apple Discussion forums to help people remove the malware from their systems.

Malware Removal Tool notification
When the tool is run, it will notify you of the status of any Flashback malware on your system. Screenshot by Topher Kessler/CNET

Extending this effort, today security company F-Secure has released a new Flashback removal tool, which will detect and repair the damage done by known variants of the Flashback malware. The tool is a free standalone AppleScript application that is separate from F-Secure's antivirus scanner, which performs the same routines as has been outlined in current instructions for manually removing the tool and logs its findings in a file on the user's desktop. The only difference is instead of immediately deleting the malware, it extracts it from your system and saves it in a zip archive that you can optionally send to security companies for analysis, or simply delete if desired.

Even if you have followed manual instructions to remove this malware, we recommend you download and run this tool to ensure your system is free from the malware, especially if you are unfamiliar with the use of the OS X Terminal.

This new tool by F-Secure is another advancement by the Mac community against this threat that accompanies not only manual instructions and help from community members, but also swiftly updated definitions for Sophos, ClamXav, VirusBarrier, and other malware scanners for detecting the malware. On Apple's end, even though the extent of this infection stemmed largely from Apple's delay in issuing a patch for known Java vulnerabilities, the company finally released the patch and has further announced its own Flashback removal tool is in the works.

It's hope that these, and the continuing efforts by the Apple community, will reduce the prevalence of this infection to a minimum.

Questions? Comments? Have a fix? Post them below or email us!
Be sure to check us out on Twitter and the CNET Mac forums.