Jump to content

Sometimes the fix is worst.


1 post in this topic

Recommended Posts

Sometimes the solution can cause as much mischief as the problem it's trying to correct. Kaspersky Lab said Thursday that it has suspended the distribution of its tool for removing the Flashback Trojan (sometimes called "Flashfake") that spread like wildfire in Apple's Mac computers this month. The firm pointed to a bug that's causing the tool to mess with user settings in the machines it's supposed to be fixing.

"Kaspersky Lab has identified an issue with its free Kaspersky Flashfake Removal Tool," the company said in a statement on its site. "In some cases it is possible that the use of the tool could result in erroneous removal of certain user settings including auto-start configurations, user configurations in browsers, and file sharing data."

The antivirus vendor said the Flashfake Removal Tool would be made available again once the bug was fixed. Another Flashback tool form Kaspersky, called Flashback Checker, is still up and running, the company said. Flashback Checker doesn't remove the Flashback Trojan, which attacks Macs by way of a Java vulnerability that's been fixed in an updated version of the software. Instead, the Flashback Checker tool scans a user's Mac to see if it's infected and if not, checks if the system has the latest Java update installed to prevent an attack.

Users of the Kaspersky Flashfake Removal Tool who have experienced problems on their computers were encouraged to email techsupport@kaspersky.com or to call the company's Moscow offices at +7 (495) 797-70-32 for round-the-clock assistance in English or Russian.

UPDATE: Kaspersky Lab said early Friday that it has fixed its Flashfake Removal Tool. Here's a statement that a spokesman for the security company sent PCMag:

Kaspersky Lab has successfully fixed its free Kaspersky Flashfake Removal Tool. A bug was identified in the original version of the tool, which was first reported at approximately 17:40 MSK (GMT+4) on April 12. The tool was taken offline for maintenance.

A new version of the tool with the necessary updates was released at 3:30 MSK (GMT +4) on April 13. It is available now and fully operational.

Users can visit www.flashbackcheck.com to verify if they're infected with Flashfake and use the Kaspersky Flashfake Removal Tool to disinfect their computers.

Customers who previously encountered problems with the Flashfake Removal Tool are encouraged to contact Kaspersky Lab's technical support at techsupport@kaspersky.com

Kaspersky Lab apologizes for any inconvenience caused by this issue. The company is focused on creating utilities to keep users safe from infection and will continue to improve its internal processes to prevent such errors from occurring in the future.

Kaspersky is one of several security vendors that have released Flashback detector and removal tools in the past few days.

Dr. Web, the company that originally highlighted the magnitude of the infection, offers an Anti-Flashback online checker and a Light Scanner for OS X tool to detect and remove the infection. Symantec also now has an OSX.Flashback.K Removal Tool, while F-Secure also released its own removal tool, available as a Zip file on its website.

Though somewhat late to the party, Apple on Thursday released its own tool to remove the Flashback malware from compromised Macs. Apple released the fix as a Java update that detects and removes Flashback from infected computers.

This is the third update released by the company this week—the first two closed the Java vulnerability that Flashback was exploiting to infect Macs in the first place. The latest update is essentially the same update closing the vulnerability, but with the removal tool bundled in.

Link to comment
Share on other sites


  • Create New...