Jump to content
InsanelyMac Forum
Sign in to follow this  

Sometimes the fix is worst.

Recommended Posts

Sometimes the solution can cause as much mischief as the problem it's trying to correct. Kaspersky Lab said Thursday that it has suspended the distribution of its tool for removing the Flashback Trojan (sometimes called "Flashfake") that spread like wildfire in Apple's Mac computers this month. The firm pointed to a bug that's causing the tool to mess with user settings in the machines it's supposed to be fixing.

"Kaspersky Lab has identified an issue with its free Kaspersky Flashfake Removal Tool," the company said in a statement on its site. "In some cases it is possible that the use of the tool could result in erroneous removal of certain user settings including auto-start configurations, user configurations in browsers, and file sharing data."

The antivirus vendor said the Flashfake Removal Tool would be made available again once the bug was fixed. Another Flashback tool form Kaspersky, called Flashback Checker, is still up and running, the company said. Flashback Checker doesn't remove the Flashback Trojan, which attacks Macs by way of a Java vulnerability that's been fixed in an updated version of the software. Instead, the Flashback Checker tool scans a user's Mac to see if it's infected and if not, checks if the system has the latest Java update installed to prevent an attack.

Users of the Kaspersky Flashfake Removal Tool who have experienced problems on their computers were encouraged to email techsupport@kaspersky.com or to call the company's Moscow offices at +7 (495) 797-70-32 for round-the-clock assistance in English or Russian.

UPDATE: Kaspersky Lab said early Friday that it has fixed its Flashfake Removal Tool. Here's a statement that a spokesman for the security company sent PCMag:

Kaspersky Lab has successfully fixed its free Kaspersky Flashfake Removal Tool. A bug was identified in the original version of the tool, which was first reported at approximately 17:40 MSK (GMT+4) on April 12. The tool was taken offline for maintenance.

A new version of the tool with the necessary updates was released at 3:30 MSK (GMT +4) on April 13. It is available now and fully operational.

Users can visit www.flashbackcheck.com to verify if they're infected with Flashfake and use the Kaspersky Flashfake Removal Tool to disinfect their computers.

Customers who previously encountered problems with the Flashfake Removal Tool are encouraged to contact Kaspersky Lab's technical support at techsupport@kaspersky.com

Kaspersky Lab apologizes for any inconvenience caused by this issue. The company is focused on creating utilities to keep users safe from infection and will continue to improve its internal processes to prevent such errors from occurring in the future.

Kaspersky is one of several security vendors that have released Flashback detector and removal tools in the past few days.

Dr. Web, the company that originally highlighted the magnitude of the infection, offers an Anti-Flashback online checker and a Light Scanner for OS X tool to detect and remove the infection. Symantec also now has an OSX.Flashback.K Removal Tool, while F-Secure also released its own removal tool, available as a Zip file on its website.

Though somewhat late to the party, Apple on Thursday released its own tool to remove the Flashback malware from compromised Macs. Apple released the fix as a Java update that detects and removes Flashback from infected computers.

This is the third update released by the company this week—the first two closed the Java vulnerability that Flashback was exploiting to infect Macs in the first place. The latest update is essentially the same update closing the vulnerability, but with the removal tool bundled in.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Posts

    • WOL packet is reaching the machine from LAN and from WAN (set with port forwarding), tested with "nc -l -u 9".
    • For me the forum seems reasonably OK, except whenever I see the word 'LOADING' - like when clicking another page of a thread - when it just stops completely and never returns.   I use an adblocker, so adverts aren't slowing me down.  Browsing the forum indexes is not too bad, as is clicking to view any thread.  Ditto clicking a link in an email notification to go to a particular post in a thread.  Sometimes it takes maybe five seconds to load a page, which is a bit too long.  But it's not terrible.   But then whenever I click on any other thread page, which tries to do the in-page content load (without a full page refresh), I see LOADING and then nothing further happens, even after minutes.   It's definitely not related to which content is loaded, but rather how it is loaded.  For example if I go to the index for this forum, then click directly to page 11 of this thread, it loads in 1-5 seconds.  But if I click the link to page 11 within the thread, it never comes back.  I just see this, forever:     This stuck issue seems to me likely something broken (code or configuration?) rather than a general slowdown.  But maybe there's also a general slowdown, especially for those who are seeing adverts.
    • This is as far as I can get with the AMD kexts and the device ID added. They load but the frame buffer isn't loaded. I've tried loading all 7 frame buffers included in the X1000 kext with no luck. From the tests Gigamaxx did there seems to be more luck spoofing as Intel graphics there. More support may come from integrated Vega though, hard to tell.    
    • as documented here it is a sample rate standard and i have also tested it and i can confirm that it works with my audigy rx at least, i have to test it with other cards   https://github.com/audiojs/sample-rate
    • Yes, if i use the EFI folder that I uploaded to the google drive then i do have Intel working properly with QE/CI.