New Mac Virus: "Flashback"

Recently UCSD began checking for a new Mac virus on our networks. The results have been shocking as to how many machines are infected with this virus. If your machine is found to be infected it will be blocked on the UCSD network until the machine is clean. Kaspersky has created an easy removal tool for this infection which can be found at the following link:

Kaspersky Flashback Removal Tool [.zip]

Before you run the removal tool, back up any important documents you might need to use (essays, projects, etc.). In very rare cases, we have found that running the removal tool with Mac OS X Lion (10.7) may cause the computer to no longer boot correctly as well as affect auto-start configurations, user configurations in browsers, and file sharing data. Kaspersky Labs has also sent out a notification that the bug has been fixed. Please use the tool with caution. If the computer fails to boot properly it can be resolved by doing the following:

  1. Boot into single user mode by restarting the computer and holding down the “command” and “s” key
  2. You will see the computer loading with white text on a black background (it looks like a terminal)
  3. Type: /sbin/mount -uw /
  4. Type the following: rm ~/.MacOSX/environment.plist
  5. Type: exit
  6. Your computer should now be able to properly load your account

Once you run the removal tool, please call the ACMS Help Desk at 858-534-2267 to have your connection reinstated. Also, once you have removed the virus, please run the software update utility on your Mac to ensure that you will not get the infection again. If you do not feel comfortable doing the removal procedure, you can take it to our helpdesk to get serviced.

The emergence of this virus provides an opportunity to review and check your computer’s security to reduce the possibility of getting infected in the future.