How To Protect Against Mac Flashback Malware/Trojan

As you all know trends of world are changing :p, so its time for Mac now.  Yes it’s true that some 600,000 Macs are confirmed to have been infected. The claim, first made by Dr. Web.  Now Microsoft’s Windows are not alone in the arena to deal with virus gladiators.  Viruses are the common issues to every OS in the world but, Microsoft has biggest market so viruses of Windows are as popular as its Windows flavors.   But its time to protect the Mac from very famous Malware namely Flashback.

First thing to note is that Flashback is not a technically a virus, it’s a Trojan horse. Both are malicious software, but the main difference is that a Trojan horse cannot infect other computers. Trojan horses typically seem like helpful software, but once installed they make your computer vulnerable to data theft or keystroke logging, among other things.  Here are some thing to do:

  1. Check to see whether your Mac is infected by Mac Flashback. The social-networking news site Mashable has created a script that will do so for you. The instructions are on the Mashable website.
  2. If the script does find an infection, which can be at either or both of two different places in the Mac OS X file system, removal is a bit complicated.  So take the Mac Flashback removal steps detailed by Finnish security firm F-Secure.
  3. CNET has a step-by-step guide  to remove this malicious software as well.


If you experience any one or more of the following symptoms:

  1. – When you start your computer, or when your computer has been idle for many minutes, your – Internet browser opens to display Web site advertisements.
  2. – When you use your browser to view Web sites, other instances of your browser open to display Web site advertisements.
  3. – Your Web browser’s home page unexpectedly changes.
  4. – Web pages are unexpectedly added to your Favorites folder.
  5. – New toolbars are unexpectedly added to your Web browser.
  6. – You cannot start a program.
  7. – When you click a link in a program, the link does not work.
  8. – Your Web browser suddenly closes or stops responding.
  9. – It takes a much longer time to start or to resume your computer.
  10. – Components of Windows or other programs no longer work.


  • If your Regedit, Folder Options and Task Manager is disabled by Autorun Virus then Download this “Remove Restriction Tool“.  Which is very smart tool to re-enable all your disabled options by the viruses.
  • Run the Microsoft Windows Malicious Software Removal Tool
  • Download ATF Cleaner by Microsoft MVP Atribune from
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
  • Click Exit on the Main menu to close the program.
  • Shutdown/restart the computer.
  • Next, download Malwarebytes’ Anti-Malware (Free for personal use) to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • Download, install, update and run: SUPERAntispyware (freeware)


The another common issue of corruption and infection of Explorer.exe Windows OS by Viruses/Malwares.  Follow these guidelines to fix the issue:

Option No. 1

  • CTRL-Alt-Del to bring up Task Manager.
  • Click File | New Task(run).
  • Type regedit in the Run box and click OK.
  • Browse to the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution.options

  • Under this key there will be subkeys named explorer.exe and iexplorer.exe. Delete the explorer and iexplorer keys entirely. They should not be listed under the Image File Execution.Options key.
  • If Explorer.exe is not automatically loading when windows start then change the following registry key:


  • In Winlogon, on the right side, there should be a value called “Shell”.
    Double click this value.  Make sure only ‘Explorer.exe’ is the value of Shell, if anything else is there , simply delete it and leave ‘Explorer.exe’ .
  • Close the Registry Editor.
  • Restart the computer.

Note: You must create registry backup in order to meet any abnormal behavior or accidental deletion of registry entry other than I have describe above.  If your Regedit, Folder Options and Task Manager is disabled by Autorun Virus then Download this “Remove Restriction Tool“.  Which is very smart tool to re-enable all your disabled options by the viruses.

Option No. 2
Click Start>>>click All Programs>>> click Accessories>>> right-click Command Prompt>>> and then click Run as administrator.

If you are prompted for an administrator password or for a confirmation>>> type the password>>> or click Allow

Type the following command>>> and then press ENTER:

SFC /scannow

A message will appear stating that ‘The system scan will begin’.  Be patient because the scan may take some time.

Iif any files require a replace SFC will replace them.  You may be asked to insert your Win7 DVD for this process to continue.

If everything is okay you should, after the scan, see the following message “Windows resource protection did not find any integrity violations”

After the scan has completed, close the command prompt window, restart the computer and check.

The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.

If the above steps fail I would suggest you to deal with Malware.

Read Article regarding removal of Malware :