Mac Flashback malware info

So you’re a Mac user who has heard that more than half a million Macs have been infected by the recent Flashback malware. When the news began to spread about how the malware took advantage of a previously unpatched Java vulnerability on the Mac, the the horror stories began pouring in. “My dad heard about the Flashback malware and subsequently deleted his Java folder. Now his Mac won’t boot,” a friend told me.

Needless to say, this is not the way to properly nuke a possible Flashback infection or prevent yourself from catching one. Still, there is a reasonable level of concern out there. Maybe you haven’t been keeping up on your antivirus software (and let’s be honest, most Mac users don’t), or perhaps you simply have suspicions about your Mac acting funny. How do you check if you have Flashback, and if you do, how do you (properly) get rid of it?

Head to the Terminal to check for infection

These Terminal commands will give you an easy way to find out whether you have a possible Flashback infection.

First, launch Terminal from /Applications/Utilities on your Mac. Then individually type or paste these three lines into the Terminal:

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

defaults read /Applications/Firefox.app/Contents/Info LSEnvironment

If the Terminal returns back to you lines that look like this:

The domain/default pair of (/Users/jacqui/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist

The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist

The domain/default pair of (/Applications/Firefox.app/Contents/Info, LSEnvironment) does not exist

Then you’re home free and you’re not (yet) infected by Flashback. You can proceed to the “Run Software Update” section of this post. If they do return results, then it’s likely that you are infected. But worry not, as there are ways to get rid of the malware that will only hurt for a second.

How to get rid of Flashback

Here’s where things might get complicated. These removal instructions are from security research firm F-Secure’s removal page. Take us away, F-Secure! (Cue Keyboard Cat now.)

1. Run the following command in Terminal:
   defaults read /Applications/Safari.app/Contents/Info LSEnvironment
2. Take note of the value, DYLD_INSERT_LIBRARIES
3. Proceed to step 8 if you got the following error message: “The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist”
4. Otherwise, run the following command in Terminal:
   grep -a -o ‘__ldpath__[ -~]*’ %path_obtained_in_step2%
5. Take note of the value after “__ldpath__”
6. Run the following commands in Terminal (first make sure there is only one entry, from step 2):
   sudo defaults delete /Applications/Safari.app/Contents/InfoLSEnvironment
   sudo chmod 644 /Applications/Safari.app/Contents/Info.plist
7. Delete the files obtained in steps 2 and 5
8. Run the following command in Terminal:
   defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
9. Take note of the result. Your system is already clean of this variant if you got an error message similar to the following: “The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist”
10. Otherwise, run the following command in Terminal:
    grep -a -o ‘__ldpath__[ -~]*’ %path_obtained_in_step9%
11. Take note of the value after “__ldpath__”
12. Run the following commands in Terminal:
    defaults delete ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
    launchctl unsetenv DYLD_INSERT_LIBRARIES
13. Finally, delete the files obtained in steps 9 and 11.
14. Run the following command in Terminal:
    ls -lA ~/Library/LaunchAgents/
15. Take note of the filename. Proceed only when you have one file. Otherwise contact our customer care.
16. Run the following command in Terminal:
    defaults read ~/Library/LaunchAgents/%filename_obtained_in_step15% ProgramArguments
17. Take note of the path. If the filename does not start with a “.”, then you might not be infected with this variant.
18. Delete the files obtained in steps 15 and 17.

In addition to these steps, F-Secure recommends checking for another variant of Flashback, Flashback.K. The instructions can be found on another page on F-Secure’s website.

Mac Flashback malware info

So you’re a Mac user who has heard that more than half a million Macs have been infected by the recent Flashback malware. When the news began to spread about how the malware took advantage of a previously unpatched Java vulnerability on the Mac, the the horror stories began pouring in. “My dad heard about the Flashback malware and subsequently deleted his Java folder. Now his Mac won’t boot,” a friend told me.

Needless to say, this is not the way to properly nuke a possible Flashback infection or prevent yourself from catching one. Still, there is a reasonable level of concern out there. Maybe you haven’t been keeping up on your antivirus software (and let’s be honest, most Mac users don’t), or perhaps you simply have suspicions about your Mac acting funny. How do you check if you have Flashback, and if you do, how do you (properly) get rid of it?

Head to the Terminal to check for infection

These Terminal commands will give you an easy way to find out whether you have a possible Flashback infection.

First, launch Terminal from /Applications/Utilities on your Mac. Then individually type or paste these three lines into the Terminal:

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

defaults read /Applications/Firefox.app/Contents/Info LSEnvironment

If the Terminal returns back to you lines that look like this:

The domain/default pair of (/Users/jacqui/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist

The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist

The domain/default pair of (/Applications/Firefox.app/Contents/Info, LSEnvironment) does not exist

Then you’re home free and you’re not (yet) infected by Flashback. You can proceed to the “Run Software Update” section of this post. If they do return results, then it’s likely that you are infected. But worry not, as there are ways to get rid of the malware that will only hurt for a second.

How to get rid of Flashback

Here’s where things might get complicated. These removal instructions are from security research firm F-Secure’s removal page. Take us away, F-Secure! (Cue Keyboard Cat now.)

1. Run the following command in Terminal:
   defaults read /Applications/Safari.app/Contents/Info LSEnvironment
2. Take note of the value, DYLD_INSERT_LIBRARIES
3. Proceed to step 8 if you got the following error message: “The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist”
4. Otherwise, run the following command in Terminal:
   grep -a -o ‘__ldpath__[ -~]*’ %path_obtained_in_step2%
5. Take note of the value after “__ldpath__”
6. Run the following commands in Terminal (first make sure there is only one entry, from step 2):
   sudo defaults delete /Applications/Safari.app/Contents/InfoLSEnvironment
   sudo chmod 644 /Applications/Safari.app/Contents/Info.plist
7. Delete the files obtained in steps 2 and 5
8. Run the following command in Terminal:
   defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
9. Take note of the result. Your system is already clean of this variant if you got an error message similar to the following: “The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist”
10. Otherwise, run the following command in Terminal:
    grep -a -o ‘__ldpath__[ -~]*’ %path_obtained_in_step9%
11. Take note of the value after “__ldpath__”
12. Run the following commands in Terminal:
    defaults delete ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
    launchctl unsetenv DYLD_INSERT_LIBRARIES
13. Finally, delete the files obtained in steps 9 and 11.
14. Run the following command in Terminal:
    ls -lA ~/Library/LaunchAgents/
15. Take note of the filename. Proceed only when you have one file. Otherwise contact our customer care.
16. Run the following command in Terminal:
    defaults read ~/Library/LaunchAgents/%filename_obtained_in_step15% ProgramArguments
17. Take note of the path. If the filename does not start with a “.”, then you might not be infected with this variant.
18. Delete the files obtained in steps 15 and 17.

In addition to these steps, F-Secure recommends checking for another variant of Flashback, Flashback.K. The instructions can be found on another page on F-Secure’s website.

2012 Golf Tournament… Aruba….. First place this year !

The view is GOOD from my side of the table…..

Getting paid to be in Vegas for New Years Eve 2012….

So will we perform NYC Times Square for next year ??

After first solo

Fun fun fun….

Warrior Dash Finish Line Emcee was a fun gig in Splendora, TX this month….

Vegas – New Years Eve 2011

http://static.animoto.com/swf/w.swf?w=swf/vp1&e=1326268289&f=2ytYWQ7ZQJXChjR1Gkm36g&d=207&m=a&r=360p&volume=100&start_res=360p&i=m&options=

Fender Passport info

Fifth, there are some easy and quick things to look for inside, such as inline fuses in the power supplies (if they are present), and obvious short circuits. If Fender is willing to share the schematics, which I think they are, try to confirm the presence of the power supply voltages. Beyond that point, you are going to be hauling it to a tech or finding a cheap box mixer to use with the speakers. With a bit more experience, you can guess where to test the power supplies (look for big capacitors) without a schematic. But having the schemo is always a good thing. Now we get into a bit more difficult territory — definitely at the varsity level in terms of necessary experience. The “protect” circuit probably involves a relay on the speaker lines. It is a stereo amp. If one channel is blown, the other might still work, but is not available due to the relay being open. If you can find the output signals before they go to the relay, you can test whether it is one channel or both that are blown. Also, a DC level on either output of more than a few tens of mV is an indication of a dead power amp plus a clue as to a blown output transistor. Or if both channels are good, then the protect circuit is malfunctioning.

 

http://www.musicpartsguru.com

 

 

Partyfest 2011 information

To plan your corporate event or even for wedding ideas, this is a great place to find great vendors !

23rd Annual PARTYFEST!
Date: Wednesday, January 12th, 2011
Place: Dallas Market Hall – Dallas, TX 2200 N. Stemmons Frwy. at Market Center Blvd. Click Here for a map of Dallas Market Hall
Times: 10am-11am Exhibitor Orientation/Networking, 11am-4pm Tradeshow Hours, 11a-4p Silent Auction benefitting YMCA, 12am-3pm Educational Seminars