How to uninstall the Flashback Trojan

 The Flashback trojan is a Mac virus that now has control of over 600,000 Macs. It poses as the Adobe Flash Player Updater and exploits a security hole in Java. It then steals all your user names and passwords for popular websites. Apple released a Java update that fixes the problem. Download Java for Mac OS X 10.6 Update 7 (Snow Leopard users) or Java for OS X Lion 2012-002 (Lion users). Both these links are to Apple KB articles that describe the update and allow you to download the installer package.

Recently there was a question posted on Ask Different asking Is my Mac infected with the Flashback trojan? I posted an answer to the question, which was voted up quite a bit and was accepted by the asker. Here are instructions from F-Secure on how to check for the Flashback trojan, and remove it:

1. Run the following command in Terminal (Applications> Utilities >Terminal
   
   defaults read /Applications/Safari.app/Contents/Info LSEnvironment
   
2. Take note of the value DYLD_INSERT_LIBRARIES
3. Proceed to step 8 if you got the following error message:
   
   The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist
   
4. Otherwise, run the following command in Terminal:
   
   grep -a -o '__ldpath__[ -~]*' %path_obtained_in_step2%
   
   
5. Take note of the value after "__ldpath__"
   
6. Run the following commands in Terminal (first make sure there is only one entry from step 2):
   
   sudo defaults delete /Applications/Safari.app/Contents/Info LSEnvironment

sudo chmod 644 /Applications/Safari.app/Contents/Info.plist
   
7. Delete the files obtained in steps 2 and 5.
8. Run the following command in Terminal:
   
   defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
   
9. Take note of the result. Your system is already clean of this variant if you got an error message similar to the following:
   
   "The domain/default pair of (/Users/joe/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist"
   
10. Otherwise, run the following command in Terminal:
    
    grep -a -o '__ldpath__[ -~]*' %path_obtained_in_step9%
    
11. Take note of the value after "__ldpath__"
    
12. Run the following commands in Terminal:
    
    defaults delete ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

launchctl unsetenv DYLD_INSERT_LIBRARIES
13. Finally, delete the files obtained in steps 9 and 11.

An alternative to the Terminal method is Flashback Checker. It is a free little application that checks for the trojan and tell you whether you are infected or not.