Skip to main content

Kaspersky Lab Recalls its Flashfake Removal Tool for Macs

Earlier this week, security firm Kaspersky Lab released a tool for removing the Flashback/Flashfake malware. The release followed news that around 670,000 computers worldwide were infected, 98-percent of which were likely running Mac OS X. Even more, 300,917 of those infected computers were found to reside within the United States, followed by Canada (94,625), the United Kingdom (47,109) and more.

But now Kaspersky is reporting that its detection tool actually had a bug that could cause problems for Mac users. "In some cases it is possible that the use of the tool could result in erroneous removal of certain user settings including auto-start configurations, user configurations in browsers, and file sharing data, the company said on Thursday in an email to Tom's. "The Kaspersky Flashfake Removal Tool has been temporarily suspended. The company will release an updated version of the utility with the bug corrected and will send a notification as soon as it’s available."

"In the event that users experienced problems due to the use of the Flashfake Removal Tool, they should contact Kaspersky support at techsupport@kaspersky.com or by calling Moscow at +7 (495) 797-70-32 for 24/7 help in English or Russian," the company added. "Kaspersky Lab apologizes for any inconvenience caused by this issue and is working diligently to correct the problem."

As reported earlier this week, Apple is supposedly working on its own Flashback/Flashfake removal tool. So far a release date hasn't been set, but the company says it's working with ISPs worldwide to disable the C&C network. The Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions, Apple states.

For now Apple suggests that users running Max OS X v10.5 or earlier can better protect themselves by disabling Java in the web browser's preferences. section.

"Apple released a Java update on April 3, 2012 that fixes the Java security flaw for systems running OS X v10.7 and Mac OS X v10.6," Apple reports. "By default, your Mac automatically checks for software updates every week, but you can change that setting in Software Update preferences. You can also run Software Update at any time to manually check for the latest updates."

Mac users concerned that they might be infected with Flashback/Flashfake can still use Kaspersky's online tool to scan their system. This dedicated site is safe for users to visit and enter their computer’s UUID, which will be checked in Kaspersky Lab’s Flashfake database of infected computers (instructions for entering user UUIDs are included as well). If the UUID is found in Kaspersky's database, then infected Mac users will need to download and run the fixed removal tool when it becomes available.

  • Trialsking
    Welcome Apple users to the PC experience!
    Reply
  • willard
    trialskingWelcome Apple users to the PC experience!But Macs don't get viruses! Steve Jobs told me so!
    Reply
  • jackbling
    This is only funny because of the comments on the previous article, "Apple is taking their sweet time, while kaspersky already has a tool released".

    I wouldnt want to be the dev, who published that kaspersky fix, right now.

    That being said, tis the nature of the beast; break/fix
    Reply
  • Marco925
    You have to call Moscow!?
    Reply
  • freggo
    Wouldn't you think that the actual maker of the OS (may that be Apple, Linux or Windows) would be the perfect authority to create/release fixes for virus infestations?
    I mean, who knows the OS better than the folks who made it.

    3rd party A/V companies present a clear conflict of interest as they make a living from new infestations while OS makers would benefit from providing a secure and stable OS.

    If -in theory- hackers and idiots would stop making malware AV companies would be instantly out of business while OS makers would not be impacted at all; ergo the above mentioned conflict of interest.

    Reply
  • tokencode
    I don't know why they're removing honestly, what would you rather have, an infected machine with you user preferences or a clean machine that you have to reset your preferences?

    It's better than Apple's interim solution of disabling Java...
    Reply
  • killerclick
    If Steve Jobs were alive, he'd be railing against Java and Oracle now as he had against Flash and Adobe.
    Reply
  • Vladislaus
    killerclickIf Steve Jobs were alive, he'd be railing against Java and Oracle now as he had against Flash and Adobe.Apple doesn't use Oracle's JRE, but uses it's own. That is why almost all computers infected with Flashback are Macs.
    Reply
  • killerclick
    VladislausApple doesn't use Oracle's JRE, but uses it's own. That is why almost all computers infected with Flashback are Macs.
    But it was developed by Sun, which was bought by Oracle, and Apple is infallible so... :D
    Reply
  • slayvus
    If Steve Jobs were alive he would tell them they were holding the mouse wrong and that there was no virus.
    Reply