10/01/2011

[macsupport] Digest Number 8469

Messages In This Digest (23 Messages)

1a.
Re: Reappearing tracking cookies and how to delete them? From: jamesrob@sonic.net
1b.
Re: Reappearing tracking cookies and how to delete them? From: vixpix
1c.
Re: Reappearing tracking cookies and how to delete them? From: Harry Flaxman
1d.
Re: Reappearing tracking cookies and how to delete them? From: vixpix
1e.
Re: Reappearing tracking cookies and how to delete them? From: Michael Stupinski
1f.
Re: Reappearing tracking cookies and how to delete them? From: Vixpix
1g.
Re: Reappearing tracking cookies and how to delete them? From: Michael Stupinski
1h.
Re: Reappearing tracking cookies and how to delete them? From: Jurgen Richter
1i.
Re: Reappearing tracking cookies and how to delete them? From: Patsy Price
1j.
Re: Reappearing tracking cookies and how to delete them? From: Mr X
1k.
Re: Reappearing tracking cookies and how to delete them? From: Harry Flaxman
1l.
Re: Reappearing tracking cookies and how to delete them? From: vixpix
1m.
Re: Reappearing tracking cookies and how to delete them? From: Randy B. Singer
2a.
Re: Identifiing and Dealing with the Flash Installer Trojan From: Eric
2b.
Re: Identifiing and Dealing with the Flash Installer Trojan From: Randy B. Singer
3.
Yahoo Log In From: Betty Jenkins
4a.
Converting VOB file for Mac From: harpangel36
4b.
Re: Converting VOB file for Mac From: Harry Flaxman
4c.
Re: Converting VOB file for Mac From: Randy B. Singer
5a.
Looking for Applescript help From: DaveC
5b.
Re: Looking for Applescript help From: Otto Nikolaus
6a.
Re: [ebmug] Identifiing and Dealing with the Flash Installer Trojan From: Randy B. Singer
6b.
Re: [ebmug] Identifiing and Dealing with the Flash Installer Trojan From: Paulette

Messages

1a.

Re: Reappearing tracking cookies and how to delete them?

Posted by: "jamesrob@sonic.net" jamesrob@sonic.net   jamesrob328i

Fri Sep 30, 2011 5:35 am (PDT)





--- In macsupportcentral@yahoogroups.com, "Randy B. Singer" <randy@...> wrote:

> I should note that, in addition to the normal type of cookies, there
> is a far more insidious type of cookie called a Flash Cookie.
>
> You can delete these with:
>
> Flush (free)
> http://machacks.tv/2009/01/27/flushapp-flash-cookie-removal-tool-for-
> os-x/
> or
> http://is.gd/GZ7u1q
>
> More info:
> http://www.orzeszek.org/blog/2009/08/12/how-to-delete-flash-cookies-
> conveniently/
>
> As a side benefit, you might find that your browser is now world's
> faster. I've seen some cases where a user has flushed over a
> thousand Flash cookies!
>
> ___________________________________________
> Randy B. Singer
> Co-author of The Macintosh Bible (4th, 5th, and 6th editions)
>
> Macintosh OS X Routine Maintenance
> http://www.macattorney.com/ts.html
> ___________________________________________
>
Is there any downside to deleting these en masse? Is information stored in these that make my interaction with, say, user forums where I have accounts, more seamless?

I read what's available about Flush.app on their page as well as the Wikipdedia article about local shared objects and couldn't find any warnings about problems that might result, and I found more than 2500 of them in the two locations where Wikepedia says they're stored.

Bottom line, will I miss any of them after they're gone?

;-)

1b.

Re: Reappearing tracking cookies and how to delete them?

Posted by: "vixpix" vixpix@frontiernet.net   nyskater

Fri Sep 30, 2011 6:54 am (PDT)



These cookies must not be related to Flash, as these pesky little things keep coming back. I'm sure every one of you guys have this too, if you look.

Vickie

Sent from a spoiled little iPad

On Sep 29, 2011, at 9:59 PM, "Randy B. Singer" <randy@macattorney.com> wrote:

>
> On Sep 29, 2011, at 4:34 PM, vixpix wrote:
>
>> Can someone tell me how to permanently delete cookies? What folder
>> do they all reside in?
>
> I should note that, in addition to the normal type of cookies, there
> is a far more insidious type of cookie called a Flash Cookie.
>
> You can delete these with:
>
> Flush (free)
> http://machacks.tv/2009/01/27/flushapp-flash-cookie-removal-tool-for-
> os-x/
> or
> http://is.gd/GZ7u1q
>
> More info:
> http://www.orzeszek.org/blog/2009/08/12/how-to-delete-flash-cookies-
> conveniently/
>
> As a side benefit, you might find that your browser is now world's
> faster. I've seen some cases where a user has flushed over a
> thousand Flash cookies!
>
> ___________________________________________
> Randy B. Singer
> Co-author of The Macintosh Bible (4th, 5th, and 6th editions)
>
> Macintosh OS X Routine Maintenance
> http://www.macattorney.com/ts.html
> ___________________________________________
>
>
>
>
>
> ------------------------------------
>
> Group FAQ:
> <http://www.macsupportcentral.com/policies/>
>
> Yahoo! Groups Links
>
>
>

1c.

Re: Reappearing tracking cookies and how to delete them?

Posted by: "Harry Flaxman" harry.flaxman@comcast.net   hflaxman001

Fri Sep 30, 2011 6:58 am (PDT)



On 9/30/2011 9:55 AM, vixpix wrote:
> These cookies must not be related to Flash, as these pesky little things keep coming back. I'm sure every one of you guys have this too, if you look.
>
> Vickie
>
> Sent from a spoiled little iPad
>
> On Sep 29, 2011, at 9:59 PM, "Randy B. Singer"<randy@macattorney.com> wrote:
>
>> >
>> > On Sep 29, 2011, at 4:34 PM, vixpix wrote:
>> >
>>> >> Can someone tell me how to permanently delete cookies? What folder
>>> >> do they all reside in?
>> >
>> > I should note that, in addition to the normal type of cookies, there
>> > is a far more insidious type of cookie called a Flash Cookie.
>> >
>> > You can delete these with:
>> >
>> > Flush (free)
>> > http://machacks.tv/2009/01/27/flushapp-flash-cookie-removal-tool-for-
>> > os-x/
>> > or
>> > http://is.gd/GZ7u1q

Saw a CNET podcast this morning, The Buzz Report, that stated that
Facebook claims this is a bug that will be fixed. They have supposedly
been able to track anyone, even if they're logged off.

I don't believe that for one moment, but at least, they'll be 'fixing' it!

Harry

1d.

Re: Reappearing tracking cookies and how to delete them?

Posted by: "vixpix" vixpix@frontiernet.net   nyskater

Fri Sep 30, 2011 7:13 am (PDT)



It's not just Facebook. I've got cookies from Google, Mashable, adverting, and dozens more. I wonder if this only happens in Safari and not Firefox.

Vickie

Sent from a spoiled little iPad

On Sep 30, 2011, at 9:57 AM, Harry Flaxman <harry.flaxman@comcast.net> wrote:

> On 9/30/2011 9:55 AM, vixpix wrote:
>> These cookies must not be related to Flash, as these pesky little things keep coming back. I'm sure every one of you guys have this too, if you look.
>>
>> Vickie
>>
>> Sent from a spoiled little iPad
>>
>> On Sep 29, 2011, at 9:59 PM, "Randy B. Singer"<randy@macattorney.com> wrote:
>>
>>>>
>>>> On Sep 29, 2011, at 4:34 PM, vixpix wrote:
>>>>
>>>>>> Can someone tell me how to permanently delete cookies? What folder
>>>>>> do they all reside in?
>>>>
>>>> I should note that, in addition to the normal type of cookies, there
>>>> is a far more insidious type of cookie called a Flash Cookie.
>>>>
>>>> You can delete these with:
>>>>
>>>> Flush (free)
>>>> http://machacks.tv/2009/01/27/flushapp-flash-cookie-removal-tool-for-
>>>> os-x/
>>>> or
>>>> http://is.gd/GZ7u1q
>
>
> Saw a CNET podcast this morning, The Buzz Report, that stated that
> Facebook claims this is a bug that will be fixed. They have supposedly
> been able to track anyone, even if they're logged off.
>
> I don't believe that for one moment, but at least, they'll be 'fixing' it!
>
> Harry
>
>
>
>
> ------------------------------------
>
> Group FAQ:
> <http://www.macsupportcentral.com/policies/>
>
> Yahoo! Groups Links
>
>
>

1e.

Re: Reappearing tracking cookies and how to delete them?

Posted by: "Michael Stupinski" stupnski@tiac.net   mstupinski

Fri Sep 30, 2011 7:17 am (PDT)



Well, if I'm not mistaken, if you regularly access financial accounts,
for example, you will likely be rejected if you don't have accepting
cookies enabled. That means you would have to accept them for the
session and then delete them for each session if you don't want to
keep any cookies at all on your machine. I have mine set to accept
cookies only from sites to which I navigate. I was unaware of Flash
Cookies until I saw Randy's response, but I don't think financial
sites use them. I'll guess I'll find out, as soon as I download and
use Flush per the recommendation!

...........Mike

On Sep 30, 2011, at 8:35 AM, jamesrob@sonic.net wrote:

>
>
> --- In macsupportcentral@yahoogroups.com, "Randy B. Singer"
> <randy@...> wrote:
>
>> I should note that, in addition to the normal type of cookies, there
>> is a far more insidious type of cookie called a Flash Cookie.
>>
>> You can delete these with:
>>
>> Flush (free)
>> http://machacks.tv/2009/01/27/flushapp-flash-cookie-removal-tool-for-
>> os-x/
>> or
>> http://is.gd/GZ7u1q
>>
>> More info:
>> http://www.orzeszek.org/blog/2009/08/12/how-to-delete-flash-cookies-
>> conveniently/
>>
>> As a side benefit, you might find that your browser is now world's
>> faster. I've seen some cases where a user has flushed over a
>> thousand Flash cookies!
>>
>> ___________________________________________
>> Randy B. Singer
>> Co-author of The Macintosh Bible (4th, 5th, and 6th editions)
>>
>> Macintosh OS X Routine Maintenance
>> http://www.macattorney.com/ts.html
>> ___________________________________________
>>
> Is there any downside to deleting these en masse? Is information
> stored in these that make my interaction with, say, user forums
> where I have accounts, more seamless?
>
> I read what's available about Flush.app on their page as well as the
> Wikipdedia article about local shared objects and couldn't find any
> warnings about problems that might result, and I found more than
> 2500 of them in the two locations where Wikepedia says they're stored.
>
> Bottom line, will I miss any of them after they're gone?
>
> ;-)
>
>
>
>
>
> ------------------------------------
>
> Group FAQ:
> <http://www.macsupportcentral.com/policies/>
>
> Yahoo! Groups Links
>
>
>

1f.

Re: Reappearing tracking cookies and how to delete them?

Posted by: "Vixpix" vixpix@frontiernet.net   nyskater

Fri Sep 30, 2011 7:28 am (PDT)



I just saw this information on tracking cookies:
http://www.blogotechblog.com/2011/09/protect-yourself-from-facebook-tracking/

Vickie

[Non-text portions of this message have been removed]

1g.

Re: Reappearing tracking cookies and how to delete them?

Posted by: "Michael Stupinski" stupnski@tiac.net   mstupinski

Fri Sep 30, 2011 7:29 am (PDT)



OK, I've run Flush, which found about 920 Flash Cookies and deleted
them all. Normal cookies remain apparently untouched and I wasn't
rejected by any of the financial sites I visited.

............Mike

On Sep 30, 2011, at 10:17 AM, Michael Stupinski wrote:

> Well, if I'm not mistaken, if you regularly access financial accounts,
> for example, you will likely be rejected if you don't have accepting
> cookies enabled. That means you would have to accept them for the
> session and then delete them for each session if you don't want to
> keep any cookies at all on your machine. I have mine set to accept
> cookies only from sites to which I navigate. I was unaware of Flash
> Cookies until I saw Randy's response, but I don't think financial
> sites use them. I'll guess I'll find out, as soon as I download and
> use Flush per the recommendation!
>
> ...........Mike
>
> On Sep 30, 2011, at 8:35 AM, jamesrob@sonic.net wrote:
>
>>
>>
>> --- In macsupportcentral@yahoogroups.com, "Randy B. Singer"
>> <randy@...> wrote:
>>
>>> I should note that, in addition to the normal type of cookies, there
>>> is a far more insidious type of cookie called a Flash Cookie.
>>>
>>> You can delete these with:
>>>
>>> Flush (free)
>>> http://machacks.tv/2009/01/27/flushapp-flash-cookie-removal-tool-
>>> for-
>>> os-x/
>>> or
>>> http://is.gd/GZ7u1q
>>>
>>> More info:
>>> http://www.orzeszek.org/blog/2009/08/12/how-to-delete-flash-cookies-
>>> conveniently/
>>>
>>> As a side benefit, you might find that your browser is now world's
>>> faster. I've seen some cases where a user has flushed over a
>>> thousand Flash cookies!
>>>
>>> ___________________________________________
>>> Randy B. Singer
>>> Co-author of The Macintosh Bible (4th, 5th, and 6th editions)
>>>
>>> Macintosh OS X Routine Maintenance
>>> http://www.macattorney.com/ts.html
>>> ___________________________________________
>>>
>> Is there any downside to deleting these en masse? Is information
>> stored in these that make my interaction with, say, user forums
>> where I have accounts, more seamless?
>>
>> I read what's available about Flush.app on their page as well as the
>> Wikipdedia article about local shared objects and couldn't find any
>> warnings about problems that might result, and I found more than
>> 2500 of them in the two locations where Wikepedia says they're
>> stored.
>>
>> Bottom line, will I miss any of them after they're gone?
>>
>> ;-)
>>
>>
>>
>>
>>
>> ------------------------------------
>>
>> Group FAQ:
>> <http://www.macsupportcentral.com/policies/>
>>
>> Yahoo! Groups Links
>>
>>
>>
>
>
>
> ------------------------------------
>
> Group FAQ:
> <http://www.macsupportcentral.com/policies/>
>
> Yahoo! Groups Links
>
>
>

1h.

Re: Reappearing tracking cookies and how to delete them?

Posted by: "Jurgen Richter" yahoo-1@sympatico.ca   epsongroups

Fri Sep 30, 2011 8:09 am (PDT)



A great little stand-alone script - thanks Randy

I also use the Better Privacy plugin on Firefox. I also use Safari more
and more, but keep Firefox running just to keep the Better Privacy
plugin running. Can't believe how many of these Flash cookies get loaded
through Safari.
With the BP plugin, it shows right under my toolbar in Firefox and
notifies me when one of these LSO cookies is stored. I then have an
opportunity to delete them directly (it goes to a window and shows you
which LSO are stored, you get to choose which you want to delete.)

This is in addition to managing regular cookies too, which I routinely
purge.

Cheers

1i.

Re: Reappearing tracking cookies and how to delete them?

Posted by: "Patsy Price" beyondwords@shaw.ca   beyondwords2

Fri Sep 30, 2011 10:11 am (PDT)



>Is there any downside to deleting these en masse? Is information
>stored in these that make my interaction with, say, user forums
>where I have accounts, more seamless? ...
>Bottom line, will I miss any of them after they're gone?

Well, I used Flush.app to delete all my Flash cookies
yesterday---just around 50 on this new-to-me iMac with everything
cleanly installed two months ago, including ClickToPlugin, and Safari
as my main browser.

The first thing I discovered was that I had lost my scores for
Flash-based puzzles I do regularly (JigSawDoku). So that I won't lose
those again, after I did a new puzzle and new Flash cookies were
created, I found them in Finder and applied a color label. I'll do
the same with any others I wish I hadn't deleted. Next time, before I
use Flush.app, I'll temporarily move those to a safe place. Will a
new folder on the desktop be safe enough?

Patsy

1j.

Re: Reappearing tracking cookies and how to delete them?

Posted by: "Mr X" x255075@gmail.com   x255075

Fri Sep 30, 2011 10:30 am (PDT)




Hi:

I had been using Flush with no problems before. Now I get this message:

File Macintosh
HD:users:myname:library:preferences:macromedia:
flash player wasn't found

Not sure what to do....

Thanks, Azim

Mr X's Hardware Overview:
 Model Name: iMac
 Identifier: iMac5,1
 Processor Name: Intel Core 2 Duo
 Processor Speed: 2.16 GHz
 Number Of Processors: 1
 Total Number Of Cores: 2
 L2 Cache: 4 MB
 Memory: 4 GB
 Bus Speed: 667 MHz
 Boot ROM Version: IM51.0090.B09
 SMC Version: 1.9f4
 System: Mac OS X 10.6.8 Snow Leopard
 Memory Slots 0 and 1: 2 GB each

On 2011.Sep.30, at 10:10 AM, Patsy Price wrote:

>Is there any downside to deleting these en masse? Is information
>stored in these that make my interaction with, say, user forums
>where I have accounts, more seamless? ...
>Bottom line, will I miss any of them after they're gone?

Well, I used Flush.app to delete all my Flash cookies
yesterday---just around 50 on this new-to-me iMac with everything
cleanly installed two months ago, including ClickToPlugin, and Safari
as my main browser.

The first thing I discovered was that I had lost my scores for
Flash-based puzzles I do regularly (JigSawDoku). So that I won't lose
those again, after I did a new puzzle and new Flash cookies were
created, I found them in Finder and applied a color label. I'll do
the same with any others I wish I hadn't deleted. Next time, before I
use Flush.app, I'll temporarily move those to a safe place. Will a
new folder on the desktop be safe enough?

Patsy

[Non-text portions of this message have been removed]

1k.

Re: Reappearing tracking cookies and how to delete them?

Posted by: "Harry Flaxman" harry.flaxman@comcast.net   hflaxman001

Fri Sep 30, 2011 10:39 am (PDT)



On 9/30/2011 1:30 PM, Mr X wrote:
> Hi:
>
> I had been using Flush with no problems before. Now I get this message:
>
> File Macintosh
> HD:users:myname:library:preferences:macromedia:
> flash player wasn't found
>
> Not sure what to do....
>
> Thanks, Azim
I get that when there are no Flash cookies to be 'flushed'. It's
happened in 10.6 and 10.7.

Harry

1l.

Re: Reappearing tracking cookies and how to delete them?

Posted by: "vixpix" vixpix@frontiernet.net   nyskater

Fri Sep 30, 2011 10:52 am (PDT)



When I used Flush, it almost looked like an error message from Terminal. Not sure it was working properly. Any suggestions?

Vickie

Sent from a spoiled little iPad

On Sep 30, 2011, at 1:38 PM, Harry Flaxman <harry.flaxman@comcast.net> wrote:

> On 9/30/2011 1:30 PM, Mr X wrote:
>> Hi:
>>
>> I had been using Flush with no problems before. Now I get this message:
>>
>> File Macintosh
>> HD:users:myname:library:preferences:macromedia:
>> flash player wasn't found
>>
>> Not sure what to do....
>>
>> Thanks, Azim
> I get that when there are no Flash cookies to be 'flushed'. It's
> happened in 10.6 and 10.7.
>
> Harry
>
>
>
>
> ------------------------------------
>
> Group FAQ:
> <http://www.macsupportcentral.com/policies/>
>
>
>

1m.

Re: Reappearing tracking cookies and how to delete them?

Posted by: "Randy B. Singer" randy@macattorney.com   randybrucesinger

Fri Sep 30, 2011 4:45 pm (PDT)




On Sep 30, 2011, at 5:35 AM, jamesrob@sonic.net wrote:

> Is there any downside to deleting these en masse? Is information
> stored in these that make my interaction with, say, user forums
> where I have accounts, more seamless?

I had over a thousand of them. When I deleted all of them the only
site that acted any differently was Pandora. It no longer had my pre-
set "channels."

Note that Flash cookies are not legitimate standard cookies. They
are covert and not designed for what you would normally accept
cookies to be doing.

Has anyone else noticed a huge performance increase in Safari after
deleting them?

___________________________________________
Randy B. Singer
Co-author of The Macintosh Bible (4th, 5th, and 6th editions)

Macintosh OS X Routine Maintenance
http://www.macattorney.com/ts.html
___________________________________________

2a.

Re: Identifiing and Dealing with the Flash Installer Trojan

Posted by: "Eric" emanmb@yahoo.com   emanmb

Fri Sep 30, 2011 9:20 am (PDT)



Also Sophos for Mac has been updated as well and is also free.

--- In macsupportcentral@yahoogroups.com, "Randy B. Singer" <randy@...> wrote:
>
> I've been receiving a lot of private e-mails about how to tell if you
> have been infected by the recent Flash Installer Trojan Horse. This
> should make it easy. The free anti-virus program ClamXav has been
> updated to detect and deal with this Trojan Horse. It identifies it
> as: "OSX.Flashback ". Installing and running ClamXav is quick and easy.
>
> ClamXav (free)
> http://www.clamxav.com/
>
>
> ___________________________________________
> Randy B. Singer
> Co-author of The Macintosh Bible (4th, 5th, and 6th editions)
>
> Macintosh OS X Routine Maintenance
> http://www.macattorney.com/ts.html
> ___________________________________________
>

2b.

Re: Identifiing and Dealing with the Flash Installer Trojan

Posted by: "Randy B. Singer" randy@macattorney.com   randybrucesinger

Fri Sep 30, 2011 4:47 pm (PDT)




On Sep 30, 2011, at 9:20 AM, Eric wrote:

> Also Sophos for Mac has been updated as well and is also free.

Thanks, I know. However, I don't recommend fully interactive anti-
virus software at this time. This sort of software can cause more
problems than it cures.

Mac OS X anti-virus software: More trouble than it's worth? | MacFixIt
http://reviews.cnet.com/8301-13727_7-10331147-263.html

___________________________________________
Randy B. Singer
Co-author of The Macintosh Bible (4th, 5th, and 6th editions)

Macintosh OS X Routine Maintenance
http://www.macattorney.com/ts.html
___________________________________________

3.

Yahoo Log In

Posted by: "Betty Jenkins" bboopj@yahoo.com   BBoopj

Fri Sep 30, 2011 11:07 am (PDT)





I get the popup error box on my Yahoo Plus account; The Yahoo! POP server �plus.pop.mail.yahoo.com� rejected the password for user �bboopj@yahoo.com

I then get prompted to enter my password and save it. The password is being saved correctly in the KeyChain. After this, the error will return in some few minutes.

Apple support has tried several things without any improvement. Yahoo support appears to be limited to changing to changing password or upgrading account.

Would appreciate any help.

4a.

Converting VOB file for Mac

Posted by: "harpangel36" harpangel36@yahoo.com   harpangel36

Fri Sep 30, 2011 5:51 pm (PDT)



I have a DVD that I need to convert to a compatible format to put in an iPhoto slideshow. Are there any free or low cost programs that will do this? I have handbrake and Evom but they didn't work for that.

4b.

Re: Converting VOB file for Mac

Posted by: "Harry Flaxman" harry.flaxman@comcast.net   hflaxman001

Fri Sep 30, 2011 6:01 pm (PDT)



On 9/30/2011 8:51 PM, harpangel36 wrote:
> I have a DVD that I need to convert to a compatible format to put in an iPhoto slideshow. Are there any free or low cost programs that will do this? I have handbrake and Evom but they didn't work for that.
>
>
>
> ---------------------------------

Handbrake works. It's here: handbrake.fr

Free, fast and easy!
\
Harry

4c.

Re: Converting VOB file for Mac

Posted by: "Randy B. Singer" randy@macattorney.com   randybrucesinger

Sat Oct 1, 2011 12:11 am (PDT)




On Sep 30, 2011, at 5:51 PM, harpangel36 wrote:

> I have a DVD that I need to convert to a compatible format to put
> in an iPhoto slideshow.

This one is free and excellent:

MPEGStreamClip (free)
http://www.squared5.com/

___________________________________________
Randy B. Singer
Co-author of The Macintosh Bible (4th, 5th, and 6th editions)

Macintosh OS X Routine Maintenance
http://www.macattorney.com/ts.html
___________________________________________

5a.

Looking for Applescript help

Posted by: "DaveC" davec2468@yahoo.com   davec2468

Fri Sep 30, 2011 11:19 pm (PDT)



Anybody on the list care to answer a few basic questions? Or point me
somewhere I can ask these?

I presume it's a bit OT for the List...

Off-list if you prefer.

Thanks,
Dave

5b.

Re: Looking for Applescript help

Posted by: "Otto Nikolaus" otto.nikolaus@googlemail.com   nikyzf

Sat Oct 1, 2011 3:25 am (PDT)



We must have some members who can help. Why not give it a try?

Otto

On 1 October 2011 07:19, DaveC <davec2468@yahoo.com> wrote:

> Anybody on the list care to answer a few basic questions? Or point me
> somewhere I can ask these?
>
> I presume it's a bit OT for the List...
>
> Off-list if you prefer.
>

[Non-text portions of this message have been removed]

6a.

Re: [ebmug] Identifiing and Dealing with the Flash Installer Trojan

Posted by: "Randy B. Singer" randy@macattorney.com   randybrucesinger

Fri Sep 30, 2011 11:51 pm (PDT)



There are some new findings with regard to the Flash Installer Trojan
Horse.

There are two signatures in ClamXav for this Trojan currently. Apple
currently has eight
definitions, all for the same Mac Trojan. A sample collected of the
Trojan from a malware site does not match any of these.
Further when the sample was
uploaded to a site that scans it with 43 different anti-virus
products, none of them
caught it, either. It would appear that the bad guys are able to
change the
Trojan�s signature while retaining it's functionality. So you
probably need to uninstall this Trojan manually if you have been
infected. At this point you probably have to assume that no anti-
virus software is effective for eradicating it from your Mac.

A sample from the same site was analyzed by someone who
installed the Trojan in a sandbox environment and posted his results
here
<https://discussions.apple.com/message/16247297#16247297>

Nobody who has been infected has reported any symptoms other than
finding that Little
Snitch had been disabled. Whatever the Trojan was doing (probably
"phoning home")
was being done in the background.

So here is what I recommend if you think you might have installed
it. Download a copy of:

EasyFind (free)
http://www.devon-technologies.com/download/index.html
(scroll to the bottom of the page)
You will be using EasyFind to find and delete all of the files that
the Trojan has left on your system. Spotlight will not work for
this, as Spotlight isn�t designed to search in system areas, and it
won�t search for invisible files.

Set EasyFind to search only for files and folders, and to also search
for invisibile files and folders.

See if any of these files are installed in your user directory:

.MacOSX/environment.plist
Library/LaunchAgents/com.apple.SystemUI.plist
Library/Preferences/perflib
Library/Preferences/Preferences.dylib
Library/Logs/swlog

The first is a hidden folder, so don�t leave out the leading period
in your search. None of these four
belong on your computer so if you find them, you have been infected
and if
they are not there, you are not infected.

If you are running "Little Snitch" check to see if it has been
disabled in
some way.

If you are not infected look in your download folder for a file named
"FlashPlayer-11-macos.pkg". That is the Trojan installer and needs to go
directly to the Trash. Infected users will not find this file as it
destroys
itself after completing the installation.

If you are infected you must trash all five files during the same
session or
you may not be able to log back in to your account. That especially
applies
to the one in the hidden folder which may exist on normal Macs but is
replaced by the one the Trojan installs. If that is the only one of the
listed files you find, leave it alone.

Now some good news. The installer distribution site has been down for
the
last day and a half. It could be temporary, they could have moved it
(but I
have not read any new reports during that time), they may be
regrouping or
they may have satisfied whatever their objective was. I prefer to think
their computers were all confiscated when the police arrested them all.

___________________________________________
Randy B. Singer
Co-author of The Macintosh Bible (4th, 5th, and 6th editions)

Macintosh OS X Routine Maintenance
http://www.macattorney.com/ts.html
___________________________________________

6b.

Re: [ebmug] Identifiing and Dealing with the Flash Installer Trojan

Posted by: "Paulette" behindmylens@gmail.com   paulette1031

Sat Oct 1, 2011 12:12 am (PDT)



Thank you for this Randy. I did everything suggested and computer is
clean. Whew.

Paulette
Visit my photo gallery: http://www.pbase.com/gsds4me
Kiva, loans that change lives http://www.kiva.org/

On Sat, Oct 1, 2011 at 4:51 PM, Randy B. Singer <randy@macattorney.com>wrote:

> There are some new findings with regard to the Flash Installer Trojan
> Horse.
>
> There are two signatures in ClamXav for this Trojan currently. Apple
> currently has eight
> definitions, all for the same Mac Trojan. A sample collected of the
> Trojan from a malware site does not match any of these.
> Further when the sample was
> uploaded to a site that scans it with 43 different anti-virus
> products, none of them
> caught it, either. It would appear that the bad guys are able to
> change the
> Trojan�s signature while retaining it's functionality. So you
> probably need to uninstall this Trojan manually if you have been
> infected. At this point you probably have to assume that no anti-
> virus software is effective for eradicating it from your Mac.
>
> A sample from the same site was analyzed by someone who
> installed the Trojan in a sandbox environment and posted his results
> here
> <https://discussions.apple.com/message/16247297#16247297>
>
> Nobody who has been infected has reported any symptoms other than
> finding that Little
> Snitch had been disabled. Whatever the Trojan was doing (probably
> "phoning home")
> was being done in the background.
>
> So here is what I recommend if you think you might have installed
> it. Download a copy of:
>
> EasyFind (free)
> http://www.devon-technologies.com/download/index.html
> (scroll to the bottom of the page)
> You will be using EasyFind to find and delete all of the files that
> the Trojan has left on your system. Spotlight will not work for
> this, as Spotlight isn�t designed to search in system areas, and it
> won�t search for invisible files.
>
> Set EasyFind to search only for files and folders, and to also search
> for invisibile files and folders.
>
> See if any of these files are installed in your user directory:
>
> .MacOSX/environment.plist
> Library/LaunchAgents/com.apple.SystemUI.plist
> Library/Preferences/perflib
> Library/Preferences/Preferences.dylib
> Library/Logs/swlog
>
> The first is a hidden folder, so don�t leave out the leading period
> in your search. None of these four
> belong on your computer so if you find them, you have been infected
> and if
> they are not there, you are not infected.
>
> If you are running "Little Snitch" check to see if it has been
> disabled in
> some way.
>

[Non-text portions of this message have been removed]

Recent Activity
Visit Your Group
Sitebuilder

Build a web site

quickly & easily

with Sitebuilder.

Yahoo! Finance

It's Now Personal

Guides, news,

advice & more.

Ads on Yahoo!

Learn more now.

Reach customers

searching for you.

Need to Reply?

Click one of the "Reply" links to respond to a specific message in the Daily Digest.

Create New Topic | Visit Your Group on the Web
MARKETPLACE

Stay on top of your group activity without leaving the page you're on - Get the Yahoo! Toolbar now.