F-Secure Flashback Removal Tool finding false positive within Firefox on Mac OS Sierra?
Just updated Firefox on Mac OS Sierra 10.12.6 and I used the 2012 F-Secure Flashback Removal Tool v1.0.2 applescript app and got the message that I was infected.
I suspect this is a false-positive so I didn't opt to remove it and aborted the script. I dragged Firefox into ClamXav and it said it was clean and same with Malwarebytes system scan.
Is the Flashback Removal Tool now defunct and showing a false-positives or should I be concerned that there's a new variant of Flashback that's bypassing Apple's security updates, ClamXav, Malwarebytes, etc.?
The log shows this:
Mon Jun 4 11:28:14 MDT 2018 ------- Scanonly mode 2018-06-04 11:28:16.045 defaults[86329:2151689] The domain/default pair of (/tmp/RemoveFlashback.86271, DYLD_INSERT_LIBRARIES) does not exist Found DYLD_INSERT_LIBRARIES in /Applications/Firefox.app/Contents/Info.plist LSEnvironment:
Comments
-
Ok, I think I found the problem. I was using an older version that has issues with false positives. Found latest version here that fixes issue -
-
Just updated Firefox to latest version and getting yet another alert from FRT even though I updated it to the 1.2.1 version.
F-Secure, is FRT simply defunct on latest Mac OS Sierra and/or High Sierra now and just going to give me false positives with Firefox?
If it is now defunct, it would be very helpful if you'd inform us please.
-
-
Might not be relevant? Sounds like it's defunct and should be labeled as such on your old download pages. The reason I downloaded your tool was because of a bug in some antivirus software that gave me a false-positive for the Flashback trojan and I then found your tool to remove it which also gives me a false-positive related to Firefox plist file. Sounds like someone should either remove your defunct tool and/or warn people of false positives if they use it today.
🚩 What Do You Think?
We’d love your thoughts on our fresh look! Quick survey, big impact!