F-Secure Flashback Removal Tool finding false positive within Firefox on Mac OS Sierra?

Just updated Firefox on Mac OS Sierra 10.12.6 and I used the 2012 F-Secure Flashback Removal Tool  v1.0.2 applescript app and got the message that I was infected.


I suspect this is a false-positive so I didn't opt to remove it and aborted the script. I dragged Firefox into ClamXav and it said it was clean and same with Malwarebytes system scan.


Is the Flashback Removal Tool now defunct and showing a false-positives or should I be concerned that there's a new variant of Flashback that's bypassing Apple's security updates, ClamXav, Malwarebytes, etc.?


The log shows this:


Mon Jun 4 11:28:14 MDT 2018
------- Scanonly mode
2018-06-04 11:28:16.045 defaults[86329:2151689] 
The domain/default pair of (/tmp/RemoveFlashback.86271, DYLD_INSERT_LIBRARIES) does not exist
Found DYLD_INSERT_LIBRARIES in /Applications/Firefox.app/Contents/Info.plist LSEnvironment:



  • Wiffle
    Wiffle Posts: 4 New Member

    Ok, I think I found the problem.  I was using an older version that has issues with false positives.  Found latest version here that fixes issue -



  • Wiffle
    Wiffle Posts: 4 New Member

    Just updated Firefox to latest version and getting yet another alert from FRT even though I updated it to the 1.2.1 version.


    F-Secure, is FRT simply defunct on latest Mac OS Sierra and/or High Sierra now and just going to give me false positives with Firefox?


    If it is now defunct, it would be very helpful if you'd inform us please.

  • [Deleted User]
    [Deleted User] Posts: 0 Former F-Secure Employee

    Hello Wiffle,


    May I know why was this tool used currently on your device? That tool was provided in 2012 and might not be relevant anymore because the vulnerability was fixed. We recommend the customers to update the OS security updates and also update the latest java for Mac OS.

  • Wiffle
    Wiffle Posts: 4 New Member

    Might not be relevant? Sounds like it's defunct and should be labeled as such on your old download pages. The reason I downloaded your tool was because of a bug in some antivirus software that gave me a false-positive for the Flashback trojan and I then found your tool to remove it which also gives me a false-positive related to Firefox plist file.  Sounds like someone should either remove your defunct tool and/or warn people of false positives if they use it today.

This discussion has been closed.