F-Secure Flashback Removal Tool finding false positive within Firefox on Mac OS Sierra?

Scholar

F-Secure Flashback Removal Tool finding false positive within Firefox on Mac OS Sierra?

Just updated Firefox on Mac OS Sierra 10.12.6 and I used the 2012 F-Secure Flashback Removal Tool  v1.0.2 applescript app and got the message that I was infected.

 

I suspect this is a false-positive so I didn't opt to remove it and aborted the script. I dragged Firefox into ClamXav and it said it was clean and same with Malwarebytes system scan.

 

Is the Flashback Removal Tool now defunct and showing a false-positives or should I be concerned that there's a new variant of Flashback that's bypassing Apple's security updates, ClamXav, Malwarebytes, etc.?

 

The log shows this:

 

Mon Jun 4 11:28:14 MDT 2018
------- Scanonly mode
2018-06-04 11:28:16.045 defaults[86329:2151689] 
The domain/default pair of (/tmp/RemoveFlashback.86271, DYLD_INSERT_LIBRARIES) does not exist
Found DYLD_INSERT_LIBRARIES in /Applications/Firefox.app/Contents/Info.plist LSEnvironment:

 

4 REPLIES 4
Scholar

Re: F-Secure Flashback Removal Tool finding false positive within Firefox on Mac OS Sierra?

Ok, I think I found the problem.  I was using an older version that has issues with false positives.  Found latest version here that fixes issue -

 

https://www.f-secure.com/weblog/archives/00002346.html

Scholar

Re: F-Secure Flashback Removal Tool finding false positive within Firefox on Mac OS Sierra?

Just updated Firefox to latest version and getting yet another alert from FRT even though I updated it to the 1.2.1 version.

 

F-Secure, is FRT simply defunct on latest Mac OS Sierra and/or High Sierra now and just going to give me false positives with Firefox?

 

If it is now defunct, it would be very helpful if you'd inform us please.

Community Manager

Re: F-Secure Flashback Removal Tool finding false positive within Firefox on Mac OS Sierra?

Hello Wiffle,

 

May I know why was this tool used currently on your device? That tool was provided in 2012 and might not be relevant anymore because the vulnerability was fixed. We recommend the customers to update the OS security updates and also update the latest java for Mac OS.

Has somebody helped you? Say thanks by giving likes. Has your issue been solved? Mark the post using "Accept As Solution" button to let others know.
Highlighted
Scholar

Might not be relevant? Sounds like it's defunct and shoul...

Might not be relevant? Sounds like it's defunct and should be labeled as such on your old download pages. The reason I downloaded your tool was because of a bug in some antivirus software that gave me a false-positive for the Flashback trojan and I then found your tool to remove it which also gives me a false-positive related to Firefox plist file.  Sounds like someone should either remove your defunct tool and/or warn people of false positives if they use it today.