Kaspersky kills flawed FlashBack removal tool

Update: Company had fixed the Flashfake Removal Tool and releases updated Version.

Russian antivirus firm Kaspersky has taken down its removal tool for Mac users infected with the FlashBack Trojan after users began complaining it bricked their machines. 

Forbes first reported troubles that users of Kaspersky’s removal tool were having, citing several complaints on Apple’s user forum.

One user complained that after installing Kaspersky's tool and restarting the machine “that’s where the trouble began”. That user’s Mac was caught in a frozen state.    

A Kaspersky spokesperson confirmed to Forbes it had “identified an issue with its free Kaspersky Flashfake Removal Tool”.

In some cases the “tool could result in erroneous removal of certain user settings including auto-start configurations, user configurations in browsers, and file sharing data”, the spokesperson added.

The security vendor first promoted its removal tool in an April 9 press release.

Security vendors have rallied around the Flashback botnet as the FlashBack Trojan that destroyed the myth that Apple is immune to malware.

At its height the Trojan was confirmed to have infected over 600,000 users but within a week been scaled back by around half, according to a Symantec report yesterday.

Several antivirus vendors have released free detection and removal tools for infections that occurred prior to Apple’s sluggishly released security update on April 3 that closed a Java flaw that Oracle had offered a fix for weeks prior.

Apple says it is working with “ISPs worldwide to disable this command and control network”.

Update: A Kaspersky Lab spokesperson emailed CSO Australia advising the company had fixed the Flashfake Removal Tool and releases updated Version.

"Kaspersky Lab has successfully fixed its free Kaspersky Flashfake Removal Tool. A bug was identified in the original version of the tool, which was first reported at approximately 17:40 MSK (GMT+4) on April 12. The tool was taken offline for maintenance.

A new version of the tool with the necessary updates was released at 3:30 MSK (GMT +4) on April 13. It is available now and fully operational.

Users can visit www.flashbackcheck.com to verify if they’re infected with Flashfake and use the Kaspersky Flashfake Removal Tool to disinfect their computers.

Customers who previously encountered problems with the Flashfake Removal Tool are encouraged to contact Kaspersky Lab’s technical support at techsupport@kaspersky.com

Kaspersky Lab apologises for any inconvenience caused by this issue. The company is focused on creating utilities to keep users safe from infection and will continue to improve its internal processes to prevent such errors from occurring in the future"

Join the CSO newsletter!

Error: Please check your email address.

More about AppleetworkKasperskyKasperskyOracleSKSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts