Kaspersky kills flawed FlashBack removal tool
- — 13 April, 2012 09:15
Russian antivirus firm Kaspersky has taken down its removal tool for Mac users infected with the FlashBack Trojan after users began complaining it bricked their machines.
Forbes first reported troubles that users of Kaspersky’s removal tool were having, citing several complaints on Apple’s user forum.
One user complained that after installing Kaspersky's tool and restarting the machine “that’s where the trouble began”. That user’s Mac was caught in a frozen state.
A Kaspersky spokesperson confirmed to Forbes it had “identified an issue with its free Kaspersky Flashfake Removal Tool”.
In some cases the “tool could result in erroneous removal of certain user settings including auto-start configurations, user configurations in browsers, and file sharing data”, the spokesperson added.
The security vendor first promoted its removal tool in an April 9 press release.
Security vendors have rallied around the Flashback botnet as the FlashBack Trojan that destroyed the myth that Apple is immune to malware.
At its height the Trojan was confirmed to have infected over 600,000 users but within a week been scaled back by around half, according to a Symantec report yesterday.
Several antivirus vendors have released free detection and removal tools for infections that occurred prior to Apple’s sluggishly released security update on April 3 that closed a Java flaw that Oracle had offered a fix for weeks prior.
Apple says it is working with “ISPs worldwide to disable this command and control network”.
Update: A Kaspersky Lab spokesperson emailed CSO Australia advising the company had fixed the Flashfake Removal Tool and releases updated Version.
"Kaspersky Lab has successfully fixed its free Kaspersky Flashfake Removal Tool. A bug was identified in the original version of the tool, which was first reported at approximately 17:40 MSK (GMT+4) on April 12. The tool was taken offline for maintenance.
A new version of the tool with the necessary updates was released at 3:30 MSK (GMT +4) on April 13. It is available now and fully operational.
Users can visit www.flashbackcheck.com to verify if they’re infected with Flashfake and use the Kaspersky Flashfake Removal Tool to disinfect their computers.
Customers who previously encountered problems with the Flashfake Removal Tool are encouraged to contact Kaspersky Lab’s technical support at firstname.lastname@example.org
Kaspersky Lab apologises for any inconvenience caused by this issue. The company is focused on creating utilities to keep users safe from infection and will continue to improve its internal processes to prevent such errors from occurring in the future"