University of Oregon

Removing the Flashback Virus on Macs


The Flashback virus takes advantage of a vulnerability in Java to install itself on computers. Apple has released an update to remove and prevent against this virus in the future. The update is available only for Mac OS X 10.6 or higher because Apple no longer support the older versions of SO X.

If the computer is running 10.5 or lower, the current remedy for the virus is to use a standalone virus remover like F-Secure. Then, after the virus has been removed, disable Java. Enable it when you need it, then disable it again.

WARNING: Removing any viruses has the possibility of data loss. It is recommended to backup important data before following the steps below. When backing up try to transfer individual files files to help prevent backing up the virus along with the files.

The Technology Service Desk provides virus removal to students, staff, and faculty. If you have any questions about our service or the procedure below please contact the Technology Service Desk.

First, check to see what version of OS X the computer is running:

  1. Click on the apple symbol in the top right hand corner of the screen.

  2. Now click on "About This Mac"

  3. Under "Mac OS X" it will show the version number, such as "10.6.8"

If the the computer is running 10.6 or higher:

  1. Connect the computer to the internet via ethernet cable and have them plug in their charger.

  2. Click on the apple symbol in the upper right hand corner.

  3. Now click on "Software Update..."

  4. It will look for updates then when the bar is done loading click show details.

  5. Find and make sure the update "Java for OS X 2012-XXX" and "Security Update" are checked.

  6. Now click Install and wait for the computer to download and install the updates.

  7. Once the computer has restarted check for additional updates.

If the computer is running 10.5:

  1. Go to F-Secure's website here and download the latest zip file.

  2. Extract the Zip file by double clicking on it.

  3. Now double click on the file called "FlashbackRemoval"

  4. It will show the terms of service, click accept if you agree.

  5. If shows that the virus has been found and removed reboot the computer and run it one more time to verify that it is gone.

  6. Once the scan shows up as clean go to the web browser(s) on the computer and disable Java.

  7. If a trusted website requires Java temporally reliable it until leaving the site.

Disabling Java

In Safari

  1. Launch Safari

  2. Click "Safari" at the top left had corner of the screen.

  3. Now click on "Preferences".

  4. Then click on the Security tab.

  5. Remove the check mark next to Enable Java in the Web Content: section.

  6. Close the Preferences window.

In Firefox

  1. Launch Firefox

  2. Click on "Firefox" at the top left had corner of the screen.

  3. Now click on "Preferences".

  4. Then go to the general tab.

  5. Click on "Manage Add-ons..."

  6. Then click on Plugins in the left hand corner of the window.

  7. Locate the item named Java Plug-in 2 for NPAPI Browsers and click the Disable button.

  8. Close the Add-ons manager and the Firefox Preferences window.