The script performs the 'defaults read' commands that f-secure recommend in step 1 & step 9 of their detection instructions.
The script does this for every known browser (hardcoded in the source), since it seems that's how flashback works. This is probably overkill since it has only been detected in Safari & Firefox.
To run the script grab flashback-test.sh from github.com.
- Open up the downloaded tar.gz
- cd [drop expanded folder into Terminal]
- chmod 755 flashback-test.sh
If you don't see a big OK, go check the f-secure.com instructions to verify you are infected & remove it.
Note: Tested on 10.6.8
Grab & run it this…
mkdir flashback && curl -L https://gist.github.com/gists/2314150/download | tar xz --strip 1 -C flashback; cd flashback; chmod 755 flashback-test.sh; ./flashback-test.sh