I decided to throw together a malware removal tool that can go through a computer and dig out ALL traces of ALL known malware for the mac.
I've got the app coded and it works nicely, but I'm finding problems getting complete information. On numerous occasions I'm finding instructions like "open this folder and remove anything that looks sort of like "this"...." or "remove the xyz plugin from this folder". Without giving me actual filenames, I can't really code it.
I *could* scan files and look for things though. For example, macdefender is well-known to go by many names. It's not difficult to just quickly check all the files in /Library/LaunchAgents" for a keyword or the path to the malware to identify and remove the agent, regardless of its name. But again I need to know what to look for.
The biggest problem I have right now is so many places recommending removing browser plugins, by simply going to the safari plugin list and removing anything that "looks like xxx". So again I don't really have a proper complete name.
I had someone come in here a few weeks ago that may have quite possibly had
all of the mac malware installed on her macbook. It took me about 1/2 hr to get it all removed by hand. I kinda wish I had taken some sort of snapshot of it before I started, so that I'd have more to go on with this script. Tempts me slightly to fresh image a mac and go "looking for trouble" and then see what I have to sort out.
fyi here is one of the bigger sources I was using:
http://www.thesafemac.com/arg-identification/
