Originally posted by another user
“The Flashback and the SabPub Trojans are totally different,” Alex Gostev, chief security expert of Kaspersky Lab, told Mashable. “SabPub is classic backdoor Trojan, so it opens full access to a victim’s system for attackers. Flashback and its known variants is downloader and clickjacking bot, which means it conducts click fraud scam by hijacking people’s search engine results inside their web browsers.”
“The latest version of the SabPub Trojan can infect more people than previous versions of this malware, which appeared earlier this year,” Gostev said. “In February, SabPub was exploiting a Microsoft Word vulnerability, which was fixed long time ago. The latest version of SabPub uses the Java exploit to spread infection in a more effective way because the Java exploit is delivered via a drive by download, which occurs when people click on URLs with malware via email.”
Originally posted by another user
to ensure your system is clear, you can check for the malware by going to the Library folder within your user account (hold the Option button and select Library from the Finder's "Go" menu in OS X Lion), and then open the LaunchAgents folder and the Preferences folder within the user library. In the LaunchAgents folder, locate and remove the file called "com.apple.PubSabAgent.plist." Then go to the Preferences folder and remove the file called "com.apple.PubSabAgent.pfile" (note the extension "pfile" instead of "plist"). The first document here is the launcher that keeps the process running, and the second is the process itself.
Alternatively to using the Finder to locate and remove these files, you can run the following two commands in the Terminal application (in the /Applications/Utilities/ folder):
rm ~/Library/LaunchAgents/com.apple.PubSabAgent.plist
rm ~/Library/Preferences/com.apple.PubSabAgent.pfile
Another variant called "MacKontrol" places the files /Library/launched and username/Library/LaunchAgents/com.apple.FolderActionsxl.plist on the system. There is some ambiguity as to whether or not the first file is in the user's library folder or if it is in the global library, but the following commands should remove it from the system:
rm /Library/launched
rm ~/Library/launched
rm ~/Library/LaunchAgents/com.apple.FolderActionsxl.plist
After you have removed these files, log out and log back in to your system to clear them from the system's memory and from the launch manager for your user account.