Re: “Flash installer” trojans …

From MacFixIt (here):

Again, this malware is very rare and will not affect most Macs out there, but if you suspect one of your Macs has been infected then you can do a rudimentary check on your system by running the following two commands in the Terminal (copy and paste them):

defaults read /Applications/Safari.app/Contents/Info.plist LSEnvironment

defaults read /Applications/Firefox.app/Contents/Info.plist LSEnvironment

These commands will read the property list within the applications and check to see if they have been modified to launch other applications when opened. In the output for these commands, if you see text that includes “DYLD_INSERT_LIBRARIES” followed by a path that points to a specific file, then your system has been infected. If you do not see this text output and instead see “The domain/default pair…does not exist,” then your system has not been infected.

Security: “defaults read /Applications/Firefox.app/Contents/Info.plist LSEnvironment”

(Via .)