Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

How do I get rid of this Trojan Horse? (OSX.RSPlug.D)

MacFabulous

MacFabulous

macrumors member
Original poster
Aug 15, 2007
48
58
Copenhagen, Denmark
Hi guys

I´m afraid that I unfotunately and naively have downloaded and installed the following Trojan Horse OSX.RSPlug.D on my Mac a while back. I´m not sure though? Do you guys know how to identify this "intruder" and wether or not it´s actually on your system?

There is a description of it in this link: http://news.zdnet.com/2424-9595_22-251586.html

How do I locate and uninstall this again? I have searched my Mac for the filename OSX.RSPlug.D but can´t find it anywhere. Is it hiding somewhere in my system by another name or should I not worry?

Hope you have some ideas...

Thanks... :)
 
Start by opening Console. Go to Logs, then /var/log then install log. You may find as many as 3 of the last description. You'll remember which date you downloaded the Trojan, so check for that in the logs to see what the codec file name was. Once you've got that, you can search for it with Spotlight or Cmd-F from Finder.

Another way is to search the System by Date Modified. Go > Computer > System > Library and click the Date Modified column header. Look for the date you know the Trojan was installed.
Then go to Computer > Library and check there followed by User > Library > Internet Plug-Ins.

Last thing - use Google to research the codec that the Trojan installed and what software might be offered to remove it. Developments happen rapidly.
 
MacFabulous said:
Hi guys

I´m afraid that I unfotunately and naively have downloaded and installed the following Trojan Horse OSX.RSPlug.D on my Mac a while back. I´m not sure though? Do you guys know how to identify this "intruder" and wether or not it´s actually on your system?

There is a description of it in this link: http://news.zdnet.com/2424-9595_22-251586.html

How do I locate and uninstall this again? I have searched my Mac for the filename OSX.RSPlug.D but can´t find it anywhere. Is it hiding somewhere in my system by another name or should I not worry?

Hope you have some ideas...

Thanks... :)
Click to expand...


From the article:
The Trojan is found on porn websites posing as a codec needed to play video files, a technique used to trick the user into downloading and installing it.
Click to expand...

I think I have some good advice on preventing this in the future.... :)
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back