How do I get rid of this Trojan Horse? (OSX.RSPlug.D)

Discussion in 'Mac Basics and Help' started by MacFabulous, Nov 21, 2008.

  1. MacFabulous macrumors member


    Aug 15, 2007
    Copenhagen, Denmark
    Hi guys

    I´m afraid that I unfotunately and naively have downloaded and installed the following Trojan Horse OSX.RSPlug.D on my Mac a while back. I´m not sure though? Do you guys know how to identify this "intruder" and wether or not it´s actually on your system?

    There is a description of it in this link:

    How do I locate and uninstall this again? I have searched my Mac for the filename OSX.RSPlug.D but can´t find it anywhere. Is it hiding somewhere in my system by another name or should I not worry?

    Hope you have some ideas...

    Thanks... :)
  2. hughvane macrumors 6502


    Aug 25, 2008
    Banks Peninsula, New Zealand
    Start by opening Console. Go to Logs, then /var/log then install log. You may find as many as 3 of the last description. You'll remember which date you downloaded the Trojan, so check for that in the logs to see what the codec file name was. Once you've got that, you can search for it with Spotlight or Cmd-F from Finder.

    Another way is to search the System by Date Modified. Go > Computer > System > Library and click the Date Modified column header. Look for the date you know the Trojan was installed.
    Then go to Computer > Library and check there followed by User > Library > Internet Plug-Ins.

    Last thing - use Google to research the codec that the Trojan installed and what software might be offered to remove it. Developments happen rapidly.
  3. emt1 macrumors 65816

    Jan 30, 2008

    From the article:
    I think I have some good advice on preventing this in the future.... :)

Share This Page