How do I get rid of this Trojan Horse? (OSX.RSPlug.D)

Discussion in 'Mac Basics and Help' started by MacFabulous, Nov 21, 2008.

  1. MacFabulous macrumors newbie

    MacFabulous

    Joined:
    Aug 15, 2007
    Location:
    Copenhagen, Denmark
    #1
    Hi guys

    I´m afraid that I unfotunately and naively have downloaded and installed the following Trojan Horse OSX.RSPlug.D on my Mac a while back. I´m not sure though? Do you guys know how to identify this "intruder" and wether or not it´s actually on your system?

    There is a description of it in this link: http://news.zdnet.com/2424-9595_22-251586.html

    How do I locate and uninstall this again? I have searched my Mac for the filename OSX.RSPlug.D but can´t find it anywhere. Is it hiding somewhere in my system by another name or should I not worry?

    Hope you have some ideas...

    Thanks... :)
     
  2. hughvane macrumors 6502

    hughvane

    Joined:
    Aug 25, 2008
    Location:
    Banks Peninsula, New Zealand
    #2
    Start by opening Console. Go to Logs, then /var/log then install log. You may find as many as 3 of the last description. You'll remember which date you downloaded the Trojan, so check for that in the logs to see what the codec file name was. Once you've got that, you can search for it with Spotlight or Cmd-F from Finder.

    Another way is to search the System by Date Modified. Go > Computer > System > Library and click the Date Modified column header. Look for the date you know the Trojan was installed.
    Then go to Computer > Library and check there followed by User > Library > Internet Plug-Ins.

    Last thing - use Google to research the codec that the Trojan installed and what software might be offered to remove it. Developments happen rapidly.
     
  3. emt1 macrumors 65816

    Joined:
    Jan 30, 2008
    Location:
    Wisconsin
    #3

    From the article:
    I think I have some good advice on preventing this in the future.... :)
     

Share This Page