SecureMac has released a free utility called DNSChanger Removal Tool to remove the DNSChanger Trojan Horse, also known as OSX.RSPlug.A and OSX/Puper, which has been found on numerous pornographic websites disguising itself as a video codec. Once downloaded and installed, DNSChanger changes the DNS settings on the computer, redirecting websites entered by the user to malicious sites. If personal information is entered on these malicious websites, it can lead to identity theft.
If the DNSChanger trojan horse is detected, DNSChanger Removal Tool will give you the option to remove it. If the DNSChanger trojan horse is detected and removed, you will need to restart your computer to clear out the bad DNS entries added by the DNSChanger Trojan Horse.
More info and download link (174KB) here.
Just curious as to why you would need to restart? Surely using lookupd -flushcahe in 10.4 and previous, or the new dscacheutil -flushcache in Leopard would also remove the bad DNS entries.
Maybe I am missing something . . .
Because my granny totally knows how to open up a terminal and enter in those commands…
cool.
now we just need some trojans, and we are all set.
“hey chemist, i am looking for a pack of trojans!”
“damn, just ran out!”
Who is to say that this tool will not do more harm than good?
Think Before You Click applies here as well. People shouldn’t install stuff from untrusted sites.
“Because my granny totally knows how to open up a terminal and enter in those commands…”
“the DNSChanger Trojan Horse, also known as OSX.RSPlug.A and OSX/Puper, which has been found on numerous pornographic websites “
what has granny been doing on her Mac?!?
How do you clear out the console? It lists all the websites you’ve been to, but clearing them through Safari doesn’t affect the console.
well, as I remember, removing a Trojan CAN be a sticky situation….
According to MDN, repeatedly (that means over and over and over) no trojans or other baddies can get into our Macs.
So, ignore this – it’s just more FUD or… hold your breath here… it might be an invader disguised as a protector.
Oooops, slipped again. Shut my mouth!
I hope this Trojan doesn’t break my Mac. I guess it all depends on how deeply it penetrates.
@ignore this.
Well that’s 1 (maybe) out of what, 150k?
You feel better? I know I do…
I downloaded it but I down see the circular impression.
I’m w8n n cn
down should have been
“don’t”
oh crap I can’t even type a joke.
w8nc
@shen
Great quote. Love that movie.
What kind of fool believes that saying the Mac is much safer than Windows means that it is 100% safe?
@@Ignore This
“…what a fool believes he sees
No wise man has the power to reason away…”
-The Doobie Bros.
no trojan found
how can this be I surfed for porn all day all night
no firewall
no password
all file sharing on
still nothing
damn
I guess if I want all the virus fun I need windows!!!!!!!!!!!!!
I don’t suck cocks. I am cool and I’ve been in a soap opera. Yeah!!
I find it amusing that you can get this malware from pornographic web sites. It just shows that you cannot always depend on a trojan.
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
I’ve been surfing for hardcore Russian tranny/midget porn for a week straight and still no trojans, darnit…
🙁
Just curious as to why you would need to restart? Surely using lookupd -flushcahe in 10.4 and previous, or the new dscacheutil -flushcache in Leopard would also remove the bad DNS entries.
Maybe I am missing something . . .
Just an educated guess, but it seems likely that this Trojan modifies your private/etc/hosts file. If you modify your private/etc/hosts file, you need to at least logout and log back in for the changes to take effect, although restarting is as comprehensive, and easier to explain to the average users.
I also read that this Trojan installs some cron jobs to reinfect you if you remove some of the other parts of the infection.
Do the commands you mention do this automatically, or do they have to be explicitly invoked? Unix command line is not for the average Mac user. After all, if we wanted to do that, we would be running Linux!
” width=”19″ height=”19″ alt=”smile” style=”border:0;” />
/etc/hosts can be modified by users. Among the reasons that you might do this is to block annoying ad and spyware sites. A good source for more info is http://www.mvps.org/winhelp2002/ Yeah, it’s Windows oriented, but it does sure block annoying ads on my Mac.
It seems highly unlikely that anyone dumb enough to install an unknown program/plug-in would ever hear about this uninstaller, much less download and run it. You really do have to be either dumb as a post or seriously senile to install something like this “
accidentally.”
Ignore This: According to MDN, repeatedly (that means over and over and over) no trojans or other baddies can get into our Macs.
No one who understands computers ever claims that Trojan horses are impossible for Mac OS X. Back up you claim, show one article on MDN saying that trojans can’t be installed on the Mac. By it’s very nature, trojans depends on the users for installation. There is no bullet proof solutions yet for user stupidity or negligence.
Try not to argue using a strawman argument. It only makes you look stupid.
This trojan is not limited to porn sites! The recent Safari upgrade already showed its worth for me when a site I visited (global warming news) tried to change my DNS server. Safari warned me and asked me if I wanted to continue.
Just watch Less Porno & U’ll be fine.
Look up Lilochris – This trojan is not limited to porn sites!