$PARASITEID = '100327'; ?>
Do you know what OSX.RSPlug.A is?
OSX.RSPlug.A is a new variant of the Zlob Trojan which is now affecting Mac OS computers. OSX.RSPlug.A has its own Zlob DNS Changer built into the parasite. This allows the parasite OSX.RSPlug.A to change your computer's DNS settings allowing outsiders to hijack your system. OSX.RSPlug.A may redirect you to web sites and manipulate your search results to show the hacker controlled sites. The DNS settings on your system tell a computer where to connect and to which IP address to connect too. With OSX.RSPlug.A potentially changing the DNS settings it can point your system to a hacker and give them full access to take your computer over.
The Mac OS X version of OSX.RSPlug.A uses the same tactics as the original RSPlug.A parasite did to windows computers over a couple years ago. It may be downloaded with a QuickTime codec in the case of the Mac system. The one step of protection that the Mac has over Windows based computers is when installing a codec it asks for your admin password. If the password is not entered then the codec does not get installed and your chances of become infected with OSX.RSPlug.A are slim.
Macworld has details on how to remove OSX.RSPlug.A from your Mac OS X system.
Manual Removal of OSX.RSPlug.A
- Check in the Library folder for the file named plugins.settings. The location path is: /Library/Internet Plug-Ins/plugins.settings
- Remove the file.
- Removing this file will not eliminate the Trojan totally. You will need to contine to completely remove OSX.RSPlug.A.
- In the Finder, locate /Library > Internet Plug-Ins and then delete the file called plugins.settings.
- Empty the trash.
- In the Terminal, type in sudo contab -r and then provide your admin password. This will delete the root job that checks on the DNS settings.
- Open the Network System Preferences panel. Go to the DNS Sever box and copy the entries.
- Paste or re-type the same values in the box.
- Click Apply.
- Reboot your computer.