OSX.RSPlug.A
OSX.RSPlug.A is a Trojan that disguises as a multimedia plug-in required to play a video. OSX.RSPlug.A will modify DNS settings on the infected computer and run a malicious scripts. This Trojan will target machines that are running in OSX operating system. It may be downloaded on to the system by exploiting browser and social engineering exploits.
Aliases: OSX/RSPlug-A, OSX/Puper
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
Technical Details and Additional Information:
What can OSX.RSPlug.A do to infected system?
- The Trojan will modify DNS settings to redirect web site.
- It will update crontab to be able to run a malicious script.
- It sends stolen information like CPU type, User ID and host name to an specified URL.
Malicious Files Added by OSX.RSPlug.A
/Library/Internet Plug-Ins/plugins.settings
/Library/Internet Plug-Ins/sendreq
/Library/Internet Plug-Ins/Mozillaplug.plugins
OSX.RSPlug.A – Removal
Removing OSX.RSPlug.A Manually:
1. Install anti-virus program.
2. Update the virus definitions.
3. Restart the computer
4. Run a full system scan and clean/delete all infected file(s)