Free Trojan Removal Tool for OS X Available Now

SecureMac has introduced a free Trojan Detection Tool for Mac OS X. The DNSChanger Removal Tool detects and removes spyware targeting Mac OS X. Called DNSChanger Trojan and also known as OSX.RSPlug.A Trojan Horse the software attacks users attempting to play a fake video file. Upon attempting to play the video, the victim receives the following message: "Quicktime Player is unable to play movie file. Please click here to download new version of codec."

Upon running the installer, the user's DNS records are modified, redirecting incoming internet traffic through the attacker's servers, where it can be hijacked and injected with malicious websites and pornographic advertisements. The trojan also installs a watchdog process that ensures the victim's DNS records stay modified on a minute-by-minute basis. SecureMac's DNSChanger Removal Tool allows users to check to see if the trojan has been installed on their computer; if it has, the software helps to identify and remove the offending file. After a system reboot, the users' DNS records will be repaired.

View: Full Story @ PC World

Report a problem with article
Previous Story

CES2008: Channel 10 interviews Robert Bach

Next Story

FCC to investigate Comcast BitTorrent filtering

68 Comments

Commenting is disabled on this article.

See that little green "R" that's to the right over there... yeah.. that thing. That means reply. The purple button allows you to quote someone. A-maze-za-zing, huh?

Hey you two, you got this weekends lottery results as you both seem to be able to tell the future?

Your lack of being able to deal with something as trivial as a discussion on Macs and viruses makes me pity you.

evo_spook said,
Hey you two, you got this weekends lottery results as you both seem to be able to tell the future?

4 8 15 16 23 42

Doesn't matter which lottery you play, that will win this weekend. You seem to be able to predict the future, too, with your assertions that your PC is bullet-proof...

Its SAFE CAUSE THERE HAS YET BEING NO VIRUS of the NAME in the Wild!!

when there is lets speak again


Many of those threads have no actual slamming of MS

how is finding a use for the touch table slamming?
how is not selling the zune outside of the US slamming?

Yes, yes, none in the wild ... no need for a removal tool, they're just wasting their time...

You heard him folks!!!! Nothing to see here, move along! Its a removal tool for something that doesn't exist, keep moving!

Kelxin said,
Yes, yes, none in the wild ... no need for a removal tool, they're just wasting their time...

You heard him folks!!!! Nothing to see here, move along! Its a removal tool for something that doesn't exist, keep moving!

LMAO :)
+1

evo_spook said,
thats pretty desperate finding if you classing them as Bashing :-)

Ok... No more desperate than you claiming that someone saying Mac users are naive for assuming their unprotected computer is safe is "bashing Apple". We're done. You have no interest in logic or civilized debate.

By the way, did you notice ONE person voted for this story, and gave it a 5 out of 5? Was it you? No, because it was me, a Windows user.

So you admit, you just come to troll cause OSX because you're annoyed that they arn't plagued by virus, you're so annoyed you've made it your mission to come here and cause disturbance everytime theres a mac story.

Hey, you have windows folks going on how much better a Windows PC is, its better for this and that, why not also going make it your mission to taken them down a peg or two, they're just as annoying.

evo_spook said,
So you admit, you just come to troll cause OSX because you're annoyed that they arn't plagued by virus, you're so annoyed you've made it your mission to come here and cause disturbance everytime theres a mac story.

Hey, you have windows folks going on how much better a Windows PC is, its better for this and that, why not also going make it your mission to taken them down a peg or two, they're just as annoying.

You've pooped in quite a few Microsoft stories yourself, so not much room for finger pointing there.

Mac users don't own Mac news any more than Windows users own the Windows news. If you have that much of a problem with people commenting on Mac news, you should try a Mac-only site.

And for the record, the only difference between the Intel Macs and a standard PC is Apple's Trusted Platform Module. (And the price.)

hahah read into it waht you like, i really dont care if mac has viruses or not (i would if i used one), i just dont like people claiming things are better than they are, hell i dont care that windows has viruses, i've never persaonlly been infected, but at least windows users will admit windows has issues...

also if only mac users commented on articles like these then poeple that dont know anythign will assume that 'mac is perfect', i bitch about MS all the time too if you had payed any attention, but I'll leave my MS bitching for the MS articles... if by asking questinos and tryig to make you realise mac aint perfect is causing a disturbance then you really do have issues... all i can say is each to their own, you use what suits you and i will use what suits me... just dont come and tell me OSX has never had a virus adn never will...it is the ignorance that annoys me..

the fact is if a security pacth is released it is becasue there was a security issue, it really is that plain and that simple..

GreyWolfSC said,

You've pooped in quite a few Microsoft stories yourself, so not much room for finger pointing there.

Mac users don't own Mac news any more than Windows users own the Windows news. If you have that much of a problem with people commenting on Mac news, you should try a Mac-only site.

And for the record, the only difference between the Intel Macs and a standard PC is Apple's Trusted Platform Module. (And the price.)

show me where I've bashed windows, go on, go on??????????????

evo_spook said,

show me where I've bashed windows, go on, go on??????????????

I said Microsoft, not Windows. but I figured you'd say that, so I made a list. (Starting with the top story on the site, too.)

http://www.neowin.net/news/main/08/01/10/c...face?cid=608237
http://www.neowin.net/news/main/08/01/06/w...ures?cid=607172
http://www.neowin.net/forum/index.php?show...amp;p=589116720
http://www.neowin.net/forum/index.php?show...amp;p=589024346
http://www.neowin.net/forum/index.php?show...amp;p=589024378
http://www.neowin.net/forum/index.php?show...amp;p=589024113

This last one isn't you bashing Microsoft, it's you complaining about people discussing Mac and Windows and a mod telling what you should do if you don't like people disagreeing with you.
http://www.neowin.net/forum/index.php?show...amp;p=588230693

If you want me to search and find all the times you slammed Windows users let me know.

Look, if you windows platform is so great, get back to it rather then troll ever Mac story you can find, change the record, its always the usual suspects, everytimes theres a Mac story, you can tick off one by one the usual suspect who will come in to kick up a stink

i dont think windwos is that great, it does what i need and OSx doesnt, thats why i use it. I kow the issues and i know how to deal with them.. patch, update, run AV and firewall....every time there is a MAC security issue you can tick off all the MAC users that deny, make excuses, and claim 'it doesn't count for some reason' (althoguh LTD has been quiet on this one)

I think it is 'some' mac users (not all, as there are some mac users that understand how computers do work) ignorance and blind faith in OSX being so secure that annoys people. statements like "Only thing is, this will never happen. Next ludicrous scenario please" dont help the cause..as we all know you cant comment on things that dont even exist yet, OS's are coded up by humans, humans make mistakes...

elvenseven said,
"Get a Mac - It Just Works" :laugh:

The computer's not the problem. It's the assumption that it's impervious that is.

GreyWolfSC said,

The computer's not the problem. It's the assumption that it's impervious that is.

Yes true, except, its not a big assumption, as except for this poor show for a trojan there is anything yet to hit the mac community. The bigger assumption is that it is just due to percentages.

evo_spook said,

Yes true, except, its not a big assumption, as except for this poor show for a trojan there is anything yet to hit the mac community. The bigger assumption is that it is just due to percentages.

if you believe it is an assumption then you are simply ignorant..why woudl anyone write a virus that affects 7% of the worlds computers, when they can write one that affects 80%, if you have aareasonable explanatino for that please let me know...

"The major source of threat to Linux systems at present seems to be exploits on browsers such as Firefox and Opera, just as in the Windows world the exploits are on Internet Explorer and Firefox."
that link doesnt really prove anything.. except that running as a non admin user is the safest way to protect a machine, which by the way i can do in windows...

Two reaosns to create a virus.

1) Obtain or break into a system
2) Cause mahem and be a ****
3) Steal Information.

If I wanted to do that I would target as large a possible audiance as possible ( point who cares made ) or I would target servers which often store data or on large connections capaable of being used as a fast spamming DOS etc attack platform.

Last time I checked the ratio of mac servers to linux servers was pretty low.

You sound like a child that has discovered something new.

Anti-virus and such has been available for OSX for a while now. Nothing new.

markjensen said,
You sound like a child that has discovered something new.

Anti-virus and such has been available for OSX for a while now. Nothing new.

But to hear the Apple "fanboys" you would get the impression that it was new and unheard of.

Foub said,

But to hear the Apple "fanboys" you would get the impression that it was new and unheard of. :)

strange.....

when ever we get news stories about OSX viruses its always the bashers from the windows world on here that make these statements and very rarely the OSX user.

when ever we get news stories about OSX viruses its always the bashers from the windows world on here that make these statements and very rarely the OSX user.

Mac users can be quietly confident that they're machines are very safe. I've never even given thought to anti-spyware, anti-virus, pop up protection and all the other crap that has become a staple diet of Windows 'die hards' whenever i'm using my Mac. Please - bring it on all you would be virus and trojan writers.

Chicane-UK said,

Mac users can be quietly confident that they're machines are very safe. I've never even given thought to anti-spyware, anti-virus, pop up protection and all the other crap that has become a staple diet of Windows 'die hards' whenever i'm using my Mac. Please - bring it on all you would be virus and trojan writers.

Being ignorant of internet security is just inviting a Mac catastrophe of Blaster or Slammer scale, especially with the increasing Mac install base. This trojan could have easily installed all kinds of zombie software after it got administrative permission as well as modifying DNS entries. (And apparently except for Leopard there is no easy way to see that the DNS table has been modified.)

Quote - Intego
Under Mac OS X 10.4, there is no way to see the changed DNS server in the operating system’s GUI. Under Mac OS X 10.5, this can be seen in the Advanced Network preferences; the added DNS servers are dimmed, and cannot be removed manually.

"You sound like a child that has discovered something new.

Anti-virus and such has been available for OSX for a while now. Nothing new."

Actually Mark, most Mac users who post on these new stories have the attitude that their Mac is invincible. Of course there is anti-virus for Macs but the Mac users act like they will never need it.

And that mentality is what's childish.

The installation of the Trojan requires the Administrator password to be entered during the install process...the user must really want this Trojan if they go through all the trouble to install it.

KeR said,
The installation of the Trojan requires the Administrator password to be entered during the install process...the user must really want this Trojan if they go through all the trouble to install it.

It would require administrative rights to install on Linux and Vista, too. The problem is, it's a trojan. Trojans are named such because they sneak in under the guise of something else, in this case the "codec."

GreyWolfSC said,

It would require administrative rights to install on Linux and Vista, too. The problem is, it's a trojan. Trojans are named such because they sneak in under the guise of something else, in this case the "codec." :)


usually they don't wear big black cloaks, hats and twirling their mustache, asking to be letting by ask for admin rights.

The problem, is if this was on about being a windows only codec trojan, the windows defendents would be slamming the article as dumb.


This virus is much the same as if I sent everyone osx user recursive delete script and run it as root, that is as much a virus as this.

evo_spook said,


usually they don't wear big black cloaks, hats and twirling their mustache, asking to be letting by ask for admin rights.

The problem, is if this was on about being a windows only codec trojan, the windows defendents would be slamming the article as dumb.


This virus is much the same as if I sent everyone osx user recursive delete script and run it as root, that is as much a virus as this.

I'm a Windows user, and I think it's a useful article. Trojans could easily trick someone that is a Mac newbie just as well as a hapless Windows user. It is logical for your media player to want to install a codec. And doesn't OSX ask for elevated privileges when you install most applications? That's hardly your "cloak and mustache" scenario.

It's good someone made a removal tool to fix things up for people that fell victim to this. You make it sound as if you'd rather infected people stay that way.

GreyWolfSC said,
And doesn't OSX ask for elevated privileges when you install most applications? That's hardly your "cloak and mustache" scenario.

Nope, other way round, its rarer that an application asks for elevated privileges to be installed.
Any that does is viewed warily.

On the codec. It depends, is it quicktime asking for the codec or is it a pop-up on its own?

evo_spook said,

Nope, other way round, its rarer that an application asks for elevated privileges to be installed.
Any that does is viewed warily.

On the codec. It depends, is it quicktime asking for the codec or is it a pop-up on its own?

Almost everything I installed when I was using Tiger asked for admin elevation when I ran the installer. I guess it's completely changed?

Screenshot of trojan here: http://sunbeltblog.blogspot.com/2007/10/sc...mac-trojan.html

Looks like it actually says IN the QuickTime window that it needs the codec. Remember, trojans are designed to trick you into thinking what you're installing is innocuous.

GreyWolfSC said,

Almost everything I installed when I was using Tiger asked for admin elevation when I ran the installer. I guess it's completely changed?

Screenshot of trojan here: http://sunbeltblog.blogspot.com/2007/10/sc...mac-trojan.html

Looks like it actually says IN the QuickTime window that it needs the codec. Remember, trojans are designed to trick you into thinking what you're installing is innocuous.

nope thats not quicktime asking for a codec, this is quicktime.


evo_spook said,

nope thats not quicktime asking for a codec, this is quicktime.

Um, duh? But is a new user going to know that?

Sorry, but from that link you supplied, if anyone is folled by that abortion or a error box must be blind, are you seriously saying people take pop ups that look like a DOS box prompt seriously?

I doubt even Windows newbies would fall for that.

I really would think a new user would not fall for what was shown, its totally unlike any API error box ever shown in OSX, OS9, OS8 and system 7

fors f&*s sake, news flash MOST USERS ARE STUPID......

for the average user if they want to play a 'video' they will install the 'codec', if they think they need to do it to watch said 'video' adn yeah if they think they need to put in an admin password to do so, they WILL.... hell i know of a LOT of users that have done similarly stupid things..

have you ever heard of 'social engineering' Kevin Mitnick used it quite a bit...hell if you ask the right questions in the right way, people will tell you their password..... ever wonder why there are soooo many nigerian scams, its becasue people are stupid and actually fall for them..

if it was a windows trojan, then id be still asuming a lot of idiots woudl install it... the fact is it is a trojan and if all mac users were so smart as to not put in the password, then this removal tool would NOT exist, the fact it exists tells me a lot of MAC users are just as stupid as a lot of winodws users adn actually did type in their password....

whocares78 said,
fors f&*s sake, news flash MOST USERS ARE STUPID......

for the average user if they want to play a 'video' they will install the 'codec', if they think they need to do it to watch said 'video' adn yeah if they think they need to put in an admin password to do so, they WILL.... hell i know of a LOT of users that have done similarly stupid things..

have you ever heard of 'social engineering' Kevin Mitnick used it quite a bit...hell if you ask the right questions in the right way, people will tell you their password..... ever wonder why there are soooo many nigerian scams, its becasue people are stupid and actually fall for them..

if it was a windows trojan, then id be still asuming a lot of idiots woudl install it... the fact is it is a trojan and if all mac users were so smart as to not put in the password, then this removal tool would NOT exist, the fact it exists tells me a lot of MAC users are just as stupid as a lot of winodws users adn actually did type in their password....

come off, you say WHO CARES cause you have no bloody come back.

That screen is nothing like a OSX dialogue box in a million years

KeR said,
The installation of the Trojan requires the Administrator password to be entered during the install process...the user must really want this Trojan if they go through all the trouble to install it.

Your point is? I would argue a Mac user is just as stupid to enter thier password to install "The Ultra Cool Free Screensaver" ( if not more so ) that a windows user is of clicking "OK" a few times. The reason I say more so is because a lot of Mac users are under the shiney guise that their system couldent possibly EVER get a virus.

Any virus provention methods that rely soley on user identification are useless when captain "give me my kitty cat screensaver" honestly beleaves its genuine software.

Unplugged said,

Your point is? I would argue a Mac user is just as stupid to enter thier password to install "The Ultra Cool Free Screensaver" ( if not more so ) that a windows user is of clicking "OK" a few times. The reason I say more so is because a lot of Mac users are under the shiney guise that their system couldent possibly EVER get a virus.

Any virus provention methods that rely soley on user identification are useless when captain "give me my kitty cat screensaver" honestly beleaves its genuine software.

under illusion because the MAJORITY of us WILL NOT enter our password for just anything, ESPECIALLY for something we have not downloaded ourselves.

evo_spook said,
I doubt even Windows newbies would fall for that.

I really would think a new user would not fall for what was shown, its totally unlike any API error box ever shown in OSX, OS9, OS8 and system 7

Wait wait.... Let me get this straight what you just said.... I really think that someone that has never seen what the dialog box should look like ..... would not fall for the box not looking like what they don't know it should look like.

You're a mac fanboy and I can already smell it.

Lets look at it from this other angle... Do you really think only 10 or 20 people fell for it if they had to make a REMOVAL TOOL you idiot!

Start jogging those braincells, might actually be able to put em to work, and give up, OSX is just as vulnerable to virus's as windows vista.

evo_spook said,
come off, you say WHO CARES cause you have no bloody come back.

That screen is nothing like a OSX dialogue box in a million years

umm did you read the post??? i never said whocares, i said USERS ARE STUPID, are you trying to tell me the average computer users are not stupid??? hell there must be a few for this removal tool to exist, they wouldnt realease a removal tool if NOONE was infected!!!!

evo_spook said,

under illusion because the MAJORITY of us WILL NOT enter our password for just anything, ESPECIALLY for something we have not downloaded ourselves.

hahah Now i KNOW you do not work in IT or tech support, because if you did you would not make ridiculous statements like "the MAJORITY of us WILL NOT enter our password for just anything, ESPECIALLY for something we have not downloaded ourselves" you really dont have any idea how stupid a LOT of users are... you may be smart enough not to fall for these....oh yeah did i mention i worked on MAC's in my last job and i know for a fact most of those users were stupid...