SecureMac, Inc.

OSX/Jahlav-C = DNSChanger Trojan Horse

June 26, 2009

DNSChanger Trojan Horse (aka RSPlug Trojan) is running wild lately with multiple variants surfacing rapidly and being distributed through more mainstream sites including gamer and technical download sites as well as pornographic and search engine optimized pages resulting in high rankings in search results.

Learn more about the symptoms of DNSChanger Trojan Horse infected computers or scan your computer for spyware with MacScan or remove DNSChanger Trojan Horse (RSPlug) with DNSChanger Trojan Horse Removal Tool for free.

OSX/Jahlav-C = DNSChanger Trojan Horse

June 12, 2009 – The trojan horse OSX/Jahlav-C recently reported in the news is in fact a variant of the already discovered DNSChanger Trojan Horse. This variant is already detected by SecureMac’s Anti-Spyware product MacScan as well as the free DNSChanger Trojan Horse Removal Tool.

MacScan – https://www.securemac.com/macscan
DNSChanger Trojan Horse Removal Tool – https://www.securemac.com/files/DNSChangerRemovalTool.dmg

Each security vendor has the ability to use their own custom naming for threats. Some of the known aliases for the DNSChanger Trojan Horse include OSX.RSPlug, OSX/Puper, and OSX/Jahlav.

The trojan horse arrives in a disk image, and is again disguised as an installer for “MacCinema,” just like earlier variants. Once installed, the trojan horse behaves in a similar manner to past variants.

This variant is being distributed on websites offering “cracked” or pirated copies of software, as well as pornographic websites purporting to be a video plug-in. By avoiding websites that offer pirated software, or pornographic websites that ask you to install software to view videos, you can limit the chances of exposure to this new variant of the DNSChanger Trojan Horse.

Symptoms of Infection by DNSChanger Trojan Horse

1. Website links are redirected. When you click on a link to a website (in search engine results, for example), you will be redirected to a different site, generally advertising sites.
2. Pop-up advertisements. Infected computers will sometimes display advertisements, including pop-up ads, usually for pornographic websites or enhancement drugs.
3. Web pages load slowly. Web pages may take a long time to load, or time out completely when infected with the trojan horse.

Removing the DNSChanger Trojan Horse

You can remove the DNSChanger Trojan Horse with our free removal tool, available at http://www.dnschanger.com. Additionally, MacScan removes the DNSChanger Trojan Horse and thousands of other trojan horses, keyloggers, and tracking cookies. More information on MacScan is available at http://macscan.securemac.com

Safe Web Browsing Habits

1. Watch where you surf. By sticking with safe, well-known websites, you will be less likely to visit a site that will attempt to infect you with the trojan horse.
2. Watch what you download. Download files only from trusted sources and safe sites.
3. Use security features in OS X. Turn on the built-in Firewall, and consider security software, especially when a computer is shared by multiple users.

About MacScan

MacScan quickly detects, isolates and removes spyware from Macintosh computers using both real-time spyware definition updating and unique detection methods. The software also manages internet-related clutter on your computer. It is designed for Mac OS X version 10.2.4 and later, and is compatible with OS X 10.5 (Leopard). For more information, or to download a demo version of MacScan, visit https://www.securemac.com/macscan.

About SecureMac

Since 1999, SecureMac.com has been at the forefront of Macintosh system security. The site not only features complete Macintosh Anti-Spyware and Antivirus solutions, but also operates as a clearinghouse for news, reviews and discussion of Apple computer security issues. Users from novice to the most advanced will find useful information at SecureMac that is designed to make their computer experience trouble free.

Get the latest security news and deals