SecureMac, Inc.

Computer security news. Just for Macs.

Get the latest computer security news for Macs and be the first to be informed about critical updates. Industry news, security events and all you need right at your fingertips. Malware threats change daily, so keep up to date on the latest developments to help ensure your privacy and protection. You can never be too safe.

OSX/Jahlav-C = DNSChanger Trojan Horse

Posted on June 26, 2009

June 12, 2009 – The trojan horse OSX/Jahlav-C recently reported in the news is in fact a variant of the already discovered DNSChanger Trojan Horse. This variant is already detected by SecureMac’s Anti-Spyware product MacScan as well as the free DNSChanger Trojan Horse Removal Tool.

MacScan –
DNSChanger Trojan Horse Removal Tool –

Each security vendor has the ability to use their own custom naming for threats. Some of the known aliases for the DNSChanger Trojan Horse include OSX.RSPlug, OSX/Puper, and OSX/Jahlav.

The trojan horse arrives in a disk image, and is again disguised as an installer for “MacCinema,” just like earlier variants. Once installed, the trojan horse behaves in a similar manner to past variants.

This variant is being distributed on websites offering “cracked” or pirated copies of software, as well as pornographic websites purporting to be a video plug-in. By avoiding websites that offer pirated software, or pornographic websites that ask you to install software to view videos, you can limit the chances of exposure to this new variant of the DNSChanger Trojan Horse.

Symptoms of Infection by DNSChanger Trojan Horse

1. Website links are redirected. When you click on a link to a website (in search engine results, for example), you will be redirected to a different site, generally advertising sites.
2. Pop-up advertisements. Infected computers will sometimes display advertisements, including pop-up ads, usually for pornographic websites or enhancement drugs.
3. Web pages load slowly. Web pages may take a long time to load, or time out completely when infected with the trojan horse.

Removing the DNSChanger Trojan Horse

You can remove the DNSChanger Trojan Horse with our free removal tool, available at Additionally, MacScan removes the DNSChanger Trojan Horse and thousands of other trojan horses, keyloggers, and tracking cookies. More information on MacScan is available at

Safe Web Browsing Habits

1. Watch where you surf. By sticking with safe, well-known websites, you will be less likely to visit a site that will attempt to infect you with the trojan horse.
2. Watch what you download. Download files only from trusted sources and safe sites.
3. Use security features in OS X. Turn on the built-in Firewall, and consider security software, especially when a computer is shared by multiple users.

About MacScan

MacScan quickly detects, isolates and removes spyware from Macintosh computers using both real-time spyware definition updating and unique detection methods. The software also manages internet-related clutter on your computer. It is designed for Mac OS X version 10.2.4 and later, and is compatible with OS X 10.5 (Leopard). For more information, or to download a demo version of MacScan, visit

About SecureMac

Since 1999, has been at the forefront of Macintosh system security. The site not only features complete Macintosh Anti-Spyware and Antivirus solutions, but also operates as a clearinghouse for news, reviews and discussion of Apple computer security issues. Users from novice to the most advanced will find useful information at SecureMac that is designed to make their computer experience trouble free.

Join our mailing list for the latest security news and deals