OSX.RSPlug.A Removal Guide
Do you know what OSX.RSPlug.A is?
DESCRIPTION
OSX.RSPlug.A is a new variant of the Zlob Trojan which is now affecting Mac OS computers. OSX.RSPlug.A has its own Zlob DNS Changer built into the parasite. This allows the parasite OSX.RSPlug.A to change your computer’s DNS settings allowing outsiders to hijack your system. OSX.RSPlug.A may redirect you to web sites and manipulate your search results to show the hacker controlled sites. The DNS settings on your system tell a computer where to connect and to which IP address to connect too. With OSX.RSPlug.A potentially changing the DNS settings it can point your system to a hacker and give them full access to take your computer over.
The Mac OS X version of OSX.RSPlug.A uses the same tactics as the original RSPlug.A parasite did to windows computers over a couple years ago. It may be downloaded with a QuickTime codec in the case of the Mac system. The one step of protection that the Mac has over Windows based computers is when installing a codec it asks for your admin password. If the password is not entered then the codec does not get installed and your chances of become infected with OSX.RSPlug.A are slim.
Macworld has details on how to remove OSX.RSPlug.A from your Mac OS X system.
Manual Removal of OSX.RSPlug.A
- Check in the Library folder for the file named plugins.settings. The location path is: /Library/Internet Plug-Ins/plugins.settings
- Remove the file.
- Removing this file will not eliminate the Trojan totally. You will need to contine to completely remove OSX.RSPlug.A.
- In the Finder, locate /Library > Internet Plug-Ins and then delete the file called plugins.settings.
- Empty the trash.
- In the Terminal, type in sudo contab –r and then provide your admin password. This will delete the root job that checks on the DNS settings.
- Open the Network System Preferences panel. Go to the DNS Sever box and copy the entries.
- Paste or re-type the same values in the box.
- Click Apply.
- Reboot your computer.
OSX.RSPlug.A Removal Guide Automatic Removal Instructions
OSX.RSPlug.A Manual Removal Instructions
This manual removal method is for techie computer users. OSX.RSPlug.A manual removal may be difficult and time consuming to remove. There’s no guarantee that OSX.RSPlug.A will be removed completely. So read the OSX.RSPlug.A removal steps carefully and good luck.
Before you start: Close all programs and Internet browsers. Also back up your computer in case you make a mistake and your computer stops working.
- Uninstall OSX.RSPlug.A Program
Click on Start > Settings > Control Panel > Double-click on Add/Remove Programs. Search for and uninstall OSX.RSPlug.A if found. - To stop OSX.RSPlug.A processes (view process removal steps)
Go to Start > Run > type taskmgr. The click the Processes tab and you’ll see a list of running processes.
Search and stop these OSX.RSPlug.A processes:
There are no processes.
For each unwanted process, right-click on it and then select “End task”. - To Unregister OSX.RSPlug.A DLLs (view DLL removal steps)
Search and unregister these OSX.RSPlug.A DLLs:
There are no dll's.
To locate the OSX.RSPlug.A DLL path, go to Start > Search > All Files or Folders. Type OSX.RSPlug.A and in the Look in: select either My Computer or Local Hard Drives. Click the Search button.
Once you have the OSX.RSPlug.A DLL path, go to Start and then click on Run. In the Run command box, type cmd, and then click on OK.
To locate the exact DLL path, type cd in order to change the current directory. To display the contents of the directory, use the dir command. To remove the DLL file type regsvr32 /u FILENAME.dll (FILENAME is the name of the file that you want to unregister). - To unregister OSX.RSPlug.A registry keys (view registry keys removal steps)
Go to Start > Run > type regedit > press OK.
Edit the value (on the right pane) by right-clicking on it and selecting the Modify option. Select the Delete option.
Search and delete these OSX.RSPlug.A registry keys:
There are no registry keys. - If your homepage has been changed, go to Start > Control Panel > Internet Options > click on the General > click Use Default under Home Page. Add the your desired default homepage, then click Apply > click OK. Open a new web browser to check that you have your desired default homepage.
- Remove OSX.RSPlug.A Directories.
To find OSX.RSPlug.A directories, go to Start > My Computer > Local Disk (C:) > Program Files > Show the contents of this folder.
Search and delete the following OSX.RSPlug.A directories:
There are no directories.
Right-click on the OSX.RSPlug.A folder and select Delete.A message will appear saying ‘Are you sure you want to remove the folder OSX.RSPlug.A and move all its contents to the Recycle Bin?’, click Yes.
Another message will appear saying ‘Renaming, moving or deleting OSX.RSPlug.A could make some programs not work. Are you sure you want to do this?’, click Yes. - To remove OSX.RSPlug.A icons on your Desktop, drag and drop them to the Recycle Bin.
You’ve completed the OSX.RSPlug.A manual removal instructions!
I hope this article has helped you solve your OSX.RSPlug.A problems. If you want to contribute to this article, post your comment below.
Read Other Random Posts
Did You Find this Article Helpful?
Subscribe to Spyware Techie for more!
Or get latest articles to your via email:
these directions are pretty good but incomplete. i used MacScan for steps 1 – 4. followed steps 5 -11 above but still had a problem. here are steps 11 – 13
11. after rebooting, go back into Network System Preferences – DNS Server Box
you’ll see that the problematic dimmed IP addresses no longer exist, but the
same problematic IP addresses entered in Step 7 (which are the same as the removed dimmed IP addresses) still exist.
12. remove the IP addresses added in step 7
13. reboot – problem should be solved