Defend what you create



Meine Bibliothek
Meine Bibliothek

+ Zur Bibliothek hinzufügen


Ihre Anfragen

Rufen Sie uns an

+7 (495) 789-45-86



Added to the Dr.Web virus database: 2016-02-29

Virus description added:

SHA1 c206a19d7fb4a7dbabe3f1a0d9bfa8476356ecb2

A Trojan for OS X that is installed by Mac.Trojan.VSearch.4.

It includes the following components:

When the Trojan is installed, it creates a user account that has a random username and the “test. ID = 401” password that is not displayed in the OS X Welcome dialog, and redirects HTTP traffic from all interfaces to the local port 9882. Mac.Trojan.VSearch.7 uses this port to launch a proxy server that injects a JavaScript script into all webpages browsed by the victim. The Trojan receives the script via the URL that looks as follows:


The Trojan gets the parameters necessary for its normal work from /Library/Preferences/com.appName.preferences.plist, where appName is an application name generated randomly.

The script injected into webpages displays advertisements, sends statistics to the server, and collects the user’s Web search queries transmitting them to servers, a list of which is incorporated into the script:

News about the Trojan

Curing recommendations


Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number

Führender russischer Hersteller von Virenschutzsoftware
Entwickelt seit 1992
Dr.Web wird in mehr als 200 Ländern genutzt
Antivirus im SaaS-Modell seit 2007
Technischer Support rund um die Uhr

Dr.Web © Doctor Web
2003 — 2021

Doctor Web ist ein russischer Entwickler von IT-Sicherheitslösungen unter dem Markennamen Dr.Web. Dr.Web Produkte werden seit 1992 entwickelt.

Doctor Web Deutschland GmbH. Bäderstraße 1
76530 Baden-Baden