Defend what you create

Mehr

Schließen

Meine Bibliothek
Meine Bibliothek

+ Zur Bibliothek hinzufügen

Support

Ihre Anfragen

Rufen Sie uns an

+7 (495) 789-45-86

Profil

Mac.Trojan.VSearch.7

Added to the Dr.Web virus database: 2016-02-29

Virus description added:

SHA1 c206a19d7fb4a7dbabe3f1a0d9bfa8476356ecb2

A Trojan for OS X that is installed by Mac.Trojan.VSearch.4.

It includes the following components:

DemoInjector.app
change_net_settings.sh
com.pref.net-preferences.plist
com.pref.preferences.plist
install_Injector.sh
readme_inj.txt
uninstall_injector.sh

When the Trojan is installed, it creates a user account that has a random username and the “test. ID = 401” password that is not displayed in the OS X Welcome dialog, and redirects HTTP traffic from all interfaces to the local port 9882. Mac.Trojan.VSearch.7 uses this port to launch a proxy server that injects a JavaScript script into all webpages browsed by the victim. The Trojan receives the script via the URL that looks as follows:

 http://domain/sm/mu?id=machine_id&d=dist_channel_id&cl=click_id

The Trojan gets the parameters necessary for its normal work from /Library/Preferences/com.appName.preferences.plist, where appName is an application name generated randomly.

The script injected into webpages displays advertisements, sends statistics to the server, and collects the user’s Web search queries transmitting them to servers, a list of which is incorporated into the script:

www.google.
www.bing.
.ask.
search.whitesmoke
thesmartsearch

News about the Trojan

Curing recommendations


macOS

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number

Führender russischer Hersteller von Virenschutzsoftware
Entwickelt seit 1992
Dr.Web wird in mehr als 200 Ländern genutzt
Antivirus im SaaS-Modell seit 2007
Technischer Support rund um die Uhr

Dr.Web © Doctor Web
2003 — 2021

Doctor Web ist ein russischer Entwickler von IT-Sicherheitslösungen unter dem Markennamen Dr.Web. Dr.Web Produkte werden seit 1992 entwickelt.

Doctor Web Deutschland GmbH. Bäderstraße 1
76530 Baden-Baden