1) In the Finder, navigate to /Library -> Internet Plug-Ins, and delete the file named
plugins.settings. Empty the trash. This deletes the tool that sets the rogue DNS Server information.
2) In Terminal, type
sudo crontab -r and provide your admin password when asked. This deletes the root cron job that checks the DNS Server settings. You can prove it worked by typing sudo crontab -l; you should see the message “crontab: no crontab for root.”
3) Open your Network System Preferences panel, go to the
DNS Server box, and copy the entries you can see to a Stickies note, TextEdit document, or memorize them. Now retype those same values in the box, then click Apply. Reboot your Mac.
After you reboot, you can confirm you’re free of the trojan horse (in OS X 10.5) by opening the Advanced pane of the Network System Preferences panel and looking at the DNS tab—you shouldn’t see any gray entries. In Tiger, to really prove that you’re free of the infestation, use the scutil command detailed above, as that’s the only way to see all the DNS Servers your machine knows about.
Connect With Us