======= Computer Virus Catalog 1.2: "CDEF" Virus (15-July-1991) ====== Entry...............: "CDEF" Virus Alias(es)...........: --- Virus Strain........: --- Virus detected when.: August 1990 where.: New York Classification......: File infector (Desktop only) Length of Virus.....: Resource fork extension: 510 bytes --------------------- Preconditions ---------------------------------- Operating System(s).: MacOS proprietary Version/Release.....: All Computer model(s)...: Apple Macintosh: all models --------------------- Attributes ------------------------------------ Easy Identification.: Additional CDEF 1 resource in Desktop file; Desktop shouldn't have one. Resource pattern....: Desktop File: CDEF 1 1836 Bytes Type of infection...: Virus copies itself to all Desktop files on first three connected volumes. Infection trigger...: Executing an infected Desktop file Applications affected:Desktop files only Traps intercepted...: --- Damage..............: --- Damage Trigger......: --- Peculiarities.......: --- Similarities........: WDEF --------------------- Agents ----------------------------------------- Countermeasures/direct: 1. Removal of CDEF 1 from all Desktop files: Copy Desktop to another file and cut off CDEF 1 resource, delete original Desktop file and rename cleaned copy to Desktop. The desktop file is always active, so copying and renaming must be done by special file utilities such as file tools DA. 2. Create new Desktop file by pressing Option and Command key when opening a volume. This method can be rather time consuming on a full harddisk, and information in the comment field of file information is lost. Countermeasures/software: 1. Use a commercial anti-viral product or public domain utility such as Virus Detective, VirusRx, Interferon or Disinfectant (can't remove it) to scan for CDEFs signature. 2. Use protection INIT called Eradicat'Em that prevents CDEF (and WDEF) infection. --------------------- Acknowledgement -------------------------------- Location............: Virus Test Center, University Hamburg, Germany Classification by...: Ronald Greinke Documentation by....: Ronald Greinke Date................: 15-July-1991 Information Source..: --- ===================== End of "CDEF" Virus ============================