======= Computer Virus Catalog 1.2: "CDEF" Virus (15-July-1991) ======
Entry...............: "CDEF" Virus
Alias(es)...........: ---
Virus Strain........: ---                                        
Virus detected when.: August 1990          
              where.: New York
Classification......: File infector (Desktop only)
Length of Virus.....: Resource fork extension: 510 bytes
--------------------- Preconditions ----------------------------------
Operating System(s).: MacOS proprietary             
Version/Release.....: All                     
Computer model(s)...: Apple Macintosh: all models 
--------------------- Attributes ------------------------------------
Easy Identification.: Additional CDEF 1 resource in Desktop file;
                         Desktop shouldn't have one.
Resource pattern....: Desktop File: CDEF 1  1836 Bytes
Type of infection...: Virus copies itself to all Desktop files on
                         first three connected volumes.
Infection trigger...: Executing an infected Desktop file
Applications affected:Desktop files only 
Traps intercepted...: ---
Damage..............: ---
Damage Trigger......: ---
Peculiarities.......: ---
Similarities........: WDEF 
--------------------- Agents -----------------------------------------
Countermeasures/direct:
                      1. Removal of CDEF 1 from all Desktop files:
                         Copy Desktop to another file and cut off 
                         CDEF 1 resource, delete original Desktop 
                         file and rename cleaned copy to Desktop.
                         The desktop file is always active, so copying
                         and renaming must be done by special file
                         utilities such as file tools DA.
                      2. Create new Desktop file by pressing Option 
                         and Command key when opening a volume.
                         This method can be rather time consuming
                         on a full harddisk, and information in 
                         the comment field of file information 
                         is lost.  
Countermeasures/software:
                      1. Use a commercial anti-viral product or 
                         public domain utility such as Virus 
                         Detective, VirusRx, Interferon or 
                         Disinfectant (can't remove it) to scan 
                         for CDEFs signature.
                      2. Use protection INIT called Eradicat'Em that 
                         prevents CDEF (and WDEF) infection.
--------------------- Acknowledgement --------------------------------
Location............: Virus Test Center, University Hamburg, Germany
Classification by...: Ronald Greinke
Documentation by....: Ronald Greinke
Date................: 15-July-1991
Information Source..: ---
===================== End of "CDEF" Virus ============================