| Alias: | WDEF M = MindCrime Virus |
| Strain: | --- |
| detected when: | April 1993 |
| where: | USA |
| Classification: | Link virus, Applications and System infector |
| Length: | WDEF 0: 5,840 bytes INIT (random ID): 2,766 bytes named "MindCrime" |
Preconditions | |
| Operating System(s): | MacOS proprietary |
| Version/Release: | System 7 and upwards |
| Computer model(s): | All. |
| Caroname: | INIT_M |
Attributes | |
| Easy identification: | INIT resource named "MindCrime". A file called "FSV Prefs" in Preferences folder. |
Type of Infection: | Only INIT's with following names are affected: "File Sharing Extension", "Apple Share", "Apple CD-ROM", "QuickTime", "CD Remote INIT". |
| Infection Technique: | INIT (random ID): 2,766 bytes WDEF 0: 5,840 bytes in applications. |
| Infection Trigger: | 1. Executing SystemTask trap with a probability of 11/60. 2. Opening a window with an infected WDEF 0 resource in most recently opened resource file. |
| Storage Media affected: | |
| Interrupts hooked: | SystemTask |
| Stealth: | |
| Tunneling/Selfprot: | |
| Oligo/Polymorphism: | |
| Encoding Method: | |
| Damage: | 1. Renames all files to random 8 byte names. 2. Renames folder to random 1..8 character names. 3. Changes Type and Creator to random 4 byte values. 4. Changes creation and modification date to January 1, 1904. 5. Files that can't be renamed will be deleted. 6. Files to be renamed will be choosen in alpha- betical order, so some files will be renamed multiple times and some won't be renamed at all. 7. One file or folder may be renamed to "Virus MindCrime" - if not renamed again. |
| Damage Trigger: | Running system with internal date Friday 13th. (no boot needed!) |
| Particularities: | --- |
| Similarities: | Damage is similar to that one of INIT 1984 virus. |
Agents | |
| Countermeasures: | Use a commercial, shareware or freeware Anti- Viral product such as VirusDetective or Disinfectant >= 3.2 to scan for viral signatures. |
| Standard means: | |
Acknowledgements | |
| Location: | Virus Test Center, University Hamburg,Germany |
| Classification by: | Peer Reymann, Ronald Greinke |
| Documentation by: | |
| Date: | 31-July-1993 |
| Information Source: | |
(c) 1996 Virus-Test-Center, University of Hamburg