| Alias: | --- |
| Strain: | WDEF Virus Strain |
| detected when: | March 1991 |
| where: | Hannover,Germany |
| Classification: | File infector only Desktop file |
| Length: | Resource fork extension: 1842 bytes |
Preconditions | |
| Operating System(s): | MacOS proprietary |
| Version/Release: | System 4.1 or greater , not 7.0 |
| Computer model(s): | Apple Macintosh: all models |
| Caroname: | WDEF.B |
Attributes | |
| Easy identification: | Additional WDEF 0 resource in Desktop file; Desktop shouldn't have one. |
Type of Infection: | Only Desktop files |
| Infection Technique: | Desktop File: WDEF 0 1842 Bytes. |
| Infection Trigger: | Executing an infected Desktop file and a random algorithm produces the value 1 long and the availability of SysEnvirons-Trap; the random value is calculated using the RandomSeed system variable. |
| Storage Media affected: | |
| Interrupts hooked: | Only during infection: Write, AddResource, ChangedResouse, WriteResource, UpdateResFile |
| Stealth: | |
| Tunneling/Selfprot: | |
| Oligo/Polymorphism: | |
| Encoding Method: | |
| Damage: | Permanent damage: --- Transient damage: Only when running under MultiFinder. Only first launched application: if the application has a menu that displays font-size-information using the system, available font sizes are no longer displayed outlined; all sizes are displayed in normal style. Switching between applications doesnot change the first application's behavior. |
| Damage Trigger: | Running an infected Desktop file. |
| Particularities: | No infection on systems without SysEnvirons. Virus beeps once if infected application is run. |
| Similarities: | CDEF, WDEF A |
Agents | |
| Countermeasures: | 1.Use an anti-viral product (public domain or commercial) such Disinfectant, Interferon, Virus detective or VirusRx to scan for virus signature. 2.Use a protection INIT called Eradicat'Em that prevents WDEF infection (also prevents CDEF infection) |
| Standard means: | |
Acknowledgements | |
| Location: | Virus Test Center, University Hamburg, Germany |
| Classification by: | Ronald Greinke |
| Documentation by: | Ronald Greinke |
| Date: | 17-December-1991 |
| Information Source: | --- |
(c) 1996 Virus-Test-Center, University of Hamburg