McAfee > Theat Center > Virus Detail Page

Overview

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

• Tetricycle

Characteristics

It is named after the type of resource it uses to infect files. MBDF resources are a normal part of a Macintosh system, so you should not become alarmed if you see them with any file editing tool. The MBDF virus is virulent under Apple's System 6x, System 7x and also System 8x. It can infect and spread on all Apple Macintosh computers except the Macintosh Plus and SE models. There are two known strains of the MBDF virus, MBDF A and MBDF B. There are no significant differences between the two strains.

The virus intercepts the following OS traps: AddResource, SetResAttrs, ChangedResource, WriteResource.

The virus is known to have originated from several Internet-distributed games: 10 Tile Puzzle, Obnoxious Tetris and Tetricycle. Tetricycle is only pretending to be a game so it is sometimes called a trojan (as in "disguised dropper of a virus").

Symptoms

While MBDF does not cause intentional damage, once infected by the virus, users may experience system crashes and malfunctions with their application programs. Both strains cause occasional crashes, particularly if commands are selected from menus when running System 7.0.1.

Although the virus is non-malicious, it can cause damage in certain circumstances. In particular, the virus takes quite a long time to infect the System File when it first attacks a system. During this attack the Mac appears to lock up and the delay is so long that users often think that their Mac has hung, so they do a restart. Restarting the Mac while the virus is in the process of writing to the System file very often results in a damaged System file which cannot be repaired. The result is that the Mac still crashes and seems unstable which is the main symptom of the virus. The only solution in this situation is to reinstall a new System file which, as it happens, is also the procedure for removing the virus (described below in the Removal section).

Method of Infection

The virus infects both application files and the System file. It also usually infects the Finder and several other system files. The System file is infected as soon as an infected application is run and the virus then stays in memory. Other applications become infected as soon as they are run on an infected system.

Removal

Virex can detect the MBDF virus and its variants for a very long time and there are no known problems with false alarms or failure to detect. However it is one of the few difficult Macintosh viruses that Virex cannot remove automatically if the System File has been damaged.

Once the MBDF Virus has been identified, users should perform the removal procedure as soon as possible. First of all, perform a scan of the entire volume(s) and allow it to repair any infections that are found.

If the scan reports that the System file is still infected, please follow the procedure below. It involves shutting down the Mac & booting up from the System CD in order to replace the infected / damaged System file.

Step by step method of removal

1 Insert the Macintosh System CD that your present OS was installed from and then shut down the Mac.

2 Turn the Mac back on, holding down the 'C' key throughout the boot process until you see the Desktop load (this forces the Mac to boot from the CD).

If this has been done correctly the Desktop pattern should be different from normal and the CD ROM icon should be mounted in the very top right corner of the desktop above the Macintosh hard disk icon. This signifies that the current system was loaded from the CD.

3 Double-click on the Mac hard disk icon (Top right corner of Desktop) to open it and then double click on the System Folder (A folder within the Mac Hard disk) & locate the file called 'System'.

4 Drag the infected System file into the wastebasket OR hold down the 'ctrl' key, click on the System file & select the 'Move to Wastebasket' option from the menu that appears.

5 Select 'Special' from the main menu and choose 'Empty Wastebasket' to delete the infected file.

6 Open the mounted CD icon on the Desktop and then open the System folder on the CD and drag the System file into the System folder on the Mac hard disk.

7 Finally, shut down & restart the Mac as the virus will now have been cleared.

Variants

Variants

N/A

All Information

Overview -

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

• Tetricycle

Characteristics

Characteristics -

It is named after the type of resource it uses to infect files. MBDF resources are a normal part of a Macintosh system, so you should not become alarmed if you see them with any file editing tool. The MBDF virus is virulent under Apple's System 6x, System 7x and also System 8x. It can infect and spread on all Apple Macintosh computers except the Macintosh Plus and SE models. There are two known strains of the MBDF virus, MBDF A and MBDF B. There are no significant differences between the two strains.

The virus intercepts the following OS traps: AddResource, SetResAttrs, ChangedResource, WriteResource.

The virus is known to have originated from several Internet-distributed games: 10 Tile Puzzle, Obnoxious Tetris and Tetricycle. Tetricycle is only pretending to be a game so it is sometimes called a trojan (as in "disguised dropper of a virus").

Symptoms

Symptoms -

While MBDF does not cause intentional damage, once infected by the virus, users may experience system crashes and malfunctions with their application programs. Both strains cause occasional crashes, particularly if commands are selected from menus when running System 7.0.1.

Although the virus is non-malicious, it can cause damage in certain circumstances. In particular, the virus takes quite a long time to infect the System File when it first attacks a system. During this attack the Mac appears to lock up and the delay is so long that users often think that their Mac has hung, so they do a restart. Restarting the Mac while the virus is in the process of writing to the System file very often results in a damaged System file which cannot be repaired. The result is that the Mac still crashes and seems unstable which is the main symptom of the virus. The only solution in this situation is to reinstall a new System file which, as it happens, is also the procedure for removing the virus (described below in the Removal section).

Method of Infection

Method of Infection -

The virus infects both application files and the System file. It also usually infects the Finder and several other system files. The System file is infected as soon as an infected application is run and the virus then stays in memory. Other applications become infected as soon as they are run on an infected system.

Removal -

Removal -

Virex can detect the MBDF virus and its variants for a very long time and there are no known problems with false alarms or failure to detect. However it is one of the few difficult Macintosh viruses that Virex cannot remove automatically if the System File has been damaged.

Once the MBDF Virus has been identified, users should perform the removal procedure as soon as possible. First of all, perform a scan of the entire volume(s) and allow it to repair any infections that are found.

If the scan reports that the System file is still infected, please follow the procedure below. It involves shutting down the Mac & booting up from the System CD in order to replace the infected / damaged System file.

Step by step method of removal

1 Insert the Macintosh System CD that your present OS was installed from and then shut down the Mac.

2 Turn the Mac back on, holding down the 'C' key throughout the boot process until you see the Desktop load (this forces the Mac to boot from the CD).

If this has been done correctly the Desktop pattern should be different from normal and the CD ROM icon should be mounted in the very top right corner of the desktop above the Macintosh hard disk icon. This signifies that the current system was loaded from the CD.

3 Double-click on the Mac hard disk icon (Top right corner of Desktop) to open it and then double click on the System Folder (A folder within the Mac Hard disk) & locate the file called 'System'.

4 Drag the infected System file into the wastebasket OR hold down the 'ctrl' key, click on the System file & select the 'Move to Wastebasket' option from the menu that appears.

5 Select 'Special' from the main menu and choose 'Empty Wastebasket' to delete the infected file.

6 Open the mounted CD icon on the Desktop and then open the System folder on the CD and drag the System file into the System folder on the Mac hard disk.

7 Finally, shut down & restart the Mac as the virus will now have been cleared.

Variants

Variants -

N/A