McAfee > Theat Center > Virus Detail Page

Overview

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

• Garfield

• Top Cat

• TopCat

Characteristics

This virus only affects Macintosh computers running System 4.1 or higher.

The MDEF virus is a family of four viruses all written by a high school student from Ithaca, New York who was identified in October of 1990. He apparently wrote the CDEF virus as well. The four viruses are known as MDEF A or Garfield, MDEF B or Top Cat, MDEF C and MDEF D. The last D variant only infects the System file. These viruses are not malicious in intent, but can cause system crashes and other unexplained behaviour. MDEF is the name of a Macintosh resource that is responsible for drawing menus. As a result, it is not uncommon for a program infected with MDEF to have garbled pull-down menus.

This virus searches memory locations 2 through 200,000 for the string "MDEF"+$67+$26+$0C. When found, the virus changes "MDEF" to "WDEF".

If SAM Intercept is present, it will allow changing the ID of MDEF 0 to 8573 but will prevent the addition of the named MDEF resource. This causes the computer to hang if a menu item is clicked.

Symptoms

Garbled pull-down menus.

Method of Infection

The virus resides in MDEF resource with ID 6982 (variant A) or ID 8573 (variant B) in the System file. MDEF resource names are "Garfield" or "Top Cat".

Removal

Please use the latest updates of Virex for cleaning. If this threat is detected on a Macintosh please use Virex to repair it.

If the infected object was found on a non-Apple file server it can be cleaned using Virex from a Macintosh client.

Infected Emails (usually in BinHex format) will be currently either deleted or quarantined depending on the configuration of mail scanner. Quarantined mails should be transferred to a Macintosh and cleaned using Virex.

Variants

Variants

N/A

All Information

Overview -

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

• Garfield

• Top Cat

• TopCat

Characteristics

Characteristics -

This virus only affects Macintosh computers running System 4.1 or higher.

The MDEF virus is a family of four viruses all written by a high school student from Ithaca, New York who was identified in October of 1990. He apparently wrote the CDEF virus as well. The four viruses are known as MDEF A or Garfield, MDEF B or Top Cat, MDEF C and MDEF D. The last D variant only infects the System file. These viruses are not malicious in intent, but can cause system crashes and other unexplained behaviour. MDEF is the name of a Macintosh resource that is responsible for drawing menus. As a result, it is not uncommon for a program infected with MDEF to have garbled pull-down menus.

This virus searches memory locations 2 through 200,000 for the string "MDEF"+$67+$26+$0C. When found, the virus changes "MDEF" to "WDEF".

If SAM Intercept is present, it will allow changing the ID of MDEF 0 to 8573 but will prevent the addition of the named MDEF resource. This causes the computer to hang if a menu item is clicked.

Symptoms

Symptoms -

Garbled pull-down menus.

Method of Infection

Method of Infection -

The virus resides in MDEF resource with ID 6982 (variant A) or ID 8573 (variant B) in the System file. MDEF resource names are "Garfield" or "Top Cat".

Removal -

Removal -

Please use the latest updates of Virex for cleaning. If this threat is detected on a Macintosh please use Virex to repair it.

If the infected object was found on a non-Apple file server it can be cleaned using Virex from a Macintosh client.

Infected Emails (usually in BinHex format) will be currently either deleted or quarantined depending on the configuration of mail scanner. Quarantined mails should be transferred to a Macintosh and cleaned using Virex.

Variants

Variants -

N/A