Content

MacOS/INIT9403

Type
Virus
SubType
Macintosh
Discovery Date
03/01/1994
Length
1,232 bytes
Minimum DAT
N/A (06/30/2004)
Updated DAT
4371 (06/30/2004)
Minimum Engine
N/A
Description Added
12/10/2002
Description Modified
12/18/2002 4:51 AM (PT)
Risk Assessment
Corporate User
Low
Home User
Low

Tab Navigation

Characteristics

This Apple Macintosh virus infects applications and the Finder only on Italian System 6 and 7.

After a certain number of infections, the virus attempts to overwrite the contents of the startup volume and the disk information of attached drives that are larger than 16Mb.

This virus also appeared as part of a Trojan Horse masquerading as an application called RamDoubler.

Symptoms

  • Presence of mentioned above invisible file in the Extensions or System folder as described above
  • Presense of a resource 'Sys6' with ID=1

    • Method of Infection

    The infection starts from an application carrying a virus. There are three steps:

  • the virus creates an invisible "Preferenze" file in the Extensions folder (System 7) or the System folder (System 6)
  • after restarting, the invisible file infects the Finder
  • after next restart, the Finder removes the invisible "Preferenze" file and begins infecting applications

    • Removal

    Please use the latest updates of Virex for cleaning. If this threat is detected on a Macintosh please use Virex to repair it.

    If the infected object was found on a non-Apple file server it can be cleaned using Virex from a Macintosh client.

    Infected Emails (usually in BinHex format) will be currently either deleted or quarantined depending on the configuration of mail scanner. Quarantined mails should be transferred to a Macintosh and cleaned using Virex.

    Variants

    Variants

      N/A

    All Information

    Overview -

    This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

    Aliases

    • SysX

    Characteristics

    Characteristics -

    This Apple Macintosh virus infects applications and the Finder only on Italian System 6 and 7.

    After a certain number of infections, the virus attempts to overwrite the contents of the startup volume and the disk information of attached drives that are larger than 16Mb.

    This virus also appeared as part of a Trojan Horse masquerading as an application called RamDoubler.

    Symptoms

    Symptoms -

  • Presence of mentioned above invisible file in the Extensions or System folder as described above
  • Presense of a resource 'Sys6' with ID=1

    • Method of Infection

    Method of Infection -

    The infection starts from an application carrying a virus. There are three steps:

  • the virus creates an invisible "Preferenze" file in the Extensions folder (System 7) or the System folder (System 6)
  • after restarting, the invisible file infects the Finder
  • after next restart, the Finder removes the invisible "Preferenze" file and begins infecting applications

    Removal -

    Removal -

    Please use the latest updates of Virex for cleaning. If this threat is detected on a Macintosh please use Virex to repair it.

    If the infected object was found on a non-Apple file server it can be cleaned using Virex from a Macintosh client.

    Infected Emails (usually in BinHex format) will be currently either deleted or quarantined depending on the configuration of mail scanner. Quarantined mails should be transferred to a Macintosh and cleaned using Virex.

    Variants

    Variants -

      N/A