McAfee > Theat Center > Virus Detail Page

Overview

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

• MindCrime

Characteristics

This Apple Macintosh virus infects applications, System and Preferences under System 7 or higher.

The virus lives in two resources:
- WDEF 0 resource 5840 bytes
- INIT (random ID) 2766 bytes named "MindCrime".

The virus hits all resource files except the Finder and System. It hits all INITs with the following names: "File Sharing Extension", "Apple Share", "Apple CD-ROM", "QuickTime", "CD Remote INIT".

The virus intercepts the 'SystemTask' OS trap. Infection is triggered by executing the 'SystemTask' trap (with a probability of 11/60) or by opening a window with an infected WDEF 0 resource in most recently opened resource file.

Symptoms

The virus drops a file called "FSV Prefs" in the Preferences folder.

The payload triggers when running system with internal date being Friday 13th (no boot is necessary). Then the virus:

- renames all files to random 8 byte file names.
- renames folders to random 1-8 character names.
- changes Type and Creator to random 4 byte values.
- changes creation and modification date to January 1, 1904.
- files that can't be renamed will be deleted.
- files to be renamed will be chosen in alphabetical order, so some files will be renamed multiple times and some won't be renamed at all.
- one file or folder may be renamed to "Virus MindCrime" - if not renamed again.

Method of Infection

Removal

Please use the latest updates of Virex for cleaning. If this threat is detected on a Macintosh please use Virex to repair it.

If the infected object was found on a non-Apple file server it can be cleaned using Virex from a Macintosh client.

Infected Emails (usually in BinHex format) will be currently either deleted or quarantined depending on the configuration of mail scanner. Quarantined mails should be transferred to a Macintosh and cleaned using Virex.

Variants

Variants

N/A

All Information

Overview -

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

• MindCrime

Characteristics

Characteristics -

This Apple Macintosh virus infects applications, System and Preferences under System 7 or higher.

The virus lives in two resources:
- WDEF 0 resource 5840 bytes
- INIT (random ID) 2766 bytes named "MindCrime".

The virus hits all resource files except the Finder and System. It hits all INITs with the following names: "File Sharing Extension", "Apple Share", "Apple CD-ROM", "QuickTime", "CD Remote INIT".

The virus intercepts the 'SystemTask' OS trap. Infection is triggered by executing the 'SystemTask' trap (with a probability of 11/60) or by opening a window with an infected WDEF 0 resource in most recently opened resource file.

Symptoms

Symptoms -

The virus drops a file called "FSV Prefs" in the Preferences folder.

The payload triggers when running system with internal date being Friday 13th (no boot is necessary). Then the virus:

- renames all files to random 8 byte file names.
- renames folders to random 1-8 character names.
- changes Type and Creator to random 4 byte values.
- changes creation and modification date to January 1, 1904.
- files that can't be renamed will be deleted.
- files to be renamed will be chosen in alphabetical order, so some files will be renamed multiple times and some won't be renamed at all.
- one file or folder may be renamed to "Virus MindCrime" - if not renamed again.

Method of Infection

Method of Infection -

Removal -

Removal -

Please use the latest updates of Virex for cleaning. If this threat is detected on a Macintosh please use Virex to repair it.

If the infected object was found on a non-Apple file server it can be cleaned using Virex from a Macintosh client.

Infected Emails (usually in BinHex format) will be currently either deleted or quarantined depending on the configuration of mail scanner. Quarantined mails should be transferred to a Macintosh and cleaned using Virex.

Variants

Variants -

N/A