WDEF Virus: Information

This article contains information on spotting and neutralizing a new virus (sometimes called the "WDEF virus")
This article has been archived and is no longer updated by Apple.
There is a Macintosh virus (sometimes called the "WDEF virus") that uses a different method to transfer itself between machines. Because this virus attaches itself to the Desktop file of a disk, it infects a hard disk when the infected floppy disk is inserted into the Macintosh.

If you want to check a disk for infection, follow these steps:

1) Start your machine in Finder, NOT MultiFinder.

2) Run ResEdit.

3) Insert the suspect floppy disk.

4) Open the Desktop file.

5) If it contains a WDEF resource with ID=0, it is infected.

If you insert an infected floppy disk when running MultiFinder, the Desktop file is automatically opened, and your system will be infected.

here is a way to keep this virus from infecting your system:

1) Your current application must be the Finder. If you are running MultiFinder, you should have the Finder's menus in the menu bar.

2) Hold down both the Command and Option keys.

3) With these keys held down, insert the unlocked floppy disk.

4) You will be asked if you want to rebuild the Desktop file.

5) Choose "Yes". If you choose "Cancel" at this point, and the floppy is infected, you will infect your system.

Rebuilding the Desktop removes the virus.

Apple is aware of several virus tools that can automatically detect this virus:

- SAM v4.0.8
- Gatekeeper v1.3
- Virex v5.8
- Disinfectant v3.7.1 (Freeware)

For information on downloading the latest version of Disinfectant refer to:
TIL aritcle 30487: "Disinfectant: Macintosh Anti-Viral Utility".

The Tech Info Library article#17159: "Locating Vendor Information", can help you search for a particular vendor's address and phone number.
Published Date: Feb 18, 2012