(Worm.Mac.Autostart.A, Worm.MacOS, MacOS/Autostart.B.W, MacOS/Autostart.D)
Periodic unexplained high disk activity leading to system lock-ups in some situations.
Hidden items in the root of infected volumes:
Please let BitDefender disinfect your files.
Daniel RADU, Senior Virus Researcher
This worm affects computers running MAC OS with PowerPC processors with QuickTime v.2.0 or later installed and enabled CD-Rom AutoPlay feature.
When an infected media is attached it will run the invisible malware file in the root of the media, which can be named:
If the host computer is not infected it copies itself to the extensions folder ("/System/Library/Extensions/") with one of the following names:
* "Desktop Print Spooler";
* "Desktop Printr Spooler";
* "DELDesktop Print Spooler",
and this copy will have the hidden/invisible attribute set.
After having itself in the extension folder it restarts the computer. At each restart/start of the computer it will get launched but it will not appear in the list of processes.
At certain intervals it will scan and infected mounted volumes.