Worm.Mac.Autostart.A
VERY LOW
VERY LOW
aprox 52Kb
(Worm.Mac.Autostart.A, Worm.MacOS, MacOS/Autostart.B.W, MacOS/Autostart.D)
Symptoms
Periodic unexplained high disk activity leading to system lock-ups in some situations.
Hidden items in the root of infected volumes:
* DB
* BD
* DELBV
Removal instructions:
Please let BitDefender disinfect your files.
Analyzed By
Daniel RADU, Senior Virus Researcher
Technical Description:
This worm affects computers running MAC OS with PowerPC processors with QuickTime v.2.0 or later installed and enabled CD-Rom AutoPlay feature.
When an infected media is attached it will run the invisible malware file in the root of the media, which can be named:
* DB;
* BD;
* DELDB.
If the host computer is not infected it copies itself to the extensions folder ("/System/Library/Extensions/") with one of the following names:
* "Desktop Print Spooler";
* "Desktop Printr Spooler";
* "DELDesktop Print Spooler",
and this copy will have the hidden/invisible attribute set.
After having itself in the extension folder it restarts the computer. At each restart/start of the computer it will get launched but it will not appear in the list of processes.
At certain intervals it will scan and infected mounted volumes.
SHARE
THIS ON