Mdef
Mdef
Type File virus
Creator
Date Discovered 1990.05.15
Place of Origin Ithaca, New York, USA
Source Language
Platform MacOS
File Type(s) Resource fork extension
Infection Length 314 bytes
Reported Costs

Mdef, also known as the Garfield virus was a Macintosh virus from 1990. It infects menu definition resource fork files. It was relatively widespread mostly at universities across upstate and western New York. It was the second in a string of definition resource infecting viruses starting with Wdef. Its creator is suspected to be also behind the Cdef virus.

Behavior

The virus replaces the native MDEF (Menu Definition) resource, which is a part of the Macintosh menu generation system, with its own named "Garfield". The Garfield resource is given the ID number 0. The original resource is retained and given a new number of 5378. It infects Finder and DA Handler

After some time on the system, Mdef will delete itself from the system. It may cause problems with menus loading. Some sources say they freeze while others say the menu will simply not appear.

Mdef infects all classic MacOS versions from 4.1 to 6. It has problems with certain Macintosh hardware and is only certain to spread on the 512KE, Plus, SE, SE/30, II, IIx, and IIcx Macintosh computers. It causes the Mac 128K and the 512K to crash. On the Mac IIci and IIfx, it spreads from infected applications to uninfected system files, but it does not spread from infected systems to uninfected applications. The effects on the Mac portable are unknown.

Variants

Mdef has five variants going up to Mdef.E. Mdef.B also goes by the name "Top Cat", a name it gets from its MDEF resource. The other variants are also mostly only minor variations on the name of the MDEF resource and the resource ID number.

Origin

Mdef was discovered at Cornell University in mid-May of 1990. The suspected creator was thought to be the same creator of the later Cdef virus, in Ithaca, New York. There was also a suspected link between Mdef and the earlier Wdef virus of 1989, given some similarities and the fact that Wdef was very unique when it appeared.

Effects

The first report of Mdef was at Cornell University. The Mdef.C variant was found on two SE/30 Macs at the University of Buffalo. Their antivirus did detect the virus, but would not remove it and they had to delete the infected files. The virus also infected at least one computer in the American south, making an appearance in a suburb west of Atlanta.

Sources

Ronald Greinke. Virus Test Center, University Hamburg, ""MDEF A, B" Virus." 1991.07.15

-. -, ""MDEF C, D" Virus." 1991.07.15

Tom Young. Virus-L Digest, "Macintosh MDEF/Garfield virus." 1990.05.15

Rob Carlin. Virus-L Digest, "the MDEF series of viruses (Mac)." 1991.04.17

ude.uwn.snca|nlj#ude.uwn.snca|nlj. Virus-L Digest, "New MDEF Virus & Disinfectant 1.8." 1990.05.20

McMahon,Brian D. Virus-L Digest, "Garfield/MDEF Ramblings." 1990.05.22

-. -, MDEF anyone? 1990.06.06

Adam C. Engst. TidBITS, ANTI-B. 1990.10.01

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License