Threat Detail

  • Malware Type: Virus
  • Malware Sub-type: Macintosh
  • Protection Added: 2002-12-16

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Minimum Engine


File Length

1,356 (.a) 1,152 (.b)

Description Added


Description Modified


Malware Proliferation

fpo-ti-severity-legend logo-new-mcafee
This Apple Macintosh virus can spread and cause damage under System 6. Under System 7 and MultiFinder it can infect one file but cannot spread.

These viruses intercept 'OpenResFile' and 'MountVol' system traps.

If MountVol is called for a disk drive, this virus searches the first sector of track 16 for the string $16+"%%S" at offset 8 from the beginning of the sector (this works only with 400k and 800k floppies). If this string is found, the virus executes the code in that sector via a JSR call. (No such code has been discovered yet).

Please use the latest updates of Virex for cleaning. If this threat is detected on a Macintosh please use Virex to repair it.

If the infected object was found on a non-Apple file server it can be cleaned using Virex from a Macintosh client.

Infected Emails (usually in BinHex format) will be currently either deleted or quarantined depending on the configuration of mail scanner. Quarantined mails should be transferred to a Macintosh and cleaned using Virex.

The infection occurs when running an infected application to access memory or use of OpenResFile. Then the virus will append its body to CODE 1 resource and modify the jump table to point to it. These viruses hit all applications having a CODE 0 and 1 resource with size of old CODE 1 plus the virus being less than or equal to 32768 bytes.

If a system already infected with the ANTI-B variant (which appeared in Sep 1990) becomes infected with the ANTI-ANGE strain, they combine to form the ANTI-Variant infection.

The strings "ANTI" and "#000001" can be found in the CODE 1 resource.

ANTI-ANGE/Variant: CODE 1 is increased by 1348 bytes.
ANTI-B: CODE 1 is increased by 1144 bytes.