Threat Detail

  • Malware Type: Virus
  • Malware Sub-type: Macintosh
  • Protection Added: 2002-12-16

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Minimum Engine


File Length

509 bytes (.a) <BR>814 bytes (.b)

Description Added


Description Modified


Malware Proliferation

fpo-ti-severity-legend logo-new-mcafee
This Apple Macintosh virus is a desktop file infector. It can spread under System 6 or 7 but causes damage only under OS 6.

CDEF has a similarity to the WDEF virus, and appears in two strains (509 and 814 bytes long). It can infect the desktop file of a System 6 drive immediately upon the insertion or mounting of an infected volume, unless the drive is physically write-protected. Although System 7 is immune to the CDEF virus, it is still possible for the virus to exist in a System 7 desktop file, especially if the virus was on the drive before the drive was updated to System 7. CDEF infects by adding a CDEF resource to the invisible desktop file and spreads through the sharing of infected floppy disks.

NOTE: If you have chosen the z or OPTION key as your default bypass key in the Virex Control Panel Preferences, when you rebuild your desktop, the Virex Control Panel will not load into memory while you hold down that key. You must remember to restart your computer, so that the Control Panel will load into memory and continuously monitor your drive.

Authored by a high school student who also authored the MDEF virus. It was discovered in Ithaca, NY in 1990.

Please use the latest updates of Virex for cleaning. If this threat is detected on a Macintosh please use Virex to repair it.

If the infected object was found on a non-Apple file server it can be cleaned using Virex from a Macintosh client.

Infected Emails (usually in BinHex format) will be currently either deleted or quarantined depending on the configuration of mail scanner. Quarantined mails should be transferred to a Macintosh and cleaned using Virex.

The virus copies itself to all desktop files on the first three connected volumes.
Additional CDEF 1 resource in Desktop file - Desktop shouldn't have one. Can cause system crashes, anomalous behavior, and printing problems.

CDEF can be removed by rebuilding the desktop file on the infected volume either by restarting the drive or inserting (mounting) the infected cartridge or disk, and simultaneously pressing the command and option keys.