ARCHIVED: For Mac OS, what is the AutoStart 9805 worm, and what can I do to protect my computer from it?
Note: The AutoStart 9805 worm variants will damage only PowerPC systems. Also, an infection cannot result from mounting a network volume.
AutoStart 9805, also known as the Hong Kong Virus, is a
worm that first surfaced in early May 1998. Since then, a
number of variants have also appeared. The worm initially attacks
systems using the CD-ROM AutoPlay feature of QuickTime
2.5+, copying itself to a computer when an infected volume is
mounted. It will then begin replicating itself to other volumes and
start destroying files. The more obvious symptoms of an AutoStart Worm
infection are unexplained periods of network and disk activity that
occur at predictable intervals, unrecoverably damaged files, and an
application (usually called DB
, BD
,
DELDB
, Desktop Print Spooler
, Desktop
Printr Spooler
, or DELDesktop Print Spooler
) that
launches on startup and then runs as a background-only process. When
the startup volume is first infected, it may cause a restart.
To defend yourself from infection, disable QuickTime's CD-ROM AutoPlay
feature. To do this, open your QuickTimeTM
Settings
control panel and in the section,
turn off . This is a preventive measure
that will not help you if your computer has already been infected. If
you suspect your computer has been infected or need to use the CD-ROM
AutoPlay feature, you should get an updated copy of a virus protection
program such as Norton AntiVirus, VirusScan, or Virex.
If you are a little more Mac OS savvy, you can remove the
worm yourself. Look in the top level of your hard disk for an
invisible application called DB
, BD
, or
DELDB
and remove it.
Note: Do not trash files like Desktop DB
or Desktop Printers DB
!
Also, check in your Extensions
folder for another
invisible application called Desktop Print Spooler
,
Desktop Printr Spooler
, or DELDesktop Print
Spooler
.
Note: Do not confuse this with the Desktop
Printer Spooler
extension, which should be visible.
You should check all of your hard disks, partitions, floppies, and removables, as they could also be infected.
This is document aghx in the Knowledge Base.
Last modified on 2018-01-18 12:07:56.