AutoStart Worm

AutoStart wormMacintosh application infectorPowerPC Macintoshes and compatibles, typically running QuickTime v2.0 with the "Enable CD-ROM AutoPlay" option enabledHong KongAs with any worm, the AutoStart worm makes copies of itself, rather than infecting other files. According to reports from Bigelow's Virus Troubleshooting guide, authored by Ken Dunham, Autostart begins by copying itself to the root directory as an invisible QuickTime AutoStart application. It then copies itself to the Extensions folder. Data destruction occurs with A, B, E, and F variants. Variants C and D have no malicious payload, and in fact attempt to remove the other variants. Filenames are typically DB, BD, DELDB, Desktop Print Spooler, Desktop Printr Spooler, or DELDesktop Print Spooler. There exist similarly named files which are legitimate, so caution should be exercised if removing these files.

Macintosh virus information