<!DOCTYPE html>
	<html lang="en">
	<head>
	<meta http-equiv="X-UA-Compatible" content="IE=edge" />
				<meta name="viewport" content="width=device-width, initial-scale=1" />
		<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
		<meta name="format-detection" content="telephone=no" />
		<meta name="robots" content="noindex" />
			<title>AppleShare Network: WDEF Infection and Remedy</title><body class="ac-gn-current-support">
	<input type="hidden"  id="cdsHeaderObj" data-json='{"setPod": "true",
"resourceUrl": "https://support.apple.com",
"akamaiUrl": "https://km.support.apple.com",
"modelValue": "Support",
"aiSearchServiceURL": "support.apple.com",
"podLocaleValue": "en_US",
"omnitureLocale": "us_en",
"aiCrossDomainSearchServiceURL": "support-suggestions.apple.com",
"podValue": "us~en",
"searchCountry": "us",
"enableAppleInstant": "yes",
"pageName": "kb",
"amlSuggestionsUrl": "https://www.apple.com/search-services/suggestions/",
"title": "AppleShare Network: WDEF Infection and Remedy",
"channelName": "LEGACY"
}'>
	<input type="hidden"  id="httpDownloadURL" value="http://support.apple.com">
<!-- 	
 -->

	
<aside id="ac-gn-segmentbar" class="ac-gn-segmentbar" lang="en-US" dir="ltr" data-strings="{ 'exit': 'Exit', 'view': '{%STOREFRONT%} Store Home', 'segments': { 'smb': 'Business Store Home', 'eduInd': 'Education Store Home', 'other': 'Store Home' } }">
</aside>

<h1 id="main-title">AppleShare Network: WDEF Infection and Remedy</h1>
<div id="abstract">
 
<div id="intro-container"><div class="truncate"><div class="attr SYMPTOMS"><div class="attr TOPIC"><FONT SIZE=4><BR>
<BR>
Our office has an AppleShare network with about 12 Macintosh nodes of<BR>
varying configuration. The workstations are constantly going catatonic for<BR>
about a minute at a time. They seem to be looking out onto the network for<BR>
something (there's a network activity indicator under the Apple when this<BR>
occurs), but all work is being done locally.<BR>
<BR>
Almost any action can bring on the behavior.  We're using a combination of<BR>
LocalTalk and PhoneNet. Does this possibly sound like a problem with<BR>
termination in the network cabling? I've used Inter*Poll to test<BR>
performance, but can't locate any particular black hole on the net.<BR>
<BR>
</FONT></div></div> <!--  attr Symptom  --></div> <!--  truncate --></div> <!--  intro-container --><div class="clear"> </div>
 </div>   <!-- abstract end -->
<div id="articlecontent">
<div id="indicator-container">      
<div class="indicator archived"></div></div> <!-- Indicator-container -->
  <div class="attr SUMMARY">
It sounds more like you're dealing with the WDEF virus.  The virus tries to<BR>
infect a mounted AppleShare volume but, because AppleShare doesn't use the<BR>
Desktop file, everything comes to a halt while WDEF figures out what to do.<BR>
<BR>
We suggest running a good anti-virus utility on all your Macintosh systems<BR>
except the file server.  Symantec's SAM version 1.5 or higher will catch<BR>
WDEF. You will want to eradicate the virus from your server (you'll have to<BR>
start up with a floppy), but you don't want to install an anti-virus INIT<BR>
on it, so that it runs all the time.  You really wouldn't be keeping the<BR>
server clean, just slowing it down.<BR>
<BR>
You can remove WDEF without an anti-virus utility by simply rebuilding the<BR>
Desktops on every Macintosh on the network.  But be aware that you probably<BR>
have several infected floppy disks around, just waiting to reinfect your<BR>
hard drives.  Also, if you work at home, you should check those computers<BR>
for infection.<BR>
<BR>
<BR></div>
</div>


<!-- Start SiteCatalyst code version: H.8. -->


<!-- End SiteCatalyst code version: H.8. -->


<div class="mod-date">Published Date: Feb 18, 2012</div>
  <div id="mimosa-tags">
  
  <input type ="hidden" id="mimosa-tags-heading" value="Related Topics" />
  <input type ="hidden" id="showNavTagFlag" value="true" />
  <input type ="hidden" id="tags-localised" value="Tag" />
        </div>

</div><!--/#content-->
</div><!--/#main-->

<!-- Helpful not helpful section -->
 <div style="display:none">
<div id="meta">
                </div> <!--/#meta-->
</div>          
        <!-- Related Section -->
<div class="border-div"></div>      <!-- Offer Section -->
<div class="border-div"></div>
<div id="promo" style="display:none;"> Still need help?</div>          
         
<div style="clear:both;"></div>

</div>
<input type="hidden"  id="cdsArticleObj" data-json='{"docId": "TA46313",
"cdsLocale": "en_US",
"imgSrc": "",
"akamaiUrl": "https://km.support.apple.com",
"strTitle": "AppleShare Network: WDEF Infection and Remedy",
"strLocale": "en_US",
"omniturePageName": "acs::kb::dl::ta46313::appleshare network: wdef infection and remedy",
"metaUrl": "",
"baseLink": "https://km.support.apple.com/kb/",
"reportLink": "https://support.apple.com",
"lcl": "en_US",
"localeParam": "en_US",
"viewLocale": "null",
"domainName": "0",
"archive": "true",
"enableAffectedProductPortlet": "false",
"configHeaderFooterLocale": "en_US",
"strCategoryListRefKeys": "",
"lastModifiedDate": "2012-02-18",
"creationDate": "1991-07-01",
"publishedDate": "Sat, 18 Feb 2012 01:31:41 GMT",
"publishedDateHeader": "Sat, 18 Feb 2012 01:31:41 GMT",
"oldInquiraID": "",
"articleNo": "TA46313",
"strChannel": "LEGACY",
"isOmnitureSupported": "true",
"referringPage": "unknown",
"messageResourcesArticleTempEmail": "Email Download Link",
"messageResourcesArticleTempDown": "Download",
"ACStaticText": "{\"more\": \"…more\", \"less\": \"less\" }"
}'>

<div class="footer-wrapper">

</div>


</html>