When the virus is loaded into memory, it hooks INT 21h to infect any EXE executable that is run, by writing itself to the end of the file. It does not infect files smaller than 65,536 bytes (64KB).
The infection size varies in different files.
The virus might crash the system on infecting some of the files.
The virus does not infect the following anti-virus programs:
SCAN CLEAN F-PROT
The TSR memory usage is 5,008 bytes.
When any program is run in between August and December inclusive while the virus is in memory. It attempts to delete all the files in current directory and those in every subdirectory.
While deleting, the virus displays the following line in red of every deleted file:
|Deleted (file) | Don°t Worry BlackIce is Working for U
However the virus contains bugs so that it would crash the system during deletion.
The virus contains the encrypted internal text string:
by Phil Katz ITALY. See U Soon
- Securelist (Kaspersky Labs), Virus.DOS.BlackIce.1930