When the virus is run, it infects C:\COMMAND.COM and the first uninfected DOS executable file.
This virus attaches itself on COMMAND.COM so that it would be called once when the system starts.
The virus activates when the value of day is equal to month and the hour is equal to minute (e.g. September 9th, 12:12).
It displays a chunk of assembly code, with its logo and copyright notice:
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ \ CSEG:OFFS OPCODE PSEUDO INSTR. / / 1F47:0103 90 NOP \ \ 1F47:0104 0000 ADD [BX+SI],AL / / 1F47:0106 E80000 CALL 0109 \ \ 1F47:0109 5D POP BP / / 1F47:010A 81ED0901 SUB BP,0109 \ \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ -=≡ßL/\ZΣR≡=- (c)'1994
And deletes all files in the current directory, files in subdirectory are not affected.
If the payload triggers upon system start (executing the infected COMMAND), all files in uppermost directory including hidden system files IO.SYS and MSDOS.SYS, will be deleted. When the computer is rebooted, it will fail to load the system.
Deleted files are possible to recover using Undelete before rebooting, but the infected files must be replaced with clean copies, or the virus might activate again or hang the system when it is loaded next time.