When the virus is being run, it outputs a message claiming that there is an error on executing the program, at this moment the virus has overwritten 2 files. After that it installs itself into memory, consuming about 88K.
This virus targets only the files in the C:\DOS directory.
The virus first overwrites itself, and then it overwrites the first uninfected EXE executable in C:\DOS, the timestamp of the file will be changed to the time of infection. Files that are smaller than the virus will have a size of 7,227 bytes after infection.
When there are already 2 infected files in the same directory, executing the virus will happen nothing other than displaying an error message or to deliver the payload. If any of the infected files has been removed or replaced with a clean copy, the virus may infect a file again when it is run.
Additionally, there are synonyms which as same as its name, some loaded programs or functions are permanently disabled by the virus, such as DOSKEY history recall and warm reset key command (CTRL-ALT-DEL). Even the user attempts to reload the programs, it would not succeed, and the user must reset the computer in order to execute them properly. On execution of infected program the system might crash.
Files that are overwritten by the virus are impossible to recover and they must be deleted or replaced with clean copies.
The exact memory usage is 89,440 bytes.
After the virus has been run for 5 times, it either hangs the system, or activates one of the following behaviors.
Blocking the user from doing tasksEdit
On an execution of any command, the virus jumps a blank line and displays the message:
Bad command or file name.
This blocks the user from executing anything, including internal commands, invalid commands, and CTRL-ALT-DEL. The system becomes completely unusable until the system is rebooted.
It is noticeable that, the original message delivered by the system does not have a full-stop (the dot) at the end.
Infinite system resetEdit
It might also cause the system to reset in an endless loop until it is completely crashed, show a black screen of death and would fail to reset anymore (see the screenshot above), but it is still possible to recover from a cold boot.
There are virus sharing the same name, which are relatively harmless.
The virus contains some corrupted internal text strings:
*.* COMMAN D IO.SYS MS DOS Bad comman or file name.