There are 2 variants:
When the virus is loaded into memory, it first infects C:\COMMAND.COM so that it would be loaded automatically on upcoming boots, followed by hooking INT 21h to infect any DOS executable that is run.
The virus behaves stealthy so that there will have no observable size change on infected files, but allocation errors might appear, and it would damage these files if the user attempts to fix them via CHKDSK.
The user might encounter a slower response on issuing DIR command.
The virus does not manifest itself at anyway.
The following table shows the memory usage of the variants.
|Variant||Memory usage in bytes|
Did you know?Edit
This virus has another alias of "DIR", which is also a command in DOS, Windows and Linux. It is used to list files in a certain directory, the user may customize the listing by adding different switches. For switches available to the system, please refer to the table of contents of this command, it can be checked by the following command: