When the virus is loaded into memory, it first infects C:\COMMAND.COM, followed by hooking INT 8 and 21h to infect any executable that is accessed by writing itself to the end of the file.
The exact memory usage is 4,096 bytes.
When the value of month is equal to that of the day on the system date, on running any infected file the virus activates by rotating the following characters on screen:
l - / \ |
The user cannot stop the rotation of these characters unless resetting the system.
After activation, the system might hang when the user issues a command containing these characters, while the system would return "Bad command or file name" or "Syntax error" in normal cases.
The virus contains the encrypted internal text string: