When a file infected with Zerobug is executed, the virus uses the COSMPEC variable to look for COMMAND.COM. If it finds COMMAND.COM, it will infect files from directly from there. If not, the virus becomes memory resident. The virus prepends its 1,536 bytes to every .com file run. In a manner similar to Vienna, the virus marks infected files with the number 62 in the seconds field of the file's timestamp.
After a certain amount of time, the virus will replace any "0" displayed on the screen with an ASCII smiley face (ASCII character 01).
The "DIR" command shows the infected files with their original sizes.
Zerobug.B is 1,840 bytes long. It does not use COSMPEC to infect COMMAND.COM. This variant will only infect .com files that are copied.
Zerobug gets its name from the fact that it replaces all "0"'s with an ASCII smiley face. With antivirus vendors, it is almost universally known as "Zerobug', with a few very minor differences (some have a space between "Zero" and "bug").
In spite of the fact that the virus sets an infected file's seconds timestamp to 62, it is in nearly every other way different from Vienna. Some virus researchers have remarked that the virus was poorly coded.
F-Secure Antivirus, F-Secure Virus Descriptions : Zero Bug.
Patricia Hoffman. VSUM, Zero Bug Virus.