When launched, it looks for files as .ba? in the current directory, for files as .b?t in the parent directory, and for files ?*.*at in the C: drive root.
It writes its code in the infected file, this way, it deletes the actual contents.
The virus does not show its existence in any way.