This is a not dangerous nonmemory resident polymorphic BAT virus. It
writes itself to the end of the files. When executed it searches for .BAT
files in current, parent, current C: drive and root C: directories, then in
all PATH directories and infect one batch file that is found.
The virus uses polymorphic BAT engine similar to the “Batalia6”
virus – it compresses itself with PKZIP and password, and adds to its entry
code “junk” strings.
The virus displays the text:
(: PolyBat Morpher 🙂
While infecting a file the virus uses external DOS command and utilities:
PKZIP, PKUNZIP, ATTRIB, FIND, and fails to infect the files if there are no
such programs in PATH.