It is a very dangerous resident virus. It affects .EXE-files in the current
disk directory, where a file is being run from or opened in. An infected file
is being searched by the FindFirst and FindNext functions and not necessarily
coincides with a file being opened or executed. On infecting, “Alabama” uses
FCB-functions for work with files, appends to the file end; incorrect
infection is possible. In an infected file the time of last modification is
set to 62 seconds.
This infector tries to “survive” a reboot – for this purpose it sets INT 9h
(keyboard), hooks the Alt-Ctrl-Del combination, then turns off the screen and
calls the boot procedure (INT 19h). During this operation the codes of the
virus are not erased.
Depending on the current time “Alabama” might displays the messages:
The virus hooks INT 9, 21h, contains the text string “????????EXE” and
doesn’t have destructive functions. But it works incorrectly with files and
the memory – might hang up the system.