This is a very dangerous memory resident parasitic virus. It hooks INT 21h
and writes itself into the middle of COMMAND.COM when it is executed, or
accessed with DOS function FindFirst (AH=4Eh).
The virus is located in COMMAND.COM stack area and does not increase the
file length. The virus changes the 2nd and 3d bytes of the file (JMP
The body of the virus contains a counter that increments by 1 on every
successful infection of next COMMAND.COM file. The counter is saved on disk
only when infected COMMAND.COM has been run from the hard disk. Otherwise
the counter state is zeroed on every reboot of DOS. When the counter reaches
4, the virus erases the first 32 logical sectors of the disk which it has
been run from.