Execution Procedure: 1) The virus checks whether it is already loaded resident in memory. If No, it then loads itself resident into memory by hooking INT 21h. 2) It then executes the original file. 3) With itself loaded resident into memory it will infect any uninfected file that is executed.
Damage: Virus finds an executable file (first .EXE file then .COM) in current directory and proceeds to infect it. It will display: Runtime error 002 at 0000:0511
on screen if no uninfected files are found.
Detection Method: Every Oct 31, the virus will create a 10KB-long file and display: Runtime error 150 at 0000:0AC8.
Note: 1) Loads itself resident in memory. An error message appears if there is an I/O error (such as write protect).