The virus checks if a file named "C:\AW" exists in the system. This AW file is served as a log file of those files which will be deleted by the virus. This memory resident has the ability to delete files with the following extensions
BMP, JPG, DOC, WRI, BAS, SAV, PDF, RTF, and TXT and WINWORD.EXE
when these files are accessed.