Upon execution of an infected file, the virus searches out and infects the first non-infected .COM file and the first non-infected .EXE file that it finds within the current working directory.
If the virus does not find an uninfected .EXE or .COM file within the current working directory, it will search through the directories listed in the system’s PATH=statement, looking for such a file to infect.
Infected files contain the following ASCII strings:
KAOS4 / Köhntark
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.