First, it checks whether the file begins with the command INT 20h After this, the virus examines the fourth byte in the file.
If it is 1 (ASCII 1 is a smiling face), the virus assumes it has already infected the file and refrains from reinfecting it.
That is because Butterfly only infects files in the current directory.
Most users install auxiliary programs such as LIST somewhere along the hard disk's path to make them easily accessible.
The program had been infected with a slightly modified version of Butterfly - only the text the virus contains had been changed.
If the sixth and seventh letters in the file name are 'N' and 'D', the virus concludes that the file in question is the command interpreter COMMAND. It is likely that the virus checks the beginning of files for the INT 20h command in order to avoid infecting bait files created by virus researchers.If the file's fourth byte is not 1, the virus judges the file to be uninfected and promptly remedies the situation.Although the virus usually leaves its victim's modification date unchanged, it contains a bug which in some cases causes the date and time of infected files to show the time of infection.I've found that happens when she happens to have the tablet.Or guess they could hang around the kiosk and message back and forth with you.The Butterfly-virus slipped into worldwide circulation together with the 4.11 version of the popular data communications program Telemate.