When the first Helicopter infected program is executed, this virus will install itself memory resident at the top of system memory but below the 640K DOS boundary, not moving interrupt 12's return. Available free memory, as indicated by the DOS 5.0 CHKDSK program, will have decreased by approximately 1,296 bytes. Interrupts 10, 21, and 24 will be hooked by the virus in memory. Once the Helicopter virus is memory resident, it will infect .COM programs when they are executed, providing the file has at least 777 bytes of continuous binary zeros. Infected files will have 777 bytes of the binary zero area overwritten by the viral code, along with the beginning of the file being altered to point to this area. The file's date and time in the DOS disk directory listing will not be altered. No text strings are visible within the viral code.
Delete the infected files.