In MS-DOS, if the user enters FOO in the command interpreter, in a directory where both FOO.COM and FOO.EXE exist, then FOO.COM will always be executed.

Overwritten files must be deleted and replaced with clean copies in order to remove the virus.

First discovered in April 1990, it appears to be a more elegant revision of AIDS, which also employs the corresponding file technique to execute infected code.

After creating the new COM file, the virus then plays a loud note, and displays the following message:[5] Your computer is infected with ... - Signed WOP & PGT of DutchCrack - AIDS II then executes EXE file the user intended to execute without incident.

Since the EXE file is unchanged, cyclic redundancy checks, such as those present in antivirus software, cannot detect this virus having infected a system.