These are very dangerous memory resident parasitic stealth viruses 4096 (1000h) bytes of the length. They trace and hook INT 21h and write themselves to the end of COM and EXE files that are executed or closed. The virus also may affect data files, and infect them as executable ones. While infecting the virus increases by 100 the year field in file time and date stamp. When installing into the system memory these viruses occupy the top addresses, as a result DOS re-loads COMMAND.COM, and the virus infects it. Then these viruses hide the block of the memory that is occupied by TSR virus copy. They set the MCB block-owner field as that block is DOS block of memory. Later the TSR copy of the virus might move itself through the memory in direction of lower addresses, allocating new memory areas and clearing old ones. That virus was one of the first virus that uses quite complex stealth routine. That routine intercepts and handles 20 functions of INT 21h (FindFirst, FindNext, Read, Write, Lseek, Open, Create, Close, Exec etc.) and effectively hides the virus in the infected files. When DOS tries to access an infected file, the virus substitutes its original length and the date and time stamp. Upon reading or loading an infected file into the memory, the virus modifies the data that is read from the disk in such a way, that the file appears as uninfected one. Upon opening an infected file for writing the virus disinfects it (because writing to such file might delete a part of the virus code) and reinfects that file while closing. The virus manifests itself from September 22nd till December 31st every year. The virus overwrites the MBR of the hard drive, and boot sector of the floppy disks with the program. While booting from such disk that program displays the message: FRODO LIVES!