Python is a polymorphic, stealth, file infecting virus. It infects .COM and .EXE files, including COMMAND.COM.
Upon infection, this virus may becomes memory resident at the top of system memory but below the 640K DOS boundary.
Once the Python virus is memory resident, it infects .COM and .EXE files as they are executed.
The Python virus was received in December, 1994. Its origin or
point of isolation is unknown. Python is a polymorphic stealth
virus which infects .COM and .EXE files, including COMMAND.COM.
When the first Python infected program is executed, this virus
may install itself memory resident at the top of system memory
but below the 640K DOS boundary. It does not always install
itself memory resident, and the system user may have to execute
an infected program several times in order for the virus to become
memory resident. When resident, total system and available free
memory, as indicated by the DOS CHKDSK program from DOS 3.3, will
have decreased by 1,264 bytes. Memory mapping utilities will not
indicate that any interrupts are hooked by this area of memory.
Once the Python virus is memory resident, it will infect .COM and
.EXE programs when they are executed. Infected programs will have
a file length increase of approximately 1,142 to 1,603 bytes with
the virus being located at the end of the file. The file length
increase, however, is hidden by the virus when memory resident. The
program's date and time in the DOS disk directory listing will not
appear to be altered, though the seconds field will have been set to
"40". The following text string is encrypted within the viral code:
Execution of the DOS CHKDSK program with the Python virus memory
resident will result in file allocation errors being indicated on
all infected files.