When PHP/Pirus.A is executed, it will search for files with ".php" and
".htm" from the current directory. If such files are found, it will
append a small code that will execute the virus from a separate file.
The name of the file is "pirus.php".
[Analysis: Katrin Tocheva and Sami Rautiainen, F-Secure; January 2001]
