Xtac stays resident in memory and infects COM and EXE files when they are executed. COMMAND.COM is infected by overwriting an unused area.
Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.
Sometimes the virus deletes files with the following extensions:
Xtac contains the following unencrypted internal text:
good news! you have justbeen smitten by XTAC - lyndon siao, usc-tc
Xtac was reported to be in the wild in the USA in January 1996.
Date Created: 2006-01-01 15:22:14.0
Date Last Modified: 2006-01-01 00:00:00.0