Xtac stays resident in memory and infects COM and EXE files when they are executed. COMMAND.COM is infected by overwriting an unused area.
Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.
More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.
You may also refer to the Knowledge Base on the F-Secure Community site for more information.
Sometimes the virus deletes files with the following extensions:
Xtac contains the following unencrypted internal text:
good news! you have justbeen smitten by XTAC - lyndon siao, usc-tc
Xtac was reported to be in the wild in the USA in January 1996.
Description Created: 2006-01-01 15:22:14.0
Description Last Modified: 2006-01-01 00:00:00.0