The ANTI Virus attaches itself to the end of the main code resource of an application. It patches the main code so that it is invoked in the first place each time the application is started. An infected application will try to infect the system heap, if it wasn't already infected beforehand (the system heap means the part of the system that has been loaded into memory at boot-time. ANTI does not infect the file ‘System’).
The virus propagates to all applications whose main code entry starts with a JSR.
Most compilers create this type of application. Under certain circumstances, it also propagates to other kinds of applications.
-- part contents for background part 11
----- text -----
The virus assumes that the main program entry of the application to infect is contained in CODE ID=1. This is the case in all normal applications. Applications whose main routine is contained in a CODE resource other than ID=1 will either not be infected or crash.
Portions of the code suggest that the virus has been written as part of a copy-protection scheme.