'Cri-Cri' virus, found on S3-Trio64 Chinese Windows 3.1 setup disk polymorphic full-stealth .COM, .EXE, floppy bootsector infector; encryption is simple xor; filesize increase is constant (4616 bytes); hooks int 13h from bootsector of floppy, infects floppies when bootsector is read; code is written to end of floppy disk, original bootsector to end of directory code is encrypted on floppy disk hooks int 21h when floppy bootsector is written to (assumes DOS is loaded at this point, presuming 'format' or similar has been run on diskette); int 21h handler checks subfunctions: 11/12 - FCB find 4E/4F - DTA find 3D/6C - (extended) file open 3E - file close 3F - file read 40 - file write 4B00/01 - file load and execute/load only 5700/01 - get/set file date and time infects files by suffix check (and header check for .EXE files) minimum infectable file size is 2411h bytes maximum infectable .com file size is EDE7h bytes heavy SFT access for file access and infection (date, size, file pointer, etc) allocates 10kb of RAM activates on 4th June, and prints 'Cri-Cri ViRuS by Griyo96 ...tried, tested, not approved' in green in the middle of screen Does not replicate in Windows 95 DOS box