November 21 late in the evening DialogueScience, Inc. virus alert service registered the appearance of a dangerous Trojan detected by Dr.Web® anti-virus program as Trojan.Seoul. The virus source is likely to be in the Republic of Korea. It might be "dedicated" to the AVAR (Association of anti Virus Asia Researchers) forum that is taking place in Seoul these days.
A relevant hot add-on to Dr.Web® anti-virus program version 4.29, detecting Trojan.Seoul was issued at 21:04, November 21. As the virus code is highly complicated, the specialists of Anti-virus Laboratory of Igor Daniloff and of DialogueScience, Inc. keep analysing the code and the destructive features of the Trojan.

At present it is clear that the virus is a multi-component program, with some components being encrypted. When activated the virus searches for special system activity monitoring tools and debuggers. If found the virus kills them in memory and deletes all the files on the hard drive of the computer. If such processes are not found it creates the correspondent entry in the Windows system registry securing its automatic launching after the system restart. When run after the next reboot the virus displays a message box on the screen with the inscription "What foolish thing you've done" and after that starts deleting all the files on the hard drive.

The virus is also capable of mass-mailing its copies, this feature is being tested now.