Home > Threat descriptions >

Disk Killer

Classification

Category: Malware

Type: Virus

Aliases: Disk Killer, Ogre

Summary


A rather nasty virus, which will activate if the computer has been turned on for 48 hours. It will then display the following messages on the screen:

Disk Killer -- Version 1.00 by COMPUTER OGRE 04/01/1989 Warning !! Don't turn off the power or remove the diskette while Disk Killer is Processing!
PROCESSING

I hope you will never see this appear - it sure means trouble, namely that the virus has started to encrypt all the data on the hard disk (using a simple XOR method). When finished, the virus will display this message:

Now you can turn off the power I wish you luck !

Removal


Automatic action

Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details


If you see this message, start looking for a recovery program. You can of course reformat the disk and restore everything from a backup, but it is not necessary because the virus only encrypts everything on the disk, but does not actually destroy anything. At least, this seems to have been the intention of the author, but there are a few errors in the encryption code, which may make recovery impossible.

Like some other boot sector viruses, Disk Killer hides in sectors it marks as "bad" in the FAT. The infection/replication mechanism is very similar to that used by other boot sector viruses - despite some early reports that this virus was somehow more advanced than the rest. On a hard disk, the virus will hide in the sectors just before the boot record. Disk Killer is the first boot sector virus that is properly able to handle other sector sizes than 512 bytes.