A rather nasty virus, which will activate if the computer has been turned on for 48 hours. It will then display the following messages on the screen:
Disk Killer -- Version 1.00 by COMPUTER OGRE 04/01/1989 Warning !! Don't turn off the power or remove the diskette while Disk Killer is Processing! PROCESSING
I hope you will never see this appear - it sure means trouble, namely that the virus has started to encrypt all the data on the hard disk (using a simple XOR method). When finished, the virus will display this message:
Now you can turn off the power I wish you luck !
Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.
Detailed instructions for F-Secure security products are available in the documentation found in the Downloads section of our Home - Global site.
You may also refer to the Knowledge Base on the F-Secure Community site for further assistance.
If you see this message, start looking for a recovery program. You can of course reformat the disk and restore everything from a backup, but it is not necessary because the virus only encrypts everything on the disk, but does not actually destroy anything. At least, this seems to have been the intention of the author, but there are a few errors in the encryption code, which may make recovery impossible.
Like some other boot sector viruses, Disk Killer hides in sectors it marks as "bad" in the FAT. The infection/replication mechanism is very similar to that used by other boot sector viruses - despite some early reports that this virus was somehow more advanced than the rest. On a hard disk, the virus will hide in the sectors just before the boot record. Disk Killer is the first boot sector virus that is properly able to handle other sector sizes than 512 bytes.