Alan_J_Roberts@Sun.COM (09/27/89)
The CVIA has isolated the "Disk Killer" virus after 6 months of work and over three dozen reports. The virus activates after a random time period which varies from a few days to a few months, and when it activates, it performs a low level format of the hard disk - thereby destroying itself along with everything else. As it formats, it displays the message - "Disk Killer -- Version 1.00 by COMPUTER OGRE. Don't turn off the power or remove the diskettes while Disk Killer is processing. I wish you luck." The first organization to report this virus was Birchwood systems in San Jose in early Summer. Additional reports were received from Washington, Oklahoma, Minnesota and Arizona. We finally isolated it at Wedge Systems in Milpitas California and discovered that it is a boot sector infector that infects hard disks and floppies. The internal messages do not appear in sector zero, but are stored in sector 152 on floppy disks and an as yet undetermined location on hard disks. This had always added to the confusion over the virus because message remnants were sometimes discovered in the middle of executable files, and it was assumed that the virus was a COM or EXE infector. The virus appears to be very widespread and everyone should watch out for it. If your boot sector does not contain the standard DOS error messages, then immediately power down and clean out the boot. (Infected boot sectors begin with FAEB). This is a nasty virus and should be treated cautiously. ViruScan V39 identifies the virus, but it will not be posted till the 29th due to major revisions in SCAN's architecture for version 39. Alan
fisherjm@iris.ucdavis.edu (John M. Fisher) (05/07/91)
We have had one of our hard disks encrypted with the Disk Killer virus. Supposedly there is a decryption package known as RestOgre and a detection package known as AntiOgre. Would anyone have any information about this virus, and known where I can find these programs? Any help would be greatly appreciated! Thanks, John
JIMS@SERVAX.BITNET (Jim Schenk) (06/21/91)
Hello,
Does anyone have information on the Disk Killer Virus? (I've already
got Patricia Hoffman's VSUM - I need some more detailed info).
Running F-PROT 1.15A on a DTK 286 under MS-DOS 4.01 results in the
following:
This boot sector is infected with the Disk Killer virus.
Disinfect? Y
Can not cure - original boot sector not found.
Any help would be greatly appreciated.
Jim Schenk
University Computer Services
Florida International University
Bitnet: jims@servax
Internet: jims@servax.fiu.edu