Virus.DOS.NightKing.1568 or NightKing is a very dangerous memory resident parasitic DOS virus.


When the virus is loaded into memory, it hooks INT 21h and writes itself to the end of any executable (except AVG.EXE) that is run or opened.

The virus stores the time of the very first infection into the MBR of the hard drive, which is used for its activation.

Advanced details

This virus occupies 2,416 bytes in memory.

MD5 hash:



The virus activates when at least a whole month has been passed, it first loads the file allocation table of C: into memory, following by corrupting the original one. After that it displays the following message:

Hello dear friend, your computer is attacking
by NIGHT KING I. virus. If do you like your
data very much, don't reset your computer
before midnight !

A clock is also displayed at the bottom of the message box, if the user waits until midnight, the virus will restore the FAT, followed by hanging the system (the user can reset the computer after that). Otherwise the system will not boot if the user resets the computer before the time is up.

Other details

The day of activation is not calculated by comparing the days, but the months and years. For example, the first infection was on Jan 9, then it would not activate in February, but on the first day of March.

If the size of memory installed is not enough to let the virus to load the whole FAT into it, it would simply hang the system and nothing will be damaged.




NightKing virus review by Alles Sandro



NightKing virus review by danooct1


Virus.DOS.Nightking Followup

The follow up of the NightKing virus by danooct1