When the virus is loaded into memory, it hooks INT 21h and writes itself to the end of any executable (except AVG.EXE) that is run or opened.
The virus stores the time of the very first infection into the MBR of the hard drive, which is used for its activation.
This virus occupies 2,416 bytes in memory.
The virus activates when at least a whole month has been passed, it first loads the file allocation table of C: into memory, following by corrupting the original one. After that it displays the following message:
Hello dear friend, your computer is attacking by NIGHT KING I. virus. If do you like your data very much, don't reset your computer before midnight !
A clock is also displayed at the bottom of the message box, if the user waits until midnight, the virus will restore the FAT, followed by hanging the system (the user can reset the computer after that). Otherwise the system will not boot if the user resets the computer before the time is up.
The day of activation is not calculated by comparing the days, but the months and years. For example, the first infection was on Jan 9, then it would not activate in February, but on the first day of March.
If the size of memory installed is not enough to let the virus to load the whole FAT into it, it would simply hang the system and nothing will be damaged.