Virus.DOS.NightKing.1568 or NightKing is a very dangerous memory resident parasitic DOS virus.


When the virus is loaded into memory, it hooks INT 21h and writes itself to the end of any executable (except AVG.EXE) that is run or opened.

The virus stores the time of the very first infection into the MBR of the hard drive, which is used for its activation.

Memory usage Edit

The exact memory usage is 2,416 bytes.

Payload Edit

The virus activates when at least a whole month has been passed, it loads the file allocation table of C: into memory, then corrupts the original one, followed by displaying the message:

Hello dear friend, your computer is attacking
by NIGHT KING I. virus. If do you like your
data very much, don't reset your computer
before midnight !

A clock is also displayed at the bottom of the message box, if the user waits until midnight, the virus will restore the FAT, followed by hanging the system (the user can reset the computer after that). Otherwise the system will not boot if the user resets the computer before the time is up.

Other details Edit

The day of activation is not calculated by comparing the days, but the months and years. For example, the first infection was on Jan 9, then it would not activate in February, but on the first day of March.

If the size of RAM installed is not enough to let the virus to load the whole FAT into it, it would simply hang the system and nothing will be damaged.




NightKing virus review by Alles Sandro



NightKing virus review by danooct1


Virus.DOS.Nightking Followup

The follow up of the NightKing virus by danooct1

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.