exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

a-27.ciac-orge-virus

a-27.ciac-orge-virus
Posted Sep 23, 1999

a-27.ciac-orge-virus

tags | virus
SHA-256 | ea6f471c36ce625b0ad3163ebe748f6449cbec46ba9dbeb9dc7654dde4ec726a

a-27.ciac-orge-virus

Change Mirror Download

________________________________________________________________________
THE COMPUTER INCIDENT ADVISORY CAPABILITY

CIAC

INFORMATION BULLETIN
________________________________________________________________________

The Disk Killer (Orge) Virus on MS DOS Computers


June 28, 1990, 1000 PST Number A-27

________________________________________________________________________
Name: Disk Killer virus (also known as the Ogre virus)
Types: Only one known variant
Platform: MS DOS computers
Damage: Overwrites mounted disks
Symptoms: Writes "COMPUTER OGRE 04/01/89" on screen and overwrites disk
Detection/Eradication: VIRALERT, VIRHUNT, RESSCAN, CodeSafe, CleanUp,
F-Prot, IBM Scan, Pro-Scan, and others (contact CIAC for information
about these products)
Critical Disk Killer Facts
________________________________________________________________________

The Disk Killer virus is a destructive virus affecting MS DOS
computers. This virus infects the boot sector, then hides itself by
marking unused blocks on floppy or hard disks as bad. After remaining
dormant for approximately 48 hours of operation (not calendar) time
after the initial infection, Disk Killer executes upon the first boot
or reboot after this period. Upon execution, this virus displays the
following message:

Disk Killer -- Version 1.00 by COMPUTER OGRE 04/01/89

Warning!!

Don't turn off the power or remove the diskette while Disk Killer
is Processing!

Next, the word "PROCESSING" will be displayed, followed by this message:

Now you can turn off the power. I wish you Luck!

Disk Killer overwrites the boot sector, then the file allocation table
(FAT), then the directory randomly with blocks of a single character.

The proper procedure depends upon when you detect Disk Killer:

1. If your machine is infected before it executes and you detect this
virus through a scan package (such as CodeSafe, RESSCAN, VIRHUNT, or
IBM Scan)---TURN YOUR MACHINE OFF. Then use a write-protected bootable
floppy disk to boot your system; otherwise, you will have disk Killer
in memory, causing re-infection. Remove Disk Killer by installing and
executing a PC virus eradication package such as VIRHUNT.

2. If the message shown above appears on your computer's screen, Disk
Killer has already executed---LEAVE YOUR MACHINE ON AND ALLOW THIS
VIRUS TO EXECUTE WITHOUT INTERRUPTION (i.e., until "Now you can turn
off the power..." is displayed). It is true that Disk Killer will
overwrite your disk, but don't worry---you can restore all data and
files from your disk (floppy or hard disk) using a recovery package
such as UNKILL. Reboot from a write-protected master floppy, and
remove the virus using virus eradication software.

Regardless of which particular procedure (1 or 2) you use, be sure to
scan any disks (in particular, bootable floppies) before resuming
normal activity with your computer.

Note: Because this virus modifies every byte in every sector on your
disk, Norton Utilities not a feasible means of recovering from the Disk
Killer virus. Note also that a considerable amount of incorrect
information about responding to Disk Killer has already been
distributed. If you follow this incorrect information, which advises
you to turn your machine off as soon as Disk Killer begins to execute,
it is extremely likely that you will not be able to fully recover from
this virus.

Additional Note: The CIAC team first became aware of this virus early
last Fall. At that time, however, we chose to briefly describe this
virus in the CIAC Bulletin Board (FELIX) and CIAC Bulletin A-15, rather
than to issue a separate bulletin; infections at that time appeared to
be limited to MS DOS computers equipped with hard disks made by a
particular manufacturer in Taiwan.

For additional information or assistance, please contact CIAC:

David S. Brown
(415) 423-9878 or (FTS) 543-9878
FAX: (415) 423-0913, (FTS) 543-0913 or (415) 422-4294

Send e-mail to:

ciac@tiger.llnl.gov

Neither the United States Government nor the University of California
nor any of their employees, makes any warranty, expressed or implied,
or assumes any legal liability or responsibility for the accuracy,
completeness, or usefulness of any information, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation, or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government nor the University of California, and shall not be used for
advertising or product endorsement purposes.

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close