I believe the PE/COFF format is a superset of MZ-DOS, and does not contain any code that specifically checks for Windows. COFF executables start with an MZ-DOS stub, followed by a magic number then valid DOS code that prints "nope" then exits. When Windows opens a COFF executable, it reads the magic number and immediately skips ahead to the _real_ entry point. At no point does the program itself make any sort of "check" that it is running on Windows. This allows for hybrid executables such as REGEDIT to exist, where both the MZ and COFF sections contain a complete program, not unlike Universal (PPC/x86_64) and Universal 2 (x86_64/AArch64) programs under Darwin. In the case of Toadie, I'd love to load an infected executable through Cutter, but I'm pretty sure it overwrites the MZ section and the COFF magic number, with an MZ program that manually performs a protected call into the COFF entry point, presumably after running a malicious payload in MZ mode. In other words, Toadie is not really a Win32 virus. It is an MS-DOS virus capable of identifying and hooking into Win32 COFF executables non-destructively.
@danooct1
Жыл бұрын
You're 100% correct - this is actually classified as a DOS virus by Kaspersky, but I figured with me running it on Windows the "true" name may be a bit too confusing. Your knowledge and powers of deduction are very impressive and frankly a little frightening. Great comment.
@cameronbosch1213
Жыл бұрын
Wow. I have to agree with Dan here. This virus author must have been an above average programmer, as despite the issues, that would explain why the programs still worked on Windows, but in MS-DOS or DOS mode, they took forever to run. The parallels to Apple's Universal binaries are quite outstanding and frankly, quite freaky.
@PhirePhlame
Жыл бұрын
Amazingly enough, that's still true even for the most modern games. I just tested it in DOSBox, and sure enough Sonic Frontiers spits out the old "DOS mode" message and terminates.
@TH-vo6hv
Жыл бұрын
Can someone ELI5?
@rm_steele
Жыл бұрын
@@TH-vo6hv some exe files use the start of their code to tell Windows where the actual code is, but old DOS computers get different code that either works as DOS compatible code or tells the program to spit out a message and then exits The section concerning the virus went a bit over my head, but I beleive the poster was saying that they think the virus will overwrite this code that weeds out DOS computers with a way to make it go to the Windows code automatically, regardless of it being in code that DOS isn't made to handle
@Toxoid49b
Жыл бұрын
One of the main things I've gathered from watching your videos over the years is that pointing a camera at your monitor seems to be a valid substitute for an antivirus considering how it seems to cause malware to stop working correctly
@malwaretestingfan
Жыл бұрын
Murphy's law, it seems.
@cameronbosch1213
Жыл бұрын
We've seen that many times on Dan's channel! Good for most users, horrible for Dan! ☹️
@FriedNoodlee
Жыл бұрын
Ha! Nice
@dithercat
Жыл бұрын
selling my new solution based on this principle, QuantSafe(R) Anti-Virus, A Name You Can Trust(TM)
@sagebrushrepair
Жыл бұрын
I love how personal this comment is. Poor Danooct1. I like you just fine, even if malware does not.
@joser7514
8 ай бұрын
I tried running this one on a Windows XP 32 bit virtual machine a while ago, and it somehow worked, but barely. It seems to infect some files in the current directory and executing those shows the command prompt with the weird title and removes their icon, but seconds later they seem to get restored (they regain their icon and original size, and no longer launch the command prompt). Only one file got permanently infected (chrome.exe, yeah, Google Chrome), and the payloads shown in the video worked, but just for that file. Still it amazes me that it can run on a NT based system, because I believe most DOS/Windows 9x viruses like CIH don't work on NT versions of Windows.
@monkey314159
Жыл бұрын
nice GW quote.
@near5148
Жыл бұрын
Yay
@muslumanagac
Жыл бұрын
great video
@tecknox7462
Жыл бұрын
Man you sound just like Louis Rossmann. I find your speech pattern, accent, and tone are close.
@proletherapy15
Жыл бұрын
"It only makes your PC miserable to use." This part resonates quite well with a buggy experience, for truly it is often worse to have a PC or OS that barely work making its use living hell. Sometimes, if it cannot work anymore, death is a better alternative, that way it doesn't frustrate you every time you have to use it.
@chupathingy5862
Жыл бұрын
Just had a flashback to my deeply broken windows xp computer where explorer would crash for like ten minutes at a time.
@proletherapy15
Жыл бұрын
@@chupathingy5862 Heh, I can imagine the pain. I still remember my old days of using XP and Vista, they could be such a pain sometimes, the experience was so different a decade ago. It was also "fun" getting random viruses infecting core .dlls, causing all sorts of weird issues.
@IrisGalaxis
Жыл бұрын
ARP and REGEDIT are valid EXEs for both Windows and DOS mode, so that's why it's not a problem for them, ARP just opens the DOS version of itself instead of the Windows one, just like REGEDIT
@pvc988
Жыл бұрын
Every Windows program is secretly a DOS program too, even today. Usually, it just prints a message and quits. But it doesn't have to be like that.
@cyberparrot
Жыл бұрын
Opened Photoshop 2022's EXE in a text editor for shits and giggles and the "This program cannot be run in DOS mode." message was present near the beginning of the file. Whack.
@malwaretestingfan
Жыл бұрын
The DOS stub is a separate program in it's own right, nevertheless it can be replaced with another stub through a special linker option.
@thishandle.wasnttaken
Жыл бұрын
The video length and the virus' ability to throw you off its path for however long is honestly more reminiscent of meltingscreen.
@moelester7527
Жыл бұрын
Especially if he has to run a bunch of exe files for the virus to take effect.
@peachymunmagenta
Жыл бұрын
The struggle to get the virus to activate… classic Danooct1 video.
@Kurzov
10 ай бұрын
Memories
@R1PCH41N_FR3NZY
Жыл бұрын
"It's about this point that my eyes begin glazing over and my mind becomes one with the Toadie virus, rendering it useless" dan is clearly having fun with subtitles and I'm all here for it
@spendle
Жыл бұрын
8:07 "Fool me once, I'm mad. Fool me twice, how could you. Fool me three times, you're officially that guy..." - JonTron
@SpessWarlock
Жыл бұрын
Seeing "REGEDIT - HUHIUEH" was so sudden and funny that i almost dropped my drink. It's just for a frame but that's suspicious, lol
@choppergunner8650
Жыл бұрын
Yeah. The virus outputs all of those weird garbled text on the title bar, but the first one really seems like the virus somehow became self-conscious and started laughing maniacally as it destroys your PC.
@letcreate123
Жыл бұрын
When the virus does it job so well it completely bricks the kernel, now that I've never seen happen in a danooct video before LOL
@ItzTerraYT
Жыл бұрын
Almost 20 minutes?! What did we do to deserve THIS prize!
@NotThatSalty
Жыл бұрын
a new danooct1 video is the best birthday gift i could've ever asked for. thank you
@IrisGalaxis
Жыл бұрын
Happy birthday
@nikossamsung10
Жыл бұрын
Happy birthday, have a great day :)
@exaltedb
Жыл бұрын
Always glad to have a 20-minute long danooct1 video
@Povilaz
Жыл бұрын
I can't believe that Toadie literally toasted the computer LMAO
@WishMakers
Жыл бұрын
This virus was...a trip, to say the least. Possibly one of the most weird set of payloads, intentional or otherwise, that have showed up in your videos
@glitchyglyphva
Жыл бұрын
This was a super weird virus! Definitely wasn't expecting it to get to the Kernel so quick! Thank you Dan for pushing through the setbacks, and thank you for the work you put into these!
@malwaretestingfan
Жыл бұрын
@@explorer9049 True, thanks for the informative comment.
@glitchyglyphva
Жыл бұрын
@@explorer9049 Thank you for the info! Truly doing great work out here :D
@justinhamilton8647
Жыл бұрын
0:48 Cause I’m the Taskman, yeahhh I’m the taskman 🎶
@cameronbosch1213
Жыл бұрын
*I'm the task man! I check tasks!*
@VreyIsGrey
Жыл бұрын
Don't ask me what I want it for _Ha haaa, Mr. Bill Gates_ If you don't want to pay some more _Ha haaa, Mr. Jobs_
@Kilgamesh
Жыл бұрын
Your videos have the most pleasant subtitles, your effort is greatly appreciated. Your voice is also very soothing.
@thedarkdragon89
Жыл бұрын
I have been subscribed to you for a very long time. Every video is great and done in that old style that I enjoy. Thanks for the years of entertainment and here's to many more! Also, I've seen the kernel error before, it's so rare. I got it by randomly deleting registry entries.
@Crazy-Games
Жыл бұрын
If you think about why the kernel got infected so quick it makes sense He rebooted in MS-DOS which wasn’t a full reboot Therefore he booted into the KERNEL of windows which didn’t kill any other applications that can run in DOS and since the virus change’s applications from windows into dos applications the virus itself has dos code
@maiyannah
Жыл бұрын
Two Danooct1 videos! It really is the Christmas season! Always love the videos when they drop man.
@aurathedraak7909
Жыл бұрын
Should start a new series of old anti viruses that can fight old malware and such.
@cyberparrot
Жыл бұрын
I don't have any interesting technical insight to contribute, but I just wanna say that you and your videos are seriously appreciated. I've always been ecstatic whenever you upload.
@SLZeroArrow
Жыл бұрын
You're much more active again! I always love your humor in these videos, keep em coming!
@mudy951
Жыл бұрын
Do you manually reinstall Windows everytime you make a video? Just take an image (a dump of all the partitions) of a fresh install, and when you want to reinstall, connect the drive into your computer using an external HDD enclosure and re-image it.
@RabidOrphan
Жыл бұрын
It's so nice to see you still continuing to make videos on viruses even now. I used to be so fascinated with all your videos many years ago. I remember watching you and some other guy with a Zapdos pfp for a lot of virus content back then (no idea what his channel was called anymore). You and other virus channels really made my childhood and figure out pretty young to avoid getting viruses, while also making me a bit scared of using computers lol
@GaomonAndLucario
Жыл бұрын
The guy you're thinking of is rogueamp! You can always just search NavaShield if you forget his name, and he'll be the top result!
@RabidOrphan
Жыл бұрын
@@GaomonAndLucario Thank you so much!
@aznxknight
Жыл бұрын
5:05 "It's always good to thoroughly infect your machine whenever possible" LMAO
@HowPettyful
Жыл бұрын
My mind is blown by the captions explaining each hardware and software sound. Thank you for doing this still after all these years
@Aidy
Жыл бұрын
It's not a danooct video if the virus doesn't work on the first try. So glad to see you back, though!
@TheCRTProductions
Жыл бұрын
I like the George Bush reference especially considering I could see him getting his computer infected with something like this back in the day.
@modeco80
Жыл бұрын
Weird. If the VXHeaven archive is correct, Toadie.6810 isn't just "corrupt", it's not even Toadie (or an MS-DOS executable, for that matter)! It's some part of a (mIRC?) script which tries to DCC a file from the Windows directory to everyone upon joining a channel. (I'd post it, but even though it's literally just some random script fragment I'd still feel kinda dirty, so yeah) You can also see this when you're looking at the 6810 ""binary"" at about 0:28 as the size is only 142 bytes, far from the claimed 6810.
@sudsy9011
Жыл бұрын
I actually enjoy the dead-air moments, adds to the depth of the video, keep them more often if possible :P I'm sure it will make editing a bit more relaxing aswell
@CarBitGTSaxen
9 ай бұрын
"It's always good to throughoutly infect your machine whenever possible" -Dan
@FoxerTails
Жыл бұрын
Would the original Toadie virus have that warning message when launching or was that added in by a software analyst?
@crepechan
Жыл бұрын
BABE WAKE UP NEW DANOOCT1 VIDEO JUST DROPPED
@kernelbug2294
Жыл бұрын
Thank you for capturing the real PC rather than VM, its way more introducing!
@sugarbydesign
Жыл бұрын
your anger is immeasurable yet my day is fulfilled
@GarryStrait
Жыл бұрын
danooct's VMs in a nutshell: "Oh, what a beautiful day, fresh install and... Oh f***, not this shit again. Yet another round of viruses."
@cameronbosch1213
Жыл бұрын
This one isn't a VM though. This is the Gateway PC he used in some of his other videos, both recently and in the Magister & CIH revisited videos (the BIOS wasn't killed in either of those latter two videos).
@Vuusteri
Жыл бұрын
The unpredictability of these videos triggers the anxiety these viruses caused when you didn't know what was going on with your computer. Luckily you cannot get an infection via KZitem video, so it's only a simulation.
@ryannorthup3148
Жыл бұрын
I got disappointed to hear the Gateway seek test instead of the Packard Bell seek test. But oh well, still a cool video! Nice job, Dan!
@chris.8078
Жыл бұрын
I LOVE That you're still doing these things man, I remember you talking like 9 tears ago and showing off trojans and viruses. You're admirable.
@Drbeckerproductions
Жыл бұрын
Hey Danoct, just in case you didn't know, you can save a lot of time by installing Windows onto a CF Card instead of a traditional hard drive. That way you can clone the contents of a fresh Windows install and copy them over for each new video, that way you don't have to keep going through the windows setup process.
@lolman123401
Жыл бұрын
As if Norton ghost never existed
@kj_09
Жыл бұрын
7:00 lol
@cameronbosch1213
Жыл бұрын
2:25 The rush of nostalgia from that boot-up sound!
@Amad3uẓ̌
Жыл бұрын
Seek test is like music to my ears. Good to have a new video, thank you!
@unknowncomputer238
Жыл бұрын
I got a ransomware in my PC called vesad.
@Z2r
Жыл бұрын
new danooct (real)
@_-_--_
Жыл бұрын
awesome video, appreciate the captions :P
@slipk0rvayne17
Жыл бұрын
good to have you back lol. loading the kernel
@WickerBasket9
Жыл бұрын
When a virus is so good that it kills Windows in a Dan video. It's amazing.
@gogogagagugu2134
Жыл бұрын
wake up babe new monthly danooct1 content drop
@EmperorJulesLStirling
Жыл бұрын
Welcome back, Dan. I'm so excited to listen to you again.
@malwaretestingfan
Жыл бұрын
I did not expect this upload, how incredible.
@GeekyShdhfhdjdjdj
Жыл бұрын
14 years later and he still doesn’t use a screen recorder
@PsychoFizz
Жыл бұрын
And he never will haha
@ikillomega
Жыл бұрын
Toadie: The virus SO powerful, it infects your KZitem videos 20+ years after its creation!
@JohnSmith-xq1pz
Жыл бұрын
Yeah a new virus video!! That seek test never gets old 😍
@sayo5204
Жыл бұрын
damn that's a nice desktop background, whats the name?
@kociemleko1
Жыл бұрын
Red Blocks.bmp
@nirosolis485
Жыл бұрын
8:07 nice impression of GWB there
@CheddarVG
Жыл бұрын
The computer got frogged.
@axe2948
Жыл бұрын
Rip windows ):
@VirusNew17
Жыл бұрын
17:48 хахахахаха🤣
@megumicarrot
Жыл бұрын
my oshi just posted omg
@e1m1j
Жыл бұрын
Slightly weird the amount of steps you have to go through to get this into your system. What kind of person would infect their computer with this? IRC you said is a vector but I can't imagine many people back in the day would get this going unless a kid was playing around with the executables or something to that effect. I remember renaming Doom95.exe as a kid and I got a smack for that.
@vancedtestjrp1918
Жыл бұрын
How danooct1 get's a virus file? I want to try the virus through VMware
@cameronbosch1213
Жыл бұрын
He gets it from specialized sites. I won't say exactly where unless he's okay with it (he probably isn't, so I won't). Malware isn't a joke though; while many older pieces of malware won't really work in newer versions of 64 bit Windows, you probably shouldn't be playing Russian Roulette with your host.
@VreyIsGrey
Жыл бұрын
@@cameronbosch1213 Especially considering a select few pieces of modern malware can sometimes slip through the cracks and have an effect on the host system
@cameronbosch1213
Жыл бұрын
@@VreyIsGrey Most older ones won't work or work as intended, but yeah, some of the newer NT ones can still cause issues, so I would avoid testing malware unless you're okay with regular backups to avoid serious data loss.
@lunazhere
Жыл бұрын
Danooct, your the best. Your the reason I became interested in cybersecurity and malware. If it werent for your videos peaking my interest, I wouldn't have the career path I have today. Thank you so much.
@raidhhi2217
7 ай бұрын
It wasn't written in Pascal. It was written in ASIC V5 and Assembler in tasm but later versions nasm. And that box has nothing to do with Toadie. You might be wondering How I know this about it? Well you did a video on my virus. I can answer any questions you have? About it if you'd like me to do so
@serraramayfield9230
Жыл бұрын
What the hell happened to Rogueamp? He last posted in 2017.
@Rabagosh
Жыл бұрын
2:25 Good old days :(
@walkiacid9265
Ай бұрын
you have some beef with.. certain viruses.. i have a fun challenge, what's the eariliest video, that dan has shown beef with the virus?
@Nico93
Жыл бұрын
do you also play normal games on the machine's outside of doing a virus thing?
@bitterlemonboy
Жыл бұрын
Year 2022 and Windows still hides file extensions by default.
@l9day
Жыл бұрын
I like the extra flavour found in the closed captions.
@Trail_Lentil
Жыл бұрын
Another Danooct1 video this year?? Amazing gift.
@hoshizoralone
Жыл бұрын
thank you danooct1 for another fantastic vid where the virus operates exactly as planned
@andresbravo2003
Жыл бұрын
Pascal? Never heard of it. I still keep enjoying on your videos even this keeps going. Never give up Dan!
@malwaretestingfan
Жыл бұрын
It's an old programming language developed by Niklaus Wirth as a quite verbose alternative to ALGOL, it was later popularized by the Delphi IDE and it still goes strong thanks to the Free Pascal project.
@xirate7091
Жыл бұрын
Me, being 26, I started with some pascal programs when I was like 13-14, so 12 years ago it was somewhat relevant :v
@cameronbosch1213
Жыл бұрын
@@malwaretestingfan It was originally meant for teaching programming, but apart from Toadie, it really failed to be useful outside of that.
@malwaretestingfan
Жыл бұрын
@@cameronbosch1213 Failed to be useful? Pascal is still a useful language for developing software. The TIOBE Index ranks Delphi/Object Pascal at the 17th place by programming language popularity.
@cameronbosch1213
Жыл бұрын
@@malwaretestingfan Still, I think Java, Python, C/C++, & Rust are still better to know than Pascal.
@nikossamsung10
Жыл бұрын
It's always a good Friday when danooct1 uploads!
@thehylian6984
Жыл бұрын
What the fuck was that seek test that is NOT packard bell 😭😭😭
@melvinsgjr
Жыл бұрын
i need to know about virus "I LOVE YOU"
@Mario583a
Жыл бұрын
Danooct1: Toadie Actuality: Poisonous.Toadie
@KOMEOyt
Жыл бұрын
19 minutes of content, thank you
@chudite
Жыл бұрын
Glad to see a new video! Welcome back! :)
@tomrow32
5 ай бұрын
I wonder what this might do on Wine or an NT system.
@pigeondriver45
Жыл бұрын
i download tjis game for name (The Mario Toad lol)
@DarkMettaur
Жыл бұрын
omg there's a bear with you??
@BTO98
Жыл бұрын
you should do a video on tiggre!
@Maks7594
Жыл бұрын
no way, bro's alive
@phanomega
Жыл бұрын
Do Protactinium next
@aboredhumannamedjoe6679
Жыл бұрын
what if, now hear me out, what if viruses existed on calculators? a serious question. i mean, it's now possible to run games on calculators, are there viruses for calculators?
@malwaretestingfan
Жыл бұрын
Yes, there are. There are two viruses for the TI89 calculator series, Gaara and Divo.
@aboredhumannamedjoe6679
Жыл бұрын
@@malwaretestingfan yeah i ended up looking it up but didn't look too much into it bc being the science geek I am, i became more interested in another article about how biological viruses can get sick with viruses just like anything living. I should try looking up calculator viruses again but I'm afraid I'll spend 2 hours researching science articles again.
@ieatthighs
Жыл бұрын
@@aboredhumannamedjoe6679 wow you are so smart how can I become as smart as you?
@aboredhumannamedjoe6679
Жыл бұрын
@@ieatthighs idk man, i have a hobby of researching random stuff. maybe just enjoy learning or smth.
@mateomashboo
Жыл бұрын
Matthew Turnded 8
@Angiekins
Жыл бұрын
sir, thank you for the malware knowledge over the years, but sir can i pls say that your voice is so calming
@smg4gaming-poppyfromdreamw136
Жыл бұрын
Mario Movie = Toadje
@andreasfranzmauskrell1126
3 ай бұрын
homie ?? was
@etz80808yy
Жыл бұрын
TWO VIDEOS???
@alexanderlewis8351
Жыл бұрын
LOL I am sure many will not appreciate your Bush quote.
Пікірлер: 212