"Heh, there's your definitive answer. DOS
Viruses, can indeed, give you a bad day" [Intro sounds] [Intro music reminiscent of an 80s action
film plays] Recently I bought a new PC. It's a PC with
one purpose; testing. Whether that's testing different operating systems, different hardware
accessories, different hard drives, or even transferring 10k DOS viruses onto it, just
to see what happens. Yup, this little baby is going to go through
the wars, which is fine. At £370, including the monitor, keyboard and this rather sensual
vertical mouse, it's money well spent. I'm actually pretty astonished for what you
can get for that much money. This baby has a Ryzen 5 3400G with Vega 11 graphics, 8GB
of RAM, a Maxtor 240GB SSD and this rather fetching case, including flappy Drive opening...
all it needs is a suitable operating system and we're ready to go. "Windows 10 for £7, that'll do!" Ahhh Windows. Things are so easy these days.
No conflicting hardware, no device drivers to install, no corrupt floppy disks. In it's
own way, it's kinda nice. Although, you and I both miss the problem solving days of old.
That's where the fun was. So here's Windows 10. Now, the question is.
Will DOS Malware run on this thing, and if so, will it cause damage? Just how far have
we come? Well, let's establish one thing. Your PC very
likely has a 64 bit installation of Windows 10, or your operating system of choice....
and Windows 10 for one, can't execute 16 bit code. It makes perfect sense, after all, why
include a sub-system, in a modern OS, to run programs from over 20 years ago!? Now, that doesn't mean your 64 Bit OS is immune
from malware and viruses from the DOS era completely, but it certainly helps. What I've done however, is install a 32 bit
instance of Windows 10 on this drive. You can tell that because, now, I can only address
4GB of the 8GB onboard RAM... and most of that is consumed by the onboard Vega graphics. This combination cripples this PC to such
an extent, that I can't even run Duke Nukem 3D properly. Well, unless I turn off the "true
3D rendering" option available on the 20th Anniversary World Tour. Then it runs fine...
but you'd expect that. It's a game designed to run on a 486. But, this setup, now allows us to execute
16-bit code. It's nice of Microsoft to leave a backwards compatibility route in there somewhere. OK, so next up. If you head on over to the
incredible site that is archive.org, you'll find their Malware Museum. This is a collection
of 80, or so, pieces of DOS Malware, uploaded by Mikko Hyppönen. He's also had the good
grace to remove the malicious component of all these programs. So, you can run them on
your computer, and absorb yourself in their visual delights, safe in the knowledge that
your data is secure. And that's really a big part of what the DOS
malware scene was about. Programmers flexing their muscles, showing off their skills, anddddd,
sometimes deleting your boot-sector, or last 5 years of business accounts in the process......
With responsibility, comes great cost. [Soviet anthem] You'll often find that a lot of DOS Malware
is by the same lone programmer, or coding group, with pseudonyms splashed about the
place. I mean, what's the point in pouring 100 hours of coding into something, if you
can't get the accolade, or indeed, utter resentment for it? Now Windows 10 is actually a descendant of
Windows NT, and to execute DOS programs, it needs to download something called the NTVDM,
or NT Virtual DOS Machine. Once done, it will wrap this around any 16 bit DOS code you try
to execute, and do its best. Of course, it's not very reliable, Microsoft don't pour active
development time into it. But it will run various DOS programs, along with the odd piece
of Malware. Usually the ones devoid of graphics or sound. So, we know that this ancient disinfected
malware can be executed on Windows 10. But to find out whether it can cause damage, we'll
need the actual full malware, in all it's glory. [Tense musical notes] That's where the VX Heaven Virus Collection
comes into play. Now, VX Heaven, otherwise known as Virus Xchange Heaven was, and sometimes,
still is, a site dedicated to providing information about computer viruses. It's not a malicious
entity, but that doesn't seem to stop it being raided by Ukrainian authorities and shut down
on a regular basis. But they just so happen to also have a huge archive of old DOS and
Windows Malware. These are really known as Zoo viruses, as they don't tend to be in active
circulation. But regardless, if I run a virus scan, TotalAV
still detects the vast majority of them. So that's both reassuring, and slightly unnerving. I guess, we should load some and see what
we get... Now, DOS isn't a multitasking operating system,
so most of these viruses are contained within malicious executables; either .exe or .com
files. As a user you might go to call a program, and not realise that it has been infected
with Malware. The Malware could then either do it's thing, become memory resident, infect
the boot sector or simply infect other files unbeknown to you. From that point on, you
could copy those infected programs to other people, or maybe pass a floppy disk with an
infected boot sector to someone else, and their system would in turn become infected.
Most Malware won't cause you bother straight away, as they need a period of calm, to copy
themselves about a bit, just like a real life virus. If the circumstances become right for
it's payload to be delivered, well you may be in for a world of pain. Whether or not
you get a fancy display, depends very much on the Malware. So for this test, I'll simply be copying grabbing
some malware files, renaming them to make them executable, opening a Command Prompt,
and running them. Most of these viruses are contained in GOAT executables, known as such
for their sacrificial qualities, as they really don't do anything other than act as a vessel
for virus code. Oh, I'll need to disable TotalAV AND Microsoft
Virus protection too, which insists on turning itself back on every few minutes. So here's Ambulance. Under DOS it's actually
pretty harmless. Upon executing it will infect .COM files in the same directory, and occasionally
display this lovely animation on screen. It's easy to detect if it's infecting other
executables, as .COM files in the same directory would slightly increase in size, given they
now also contain the malicious code. In Windows 10, well, that ambulance animation
doesn't work, but it does do something. It seems like it gets stuck in a loop. I had
to Break out of it. BUT, the evidence shows, its definitely attempting
to work, because if you take a look at the .COM files before and afterwards... well,
they've substantially increased in size. So it looks like the code was caught in a loop,
and continually appending itself to these other executables, until I stopped it. So, straight off the bat. We have our answer;
Yes, DOS Malware, can still work on your modern PC. Particularly if it's running a 32-Bit
version of Windows 10. Maybe not completely correctly in this instance, but it still does
something unfavourable. If I were to run those other, now bloated .COM Files, well. They're
simply too large to open. So it has actually made this virus, slightly more malicious than it originally was! Here's another one called CASINO. Now on payload
delivery, the code would delete the File Allocation Table on your drive, but not before copying
it to memory. The user would then be challenged to a game of cards. Draw 3 pound symbols (which
has a 17.2% chance), and the FAT is written back to disk. Get anything else, then your
system hangs, leaving you needing to reboot, to a machine, which of course, will no longer
boot. Now, fortunately, updates to the Windows File
System, and boot sectors, mean that malware like this won't be successful, even if it
does execute successfully. I mean there's no File Allocation Table to delete anymore. CASIO, would duplicate itself by infecting
the COMMAND.COM file found in your drive's root directory. But because Windows no longer
has that file, running the Malware now, just displays this message; Copyright S & S International
1990. If I were to change the system date to either
the 15th of January, April or August, which is when the payload delivers, then the code
DOES actually try to delete our FAT, but it fails, and Windows tells us about it. We also
do actually get the game of cards..... but the NTVDM doesn't appreciate some of the calls
its making and so can't acquiesce to that either. Ahhh well. I mean, it feels a bit wrong that
I'm actually willing viruses to work at this point. [Jazz music continues in background] OK, how about the HATE Virus. Well here's
a virus which should become memory resident and then infect any other files we run. However,
it does not seem to be able to negotiate the DOS memory space managed by Windows, and so
running other programs, such as these disinfected malware programs does nothing. If this were an actual DOS machine, then running
an infected file in May of any year, would chuck this all over the screen, and then wipe
your CMOS memory. Meaning you'd have to re-enter all your BIOS settings each time you rebooted.
A pain, but not the end of the world. OK, how about we switch up the process. How
about we try running some of these viruses in an actual DOS emulator such as DOSBox or
VDOS. That should provide these viruses with a more hospitable environment. It should also,
theoretically, provide a virtual machine; a safe, contained environment, from which
these viruses cannot escape. Theoretically. I mean, don't try doing this to YOUR PC. I
do not accept responsibility. Let's try the Virus known as LSD, and let's
go straight in with the real deal. This is a virus from April 1994, and as such on running,
provides us with a suitably trippy 90s mid-90s visual effect. It's pretty pleasing. But, as you're drawn into this magical world,
LSD is changing all the files in your root directory to copies of itself. A quick scuttle
over reveals that every file in the root is now 1,600 bytes in size, and if we run any
of them. Yup we get LSD. Interestingly, LSD also managed to infect
these larger Windows 32 files, although didn't manage to clear out their code completely,
as they're still significantly larger. But if you run one. Yup, it's LSD again. And what's important to remember here is that,
although this seems like it's contained in DOSBox. Remember, these are actual files,
on your actual hard drive. If you look at the mounted folder on Windows, you're going
to see a load of infected files. So you need to be careful, even using emulators, or virtual
machines like this. You're potentially setting up an environment that could destroy your
data. Also, apologies for the atrocious LCD filming here I didn't notice it until I started editing it together. But that is NASTY LGR would NOT be happy. MWAARRR [Music fades] Right, back to Windows 10. One last party
trick. How about we take all this malware and run them all, see if we can really upset
this computer. [Military inspired musical sounds] "In DOS... REN?" So here's all our virus files... First up, I'm going to use the flexibility
of the REN command to rename all this Malware, into executable COM files. Handily, due to
the naming conventions used. It also weeds out all the duplicates, and we're left with
6,745 pieces of Malware. Excellent. Now, I'm going to create a command in PowerShell
that will run through each of these files and execute them...... "We need to check all our viruses are there,
good stuff, yup there we go, and then run this which should execute them one after another"
"So, I'm about to execute 7,000 odd viruses on this computer. Wish me luck" *KEY SLAM* *ding ding* [Tense music] OK, PowerShell is struggling with this already.
So I'm going to open a bunch of viruses manually, just to add to the mayhem.... [Tense music pervades] [Appropriately gripping music continues] "There's definitely virus activity. Something's
kicking off, and it's just infecting all these other files." After not too long at all, it was evident,
that serious problems were setting in. All the .COM files had expanded by several times
there original size, presumably as they continued to become infected by the malware already
running. This was also causing issues for Windows PowerShell and it began to have troubles
opening anything at all. Not to mention there was now a new .COM file
called HUNDRED.COM sitting in the directory. But there was far worse going on outside of
that. "awww man, look at all this. I can't even
move my mouse without it doing some weird sh*t down here. I mean this is not good. I
mean, what is, what is going on down here" "Look at this! It's absolutely annihilated.
So there's your definitive answer. DOS viruses can indeed, give you a bad day!"
"What is this? ROMMAND.COM? Why is there a file called ROMMAND.COM on the desktop?"
"There's a COMMAND.COM as well" "Oh man, I mean, can I even try running TOTALAV.
Will it even open? Let's try enabling protection and see what happens"
"I think this computer might be officially screwed"
"This is not indicitave of a healthy hard drive. I can't even do a highlight box. It
just stays in the background.." "This is proper screwed up... ohhh maaannnnn" So, the upshot of this is that, yes, DOS era
Malware can in fact cause carnage to your Windows 10 operating system. Even now. So
you are BEST to avoid it. Seriously. Please don't do this. Ok, a this point, I'd like to thank TotalAV
AntiVirus. I needed some decent anti-virus software for this process, and they were on
hand not just to provide it, but to sponsor the whole damn video. TotalAV Antivirus is an award winning product
designed to protect PCs, Macs and Smartphones from all this nasty Malware, Spyware and other
viruses. Not only that, it's designed to encrypt your data, as well as including a free VPN
to protect you from phishing sites and anyone else tying to steal your data. It's seamless, so you can sleep safe knowing
your devices are totally protected. Visit totalav.com/nerd70 to get TotalAV for
70% off it's normal price. That's just $29.99 to protect all your devices. Although even with the incredible security
of TotalAV, just don't try anything I've done in this video. Thankfully this instance of Windows still
boots, most of the issues seem to be from Malware causing carnage in the system memory.
But there is no way I'm risking using this machine without wiping the drive and starting
again. After all, that's exactly what this PC is for. Good times. Thanks for watching and have a great evening!
