A few MS-DOS viruses on Windows 95
Вставка
- Опубліковано 4 сер 2023
- something a bit different this time. let me know what you like, what you don't like, and what might be cool to see going forward. anything I've covered in the past that you think would benefit from an updated video, or something I didn't cover quite right? just leave a comment.
- Наука та технологія
I love how Window's "You may have a virus" Pop-ups seem more suspicious than having Abraxas playing on start up.
lmao at first i thought that it was the part of the virus behavior
Especially with, "you computer".
Bad grammar? In _my_ Windows 95? Impossible. Lol
@@FoxerTails might be either a part of the (really undocumented) Michelangelo payload or a part of the Caw payload.
@@FoxerTails𝔱𝔥𝔢 𝔯 𝔦𝔰 𝔱𝔥𝔢𝔯𝔢
@@FoxerTails𝔱𝔥𝔦𝔰 𝔦𝔰 𝔬𝔫𝔩𝔶 𝔞𝔟𝔬𝔲𝔱 𝔱𝔥𝔢 𝔭𝔬𝔭 𝔲𝔭
I love how "you computer" ends up not only in a virus related video game, but a Windows help article inside Windows 95 itself.
You computer have virus 💀
@@nobodyatall9999lol
seeing dan panic during one of these videos is like seeing a scientist realize the alien he's studying has escaped the lab and is eating all of his colleagues
Now I can't stop imagining Dan as a Black Mesa scientist - but instead of aliens, they study viruses.
that’s caw!
The Caw virus is terrifying. It would be amazing to see an in-depth description of how it does this outside of being an executable virus.
Yeah, like a disassembly and analysis. But I think it's out of the scope of this channel.
CAW IS INEVITABLE
TOTAL CAW VICTORY
@@UltimatePerfectionEnderman would do something like that. He's broken up some viruses off the Internet and also showed how did some programs actually steal your data and such
It truly is terrifying how Caw managed to activate itself, somehow, someway. I've seen some people around saying "oh, but Caw could have been activated when the computer booted because this and that", but hold on, didn't Caw have a blank extension, meaning it would be just an useless file? It did, but it somehow managed to activate itself. Maybe next time, instead of changing the file extension to blank, switch it to something like .txt to prevent the machine from running it as if it were an .exe or .com file?
Hey Dan, it would be an amazing idea to do videos on those antivirus, forgotten software is always fun to look at!
Seconded
thirded
Fourthded.
fived. (fiveded? fivded??)
Sixted!
I think the video about antiviruses you mentioned would be a pretty interesting watch tbh. Maybe even test them against some common viruses
I agree, it's a new thing dan should do, maybe even turn it to a series where testing antiviruses on different viruses.
agreed
I see a Nep, I click, I like
yes and the archival of them :D
yessssssss
Just a possible explanation as to how CAW might've ran itself. Abraxas is known to infect one random executable file that is in the same directory where it's ran from. There could be a possibility that the executable file despite being renamed, was still detected by Abraxas, which indirectly might've caused the file to run. Alternatively, CRASH could've also done the same thing, as it scans and infects all command and exe files.
From what I've read and what your videos taught me; CAW intercepts the file-opening function (IFS API) to infect new files. There could be a possibility that CAW might've ran itself using the protocol and some funky vulnerability the system had. Also depending on the configuration of the operating system, merely selecting or previewing the file might've caused parts of it to be executed or backdoor itself into memory. There might've also been file operations during the boot sequence or just everyday Windows 95 runtime that could've also triggered it. There could also be another possibility that it was already in memory, since it does install itself as a VxD driver and it was auto-detected by IO.SYS, which loads after the MBR and was responsible for hardware detection and initialization.
I think you're right there. It definitely sounds like the most logical explanation for this occurance
@@greenknight9000 Honestly, I think the only way we would 100% know what happened is if we reverse-engineered the executable. Even then, it doesn't account for the variability, and there's still a possibility that there's no backdoor in the first place. Still, odd virus behaviour like this is fascinating and the reason why I stepped foot into the technological field
Nah, the virus is definitely self-conscious by this point 😂
@@choppergunner8650 GPTvirus lol
@@Fanaticalight Caw is as close to Skynet we're ever going to get until AI rebels itself against us 😂
A Danooct1 video wouldn't be complete without something going wrong. This one however is just a cacophony of excremet hitting the air circulation unit. I love it so much
I'd love to see how efficient the older anti-virus programs are. VSafe was garbage, so maybe the days of Win9x woke up the antivirus companies.
heuristic anti-virus started with Chen Ing-hau, author of the CIH / Spacefiller virus (the virus was meant as a demonstration of the antivirus' capabilities), so it should've been after the release of Win98
I think the latest version of Avast for Win9x and DOS was V7.70?
Wow, the designers of Caw must be very proud. Even when disabled, they made it work!
Dan dont worry about us, if you get burnt out, that's alright! you're a human being keeping us entertained by showing us how to destroy any PCs if they rebel against us
here's a comment because you got none
This video has such a powerful horror-film-plot vibe. You have the virus simulators in a virus pile (suggesting that offscreen there must be a virus on a virus simulator pile, waiting to be unleashed on the world) and a caw virus breaching containment in 0th second without anyone noticing, THE SECOND TIME, despite appropriate measures being in place.
Did Caw infect one of your other viruses at some point?
In any case, always a pleasure, dan! 😃
That's a very good explanation of what has happened.
VIRUS WARS! Who can trick others into (infect) running their code instead?
This was my first thought. It would definitely be interesting to repeat the experiment without ever copying the Caw virus and see if the same thing happens.
Friendly fire will not be tolerated!
The likely suspects:
- CAW infected a virus previously
- One of the other viruses INFECTED CAW, triggering CAW
- CAW itself can be triggered in non executable format (i.e exploits file handling in some nature to execute)
I love how this video ended up turning into a "When Viruses Fail Part 6".
It would be interesting to see viruses that "fight" each others. In the early days, there were some big virus writer turf wars like that, but Im not sure if samples are still around.
sometimes I've had to do a manual reboot / restart when Windows Update
your system may have symptoms, but most virus scanners don't find anything
the ssr dos virus sort of does this. it has a list of viruses that it knows and if one of them is ran on the computer, an alarm sound will play and a message will appear. dan did a video about this one - in his video, he ran the sunday variant of jerusalem which triggered the alarm payload
Making viruses was a piece of cake back then because MS-DOS and Windows 9x had next to no security mechanisms
Oh definitely. Even Windows Me had significant security issues even without real-mode DOS easily available (there are patches for Windows Me that enable real-mode DOS again.)
Windows Me even without easily accessible real-mode DOS is still extremely insecure compared to Windows 2000.
Also, I'm surprised that none of the things tested in this video caused a string of BSoDs like what happened when Danooct1 tested a piece of DOS badware on Windows 98. I shudder to imagine what Windows Me would have done.
IIS had almost no security in the 90s either. I use to plaster my name on every server that ran IIS back then such as HBO and Disney
It is still a piece of cake. Im a amateur hobby programmer and sometimes you see how simple it would be to destroy a system or delete files. Of course its even the same on Linux
@cinquecento1985 some Linux badware is able to run commands, and in the worst case, that command could be one of the multiple ways to wipe a drive, or all writable drives if rm's recursion is capable of it before the system completely bricks. It could even erase the (U)EFI partition on certain machines, which to fix would possibly require sending the machine to the manufacturer to get reflashed with the right (U)EFI partition for the machine, and then you'd need to reinstall Linux. One security flaw in Linux years ago that allowed commands to run was a flaw in gstreamer's NES NSF music playback code, whose implementation of the 6502 derivative in the NES wasn't sandboxed properly. Note that the NSF format isn't a register log like .VGM files are, but instead containers for the raw music code. The format DOES have limitations on what registers you can read from and write to, but gstreamer evidently implemented the limits wrong, and wrong enough to allow writing to memory in a way that even breaks out of the simulated 6502 and writes to areas of memory used by Linux, and what it writes launches a terminal that runs a command. Of course, it's important to note that Linux badware isn't usually usable on ALL Linux environments. You have to factor in desktop environments, the flavor of Linux, kernel versions, LTS status, how packages for the distribution are installed, the processor architecture, whether the system is 32 or 64bit, if x86, whether the 64bit is Itanium or AMD64, if using Debian, whether the Debian used is Hurd or not, etc. Linux and etc come in so many different varieties that it means one security flaw may not work across all machines.
@@stgigamovement wasn’t there a huge security flaw found with Linux that lasted from creation until about a decade ago where if you pressed backspace 28 times it would log you in to any user?
Edit: nvm looks like it was grub not linux itself
That seems like a cool idea, having viruses try to out-virus each other to see who breaks first.
It would be like the Hunger Games of malware!
1990s anti-virus videos sound cool! Glad to see you back Dan!
very happy to still see you making content :) growing up with you in my tweens and younger teens is the reason i’m a cybersecurity major today. thank you for igniting a flame i didn’t even know i had in me, thank you for year after year being one of the best creators on this platform. 💗
I would like a “solving old viruses” series, like removing them and/or restoring the damage safely once you got infected
The graphical artifacts you are seeing on 11:06 are caused by the computer printing something assuming that we are in text mode, while the graphics adapter is in graphics mode. It is not specific to any particular virus. I think all time when you are assuming that it‘s the Caw virus doing things, it’s just a generic consequence of an executable file being corrupted. Earlier, you ran the Casino virus which attempted to corrupt your filesystem. while Windows caught _some_ of that action and prevented it, it’s possible it didn‘t prevent all of it.
That's actually possible. It also possible, that Casino virus attempted to corrupt Caw and it actually activates the Caw payload by attempting to overwrite it.
Not likely, because any application writing data to an executable file would run it then (see: Microsoft Visual C++)
Indeed, I find the idea that an executable activates automatically under any circumstances, except the user explicitly doing it (or it already existing as e.g. a scheduled work), dubious.
To be fair, we didn't see that behavior until after a couple reboots, and Tentacle entered an even less usable state. Given that CAW breaks some files and will cause artifacting like that, it's reasonable to assume that CAW had something to do with the outcome of this video.
A 90s antivirus collection would be really cool! Glad to see you back, Dan. It would also be a neat idea to slowly move into Windows XP era malware since you did a few before, but slowly expanding the different types of malware you cover (while still keeping it relatively old) would be grand.
I didn't even notice 20 minutes was up. Thank you Dan, for making a comeback.
Thanks for another video, I'm always excited when you upload. Also, thanks for doing the subtitles
Caw couldve also infected some of his other viruses before?
@@realBallerman93 Maybe, but I kind of discounted that idea since it would be relatively easy to test for in a sample and I would guess that would be one of the things Dan would have checked when there was CAW-like shenanigans going on... but not being Dan, I can only guess which is where the stranger idea came from. Plus no doubt others have already come up with that idea too... although were I debugging it myself I'd check to see if the sample got into the VX collection and also verify that I hadn't had my installation media compromised (easier if floppy disk, not so easy a CD-ROM).
I guess it depends if the sample numbered with it's bytesize is compressed at all (secured) or just a renamed executable (it seems to be the latter... so... Not sure we'll ever have an answer for it though :p
I really like this type of videos, they remind me of the videos of way back in the day where viruses were fighting each other. Also, it’s interesting how this video showed how weird the Windows 9x series of OSes were, trying to balance out a modern 32 bit OS and the good old 16 bit DOS
Always blessed to see a new video come up
I love your subtitle additions such as your emotions etc. they really add a lot to your video! Love your content
Omg just in time for latest binge! I was just watching other danooct1 videos!
Same! lol
*Dan:* _"I'm winging this video."_
*(CAW-related shenanigans ensue)*
Great video! Honestly I'm following very little series on YT, but I would follow series like this one. I love the idea of video recorded without any specific plan, just showing a few viruses on a real system. I think it's fun to watch and it's great not to know what will happen. Keep it on whenever you want!
The antivirus idea you proposed sounds interesting, I'd totally watch that.
Could it be that one of the other viruses you ran was infected with Caw? Great video. A video on those antiviruses would be interesting.
I think caw abuses an exploit in something like an indexing program which goes through the contents of the files, executing caw in the process (maybe an ACE?). Somewhat similar as to how windows defender once unpacked zipbombs while scanning them, just with code and not 'data'. (please do correct me if I'm wrong though, this is just the first thing that came to mind)
The moment you realised Caw owned the computer once again was priceless. Definitely one of your other samples was infected with it x)
10/10 video, pls moar
The Return of The King. Your voice mixed with the whirr of the fans and crackle-hum of the CRT just is so so so relaxing.
Dan, thank you for always adding subtitles to your videos, it makes my life so much easier as a non-native english speaker!
Danoct I been with you for years and you're still putting out great content. God bless you and your virus videos.
*long* time viewer here, I'd love to see old antiviruses up against old (and new) viruses! It sounds like a really cool way of showing just how staggeringly far the technology has come
A part of my soul lights up whenever Dan's computer goes off-script and Dan starts _screaming internally_ as he tries to salvage the project. It gives the videos that "old jank" charm. Like, "naw, if you think PCs are hard to use _today,_ you should have been around in the '90s, when they were just _actual chaos-machines"_ feel.
For real, though, it's OK to need to take a break. You're a human first and a content-creator distant second. The subscription list is big enough to hold you until you get back!
return of the goat
As someone with awful hearing, thanks for the detailed and accurate subtitles!
Hi Dan, great video as always, thank you! As for CAW: I think that some of your other viruses are probably infected by CAW. Maybe when you was testing CAW for the first time you had the same floppy disk inserted (the one labeled "DOS VIRUSES") and it infected those bins too? Dunno, but I don't think that it is able to auto-execute itself (such exploit is possible, but it would be surely documented somewhere). Anyway the best way to check this is to have a look at these viruses in a hex editor and look for CAW patterns (or you can always disam them and look near their entrypoint).
Thought the same. worth checking johnycastaway as it was the first one that caused the system to freeze
*Dan running the Johnny Castaway screensaver and shows up the Kaw virus*
Dan: *starts to have a breakdown*
I love how chaotic this video was
Love the randomness to this video, very entertaining to watch! Looking forward to more of this.
caw was like a dormant volcano that decided to erupt out of the blue and it was kind of hilarious
Thanks for the video Dan! Always a great day to see an upload from your channel
Yes please make more of these videos, i very much enjoyed your casual exploration of these viruses. I would also love to see old antivirus stuff, that sounds really cool
YUS! i always love watching these and looking forward to some form of regular scheduling~
I'm so happy you still post! Don't worry about needing time off sometimes :)
Idea for videos: dust off those old AVs and see how they fare against popular viruses, or viruses that came out after their time
always glad to see dan upload
More DOS Viruses? You’re cool man! Appreciate to you on Saturday. ❤
I love these "random crap" videos! Some of my favorite content of yours were those videos where you ran like 300+ variants of bagel and some zero access and then tried to fix it
Good to see you uploading Dan!
loved this. just messin around with viruses and getting surprised. the antivirus idea also sounds very cool, they're usually interesting
great video , ive been watching you for years man and ive loved most of your content, and i do appreciate the captions aswell lol. the caw virus is fucking crazy god damn
this was fun! i’d watch anything you post tbh
make stuff at your own pace, man. don't stress yourself. we'll always be here to watch
Old antivirus testing sounds interesting. Also, I love the Windows 95 startup sound.
A video where you test those old antiviruses you mentioned would be great to see!
Then again, all Dan content is great to see.
It would be interesting for a virus to run, patch out and inform you of the virus it just killed and then drop it's own payload. Maybe even tell you about it like casino lol.
as always thanks for the upload brightening up my and everyone's day
Bro great video... been a follower and fan for seems like 10 years. great video keep it up
Your reaction to CAH was a gift and made my day. :D
I always want to see more! Digging the more frequently uploads!
I am glad you are making new videos! Been watching your vids since i was in middle school!
Would absolutely love to see more. As long as you're able and have fun doing it!
The "Hello everyone, today" introduction is classic.
This is the good stuff! Would definitely be cool to see more videos like this one ^^
Another absolute banger video Dan thanks mate
True true.
..
Been watching your vids since like, 2008. Glad to see you're still doing videos haha
I really appreciate you making these videos and keeping alive these important parts of computing history. Plus, it's really nostalgic for me especially because it takes me straight back to the computer science program I was in at my high school in the early 90s. It was an early pilot International Baccalaureate program in computer science and part of it was learning about a number of different viruses, investigating, and of all things, improving upon them. Good times.
missed your videos, welcome back!
I'll find it on your page, but a link to the original Caw video might be a good thing to add to the video description. Just an idea! Glad to see you still around doing stuff like this. Also, would love to see those programs you were trying to run before Caw did its thing.
I'd love to see something along the lines of "Virus vs. Antivirus", and I'd definitely love to see some of those rare antivirus programs you mentioned put up on the Internet Archive.
Wow, I rediscovered your channel yesterday and you just now uploaded. I love watching your videos, they wouldn't even necessarily have to be virus related.
babe wake up, new danooct1 video dropped
I'm excited to see a new schedule, and I hope for your sake that it's a maintainable one. Your viewers are about as patient as it gets (for the most part), so make sure you're doing alright. Though you don't need me to tell you that :P
If you're looking for things to cover, I remember you mentioning stuff like the VIRUS TERMINATOR and when you were thinking about livestreaming during... Magold I think? It would be cool if you have a bunch of old antivirus software to review them and examine how effective they are. It's always fascinating to see msav during occasional DOS videos actually catch something, and given the nature of older viruses, it would be interesting to be able to compare effectiveness, resource usage, all that jazz, to see (in hindsight) what was best at its job
EDIT: Seeing Caw corrupt other virus samples was absolutely unexpected and had me glued to my seat. It ruined everything in one of the most fascinating ways possible. Caw escaping its own cursed video into this one...
EDIT 2: "The only way to stop the Caw virus is to nuke this computer from orbit." This might be my favorite video of yours. Can't wait to see Caw become your damn nemesis at this rate. Does it have a floppy infection routine?
Been watching you since 2009 or 2010 from my other channel, and it's great to see you still doing these malware videos, Dan :)
Really liked this one and your previous Christmas special video. I guess these compilations with random malware thrown into video are great to watch. :)
Ohh... And I wanna see the MyPics Worm more in depth, showing the emails it sends, the edits done to autoexec , the CMOS clearup, and it all performed on actual PC. Gotta find which other malware I would want to see covered again from older days, but in better quality, and all that.
Also the reviews of old antivirus programs that you have in your collection - sounds good, would be great to see those in action too.
Yep, I leave this comment for the first time here from this account, but I definitely watched you since the beginning from my previous channel that functioned since 2012 till summer 2023. So I even remember how you decided to start making those remake videos since the end of 2011 and have narration and proper picture without camera getting all over the place. ;)
Have a good day!
i was pleasantly surprised by the cc on this video, they're super detailed so thank you to whoever did them :)
This was definitely cool. Would be happy to see more varied videos for sure.
What an incredible and interesting video, makes my heart happy always
Abraxas: giving you a MS-DOS shortcut to itself since 1992.
Ayyy, glad to see you back. I hope you're doing well.
slow and steady variety content sounds great!
This was so great, can’t get over “you computer” lol. also don’t fret over how much you upload. I mean I LOVE your videos but I don’t want you getting burnt out in the process!
I would certainly enjoy your longer videos. Please keep it up.
Seek Test fans eating good tonight
(Also, once again the Subtitles are a delight to have enabled. Thank you Dan for going through the work in adding them yourself and sprinkling small gags in them rather than just using an inaccurate bot of some kind!)
the scale that abraxis sounds is a harmonic series. it starts with some pitch, and the next note is the next multiple of that pitch (e.g. 100Hz, 200Hz, 300Hz, 400Hz)
Anti-virus software look ats, the usual virus look ats, but combing several viruses to run at once like in this video was a joy to watch. Specially since caw activated like that without it being told.
I do suspect that when you ran the castaway program it might have tried ot run caw for some reason due to that other strange and odd error it gave once.
Random note but thank you for the captions :) its a super helpful detail
I would love to see you demonstrate anti-virus software. Since you have a ton of viruses, push in as many as you can and see how many the anti virus can see. You could even show off some viruses' ability to be stealthy, especially against cheap and gimmicky anti-virus software.
I find this video fascinating. Thank you, and I think the video on old forgotten software such as early antiviruses would be great! If I could suggest something - how about viruses which initiate their payloads simultaneously - if there is not a lot of such viruses maybe existing ones can be modified? Unless you've already made something similar.
Honestly I just like hearing your voice. So, any video that features you talking like usual would be great.
Thanks for uploading as always, would love to see the anti-virus video
Lmao loved the whole video, the ending was great
I don't know about ancient antiviruses tbh, but THIS video i enjoyed very much. Nice to see you back
God I missed your voice dude
The ancient AV video sounds like a really cool idea!
It's a miracle to see human made caption ❤, keep up the good work!
1990s anti-virus videos sound cool! Glad to see you back Dan!. 1990s anti-virus videos sound cool! Glad to see you back Dan!.