"Heh, there's your definitive answer. DOS Viruses, can indeed, give you a bad day"
[Intro music reminiscent of an 80s action film plays]
Recently I bought a new PC. It's a PC with one purpose; testing. Whether that's testing
different operating systems, different hardware accessories, different hard drives, or even
transferring 10k DOS viruses onto it, just to see what happens.
Yup, this little baby is going to go through the wars, which is fine. At £370, including
the monitor, keyboard and this rather sensual vertical mouse, it's money well spent.
I'm actually pretty astonished for what you can get for that much money. This baby has
a Ryzen 5 3400G with Vega 11 graphics, 8GB of RAM, a Maxtor 240GB SSD and this rather
fetching case, including flappy Drive opening... all it needs is a suitable operating system
and we're ready to go.
"Windows 10 for £7, that'll do!"
Ahhh Windows. Things are so easy these days. No conflicting hardware, no device drivers
to install, no corrupt floppy disks. In it's own way, it's kinda nice. Although, you and
I both miss the problem solving days of old. That's where the fun was.
So here's Windows 10. Now, the question is. Will DOS Malware run on this thing, and if
so, will it cause damage? Just how far have we come?
Well, let's establish one thing. Your PC very likely has a 64 bit installation of Windows
10, or your operating system of choice.... and Windows 10 for one, can't execute 16 bit
code. It makes perfect sense, after all, why include a sub-system, in a modern OS, to run
programs from over 20 years ago!?
Now, that doesn't mean your 64 Bit OS is immune from malware and viruses from the DOS era
completely, but it certainly helps.
What I've done however, is install a 32 bit instance of Windows 10 on this drive. You
can tell that because, now, I can only address 4GB of the 8GB onboard RAM... and most of
that is consumed by the onboard Vega graphics.
This combination cripples this PC to such an extent, that I can't even run Duke Nukem
3D properly. Well, unless I turn off the "true 3D rendering" option available on the 20th
Anniversary World Tour. Then it runs fine... but you'd expect that. It's a game designed
to run on a 486.
But, this setup, now allows us to execute 16-bit code. It's nice of Microsoft to leave
a backwards compatibility route in there somewhere.
OK, so next up. If you head on over to the incredible site that is archive.org, you'll
find their Malware Museum. This is a collection of 80, or so, pieces of DOS Malware, uploaded
by Mikko Hyppönen. He's also had the good grace to remove the malicious component of
all these programs. So, you can run them on your computer, and absorb yourself in their
visual delights, safe in the knowledge that your data is secure.
And that's really a big part of what the DOS malware scene was about. Programmers flexing
their muscles, showing off their skills, anddddd, sometimes deleting your boot-sector, or last
5 years of business accounts in the process...... With responsibility, comes great cost.
You'll often find that a lot of DOS Malware is by the same lone programmer, or coding
group, with pseudonyms splashed about the place. I mean, what's the point in pouring
100 hours of coding into something, if you can't get the accolade, or indeed, utter resentment
Now Windows 10 is actually a descendant of Windows NT, and to execute DOS programs, it
needs to download something called the NTVDM, or NT Virtual DOS Machine. Once done, it will
wrap this around any 16 bit DOS code you try to execute, and do its best.
Of course, it's not very reliable, Microsoft don't pour active development time into it. But it will run
various DOS programs, along with the odd piece of Malware. Usually the ones devoid of graphics
So, we know that this ancient disinfected malware can be executed on Windows 10. But
to find out whether it can cause damage, we'll need the actual full malware, in all it's
[Tense musical notes]
That's where the VX Heaven Virus Collection comes into play. Now, VX Heaven, otherwise
known as Virus Xchange Heaven was, and sometimes, still is, a site dedicated to providing information
about computer viruses. It's not a malicious entity, but that doesn't seem to stop it being
raided by Ukrainian authorities and shut down on a regular basis. But they just so happen
to also have a huge archive of old DOS and Windows Malware. These are really known as
Zoo viruses, as they don't tend to be in active circulation.
But regardless, if I run a virus scan, TotalAV still detects the vast majority of them. So
that's both reassuring, and slightly unnerving.
I guess, we should load some and see what we get...
Now, DOS isn't a multitasking operating system, so most of these viruses are contained within
malicious executables; either .exe or .com files. As a user you might go to call a program,
and not realise that it has been infected with Malware. The Malware could then either
do it's thing, become memory resident, infect the boot sector or simply infect other files
unbeknown to you. From that point on, you could copy those infected programs to other
people, or maybe pass a floppy disk with an infected boot sector to someone else, and
their system would in turn become infected. Most Malware won't cause you bother straight
away, as they need a period of calm, to copy themselves about a bit, just like a real life
virus. If the circumstances become right for it's payload to be delivered, well you may
be in for a world of pain. Whether or not you get a fancy display, depends very much
on the Malware.
So for this test, I'll simply be copying grabbing some malware files, renaming them to make
them executable, opening a Command Prompt, and running them. Most of these viruses are
contained in GOAT executables, known as such for their sacrificial qualities, as they really
don't do anything other than act as a vessel for virus code.
Oh, I'll need to disable TotalAV AND Microsoft Virus protection too, which insists on turning
itself back on every few minutes.
So here's Ambulance. Under DOS it's actually pretty harmless. Upon executing it will infect
.COM files in the same directory, and occasionally display this lovely animation on screen.
It's easy to detect if it's infecting other executables, as .COM files in the same directory
would slightly increase in size, given they now also contain the malicious code.
In Windows 10, well, that ambulance animation doesn't work, but it does do something. It
seems like it gets stuck in a loop. I had to Break out of it.
BUT, the evidence shows, its definitely attempting to work, because if you take a look at the
.COM files before and afterwards... well, they've substantially increased in size. So
it looks like the code was caught in a loop, and continually appending itself to these
other executables, until I stopped it.
So, straight off the bat. We have our answer; Yes, DOS Malware, can still work on your modern
PC. Particularly if it's running a 32-Bit version of Windows 10. Maybe not completely
correctly in this instance, but it still does something unfavourable. If I were to run those
other, now bloated .COM Files, well. They're simply too large to open.
So it has actually made this virus, slightly more malicious than it originally was!
Here's another one called CASINO. Now on payload delivery, the code would delete the File Allocation
Table on your drive, but not before copying it to memory. The user would then be challenged
to a game of cards. Draw 3 pound symbols (which has a 17.2% chance), and the FAT is written
back to disk. Get anything else, then your system hangs, leaving you needing to reboot,
to a machine, which of course, will no longer boot.
Now, fortunately, updates to the Windows File System, and boot sectors, mean that malware
like this won't be successful, even if it does execute successfully. I mean there's no File Allocation Table to delete anymore.
CASIO, would duplicate itself by infecting the COMMAND.COM file found in your drive's
root directory. But because Windows no longer has that file, running the Malware now, just
displays this message; Copyright S & S International 1990.
If I were to change the system date to either the 15th of January, April or August, which
is when the payload delivers, then the code DOES actually try to delete our FAT, but it
fails, and Windows tells us about it. We also do actually get the game of cards..... but
the NTVDM doesn't appreciate some of the calls its making and so can't acquiesce to that
Ahhh well. I mean, it feels a bit wrong that I'm actually willing viruses to work at this
[Jazz music continues in background]
OK, how about the HATE Virus. Well here's a virus which should become memory resident
and then infect any other files we run. However, it does not seem to be able to negotiate the
DOS memory space managed by Windows, and so running other programs, such as these disinfected
malware programs does nothing.
If this were an actual DOS machine, then running an infected file in May of any year, would
chuck this all over the screen, and then wipe your CMOS memory. Meaning you'd have to re-enter
all your BIOS settings each time you rebooted. A pain, but not the end of the world.
OK, how about we switch up the process. How about we try running some of these viruses
in an actual DOS emulator such as DOSBox or VDOS. That should provide these viruses with
a more hospitable environment. It should also, theoretically, provide a virtual machine;
a safe, contained environment, from which these viruses cannot escape. Theoretically.
I mean, don't try doing this to YOUR PC. I do not accept responsibility.
Let's try the Virus known as LSD, and let's go straight in with the real deal. This is
a virus from April 1994, and as such on running, provides us with a suitably trippy 90s mid-90s
visual effect. It's pretty pleasing.
But, as you're drawn into this magical world, LSD is changing all the files in your root
directory to copies of itself. A quick scuttle over reveals that every file in the root is
now 1,600 bytes in size, and if we run any of them. Yup we get LSD.
Interestingly, LSD also managed to infect these larger Windows 32 files, although didn't
manage to clear out their code completely, as they're still significantly larger. But
if you run one. Yup, it's LSD again.
And what's important to remember here is that, although this seems like it's contained in
DOSBox. Remember, these are actual files, on your actual hard drive. If you look at
the mounted folder on Windows, you're going to see a load of infected files. So you need
to be careful, even using emulators, or virtual machines like this. You're potentially setting
up an environment that could destroy your data.
Also, apologies for the atrocious LCD filming here
I didn't notice it until I started editing it together.
But that is NASTY
LGR would NOT be happy.
Right, back to Windows 10. One last party trick. How about we take all this malware
and run them all, see if we can really upset this computer.
[Military inspired musical sounds]
"In DOS... REN?"
So here's all our virus files...
First up, I'm going to use the flexibility of the REN command to rename all this Malware,
into executable COM files. Handily, due to the naming conventions used. It also weeds
out all the duplicates, and we're left with 6,745 pieces of Malware. Excellent.
Now, I'm going to create a command in PowerShell that will run through each of these files
and execute them......
"We need to check all our viruses are there, good stuff, yup there we go, and then run
this which should execute them one after another" "So, I'm about to execute 7,000 odd viruses
on this computer. Wish me luck"
OK, PowerShell is struggling with this already. So I'm going to open a bunch of viruses manually,
just to add to the mayhem....
[Tense music pervades]
[Appropriately gripping music continues]
"There's definitely virus activity. Something's kicking off, and it's just infecting all these
After not too long at all, it was evident, that serious problems were setting in. All
the .COM files had expanded by several times there original size, presumably as they continued
to become infected by the malware already running. This was also causing issues for
Windows PowerShell and it began to have troubles opening anything at all.
Not to mention there was now a new .COM file called HUNDRED.COM sitting in the directory.
But there was far worse going on outside of that.
"awww man, look at all this. I can't even move my mouse without it doing some weird
sh*t down here. I mean this is not good. I mean, what is, what is going on down here"
"Look at this! It's absolutely annihilated. So there's your definitive answer. DOS viruses
can indeed, give you a bad day!" "What is this? ROMMAND.COM? Why is there a
file called ROMMAND.COM on the desktop?" "There's a COMMAND.COM as well"
"Oh man, I mean, can I even try running TOTALAV. Will it even open? Let's try enabling protection
and see what happens" "I think this computer might be officially
screwed" "This is not indicitave of a healthy hard
drive. I can't even do a highlight box. It just stays in the background.."
"This is proper screwed up... ohhh maaannnnn"
So, the upshot of this is that, yes, DOS era Malware can in fact cause carnage to your
Windows 10 operating system. Even now. So you are BEST to avoid it.
Seriously. Please don't do this.
Ok, a this point, I'd like to thank TotalAV AntiVirus. I needed some decent anti-virus
software for this process, and they were on hand not just to provide it, but to sponsor
the whole damn video.
TotalAV Antivirus is an award winning product designed to protect PCs, Macs and Smartphones
from all this nasty Malware, Spyware and other viruses. Not only that, it's designed to encrypt
your data, as well as including a free VPN to protect you from phishing sites and anyone
else tying to steal your data.
It's seamless, so you can sleep safe knowing your devices are totally protected.
Visit totalav.com/nerd70 to get TotalAV for 70% off it's normal price. That's just $29.99
to protect all your devices.
Although even with the incredible security of TotalAV, just don't try anything I've done
in this video.
Thankfully this instance of Windows still boots, most of the issues seem to be from
Malware causing carnage in the system memory. But there is no way I'm risking using this
machine without wiping the drive and starting again. After all, that's exactly what this
PC is for.
Thanks for watching and have a great evening!