
A dive into the world of MS-DOS viruses - fcambus
https://blog.benjojo.co.uk/post/dive-into-the-world-of-dos-viruses
======
alyandon
Ah yes, I have fond memories of writing TSR pranks that hooked common DOS
interrupts (not technically viruses since they didn't infect/replicate) that
did things like:

1) buffer 1 keystroke in memory (so typing diw<backspace>r would leave "di" on
screen - then they'd type "r" and get an "r" and then hit enter and get
another "r", then they'd hit backspace to correct the "dirr" and the command
would execute, etc)

2) hooked the printer interrupt to introduce typos in printouts

3) randomly swap letters on the screen periodically

Fun times. It's probably for the best that I grew up in the era that I did
since pulling pranks like these has a high risk of getting slapped with felony
charges in this day and age.

~~~
heyjudy
Randomly transpose keys }:>

Random error messages

Reboot randomly

Create unusual files

And yet the antivirus can't find anything. :)

BBS lists, Turbo Debugger and that giant purple & white Microsoft Press book
with most of the Int 21h calls. Undocumented DOS, Undoc PC and Abrash's books
were also helpful. Later, there were good free resources.

Yeah, DOS viruses were bad: booting off an infected floppy, infected HD or
running untrusted code was all it took. In Windows, it was worse because
autorun would run untrusted code automatically without warning.

There were some darn useful TSR's like Super PC-kwik Power Pak, QEMM and
Desqview. Stacker and Doublespace/DriveSpace were kinda slow but did (mostly)
work. Stacker had an accelerator card IIRC. And a commercial white bag/gray
box mod for Welltris, Mouse Commander, added mouse support to Welltris for DOS
by doing some mouse driver to keyboard translation in a TSR that was loaded
and unload in a wrapper .BAT file. Many trainers, no-cd/runtime cracks and
cheats also used TSR tricks to run.

~~~
mickeyp
Qemm was essential. Not only did it hook CTRL+ALT+DEL to skip the POST BIOS
check, making reboots faster, but it made it possible to shunt stuff out of
convential memory into extended memory, making it possible to run games whilst
having various drivers and so forth loaded.

Qemm was the single best thing that ever happened to DOS-using me. The second
best was Windows 95.

------
kazinator
Guilty. In 1988 or so I made a virus that attached to .com files, which would
spread it to others when executed. It was never released into the open. On
each infection, it incremented a generation counter. Upon reaching a certain
value, the payload would trigger, causing a message to be printed.

What the heck was I using? MASM? TASM? I cannot remember.

IIRC, looking for other .com files was just using DOS's FindFirst and FindNext
functions at int 21h. (I'm now naming them in terms of their Win32
counterparts.)

I think I didn't have a sanity check against duplicate infection in the early
versions and added that during testing. 17 year old's programmer's "doh"
moment.

I remember that I ran the experiments in a subdirectory called "petridir". :)

------
LaserDiscMan
I always thought the Casino DOS virus was pretty inventive. If an infected
file is run on the payload date, it moves the FAT to RAM and warns the user
not to shut down their computer. The user plays a game with IIRC a 1/17 chance
of winning. If they win, the FAT is restored, else it's gone.

I think it's an interesting way of holding the PC hostage.

A video of the virus in action:
[https://www.youtube.com/watch?v=wdZJHvBRRqg](https://www.youtube.com/watch?v=wdZJHvBRRqg),
that channel has loads of videos documenting DOS/Win9X viruses. Some are very
creative.

~~~
mistaken
Actually it doesn't restore FAT even if you win :) Check out:
[https://imgur.com/a/jru1vRn](https://imgur.com/a/jru1vRn)

------
anonymouzz
Any chance someone could upload the VX Heavens dataset of viruses to the
Internet Archive?

[https://archive.org/details/malwaremuseum](https://archive.org/details/malwaremuseum)

~~~
EvanAnderson
They're there already:
[https://archive.org/search.php?query=subject%3A%22vx+heaven%...](https://archive.org/search.php?query=subject%3A%22vx+heaven%22)

------
EvanAnderson
Discussion about the 35C3 talk from a few days ago:
[https://news.ycombinator.com/item?id=18790889](https://news.ycombinator.com/item?id=18790889)

------
gordaco
From the perspective of the user, MS-DOS was a lousy OS. However, as a
tinkerer, it was super fun. To this day, my best programming memories are
about using Turbo Assembler and the information from Interrup.lst to do weird
things with the graphics card's text mode (unusual resolutions, borders, 18
bit color palettes, smooth scrolling...).

EDIT: typo.

------
dzhiurgis
Wondering whats the latest activation date found in entire archive. He
mentioned he sampled all dates up to 2005.

------
unixhero
Some WERE malicious. Such as the virus "FORM", which corrupted the partition
somehow.

