Forum Rules - Formats - Spotlights  -  Home - Library - New Additions

DOS Viruses

DeepFriedCookiesDeepFriedCookies
edited July 2013 in Software
http://www.youtube.com/watch?v=YDKoIAtuUHo

I'm finding myself watching this channel quite often now, lol. It brings a question, to me though. How did viruses really get distributed in those days, and, even more, did anyone here ever get one?

Comments

  • BlueSunBlueSun
    They were distributed by floppy disks mostly. I didn't get any DOS viruses, but I did have a boot sector virus which basically didn't really do anything.
  • KirkKirk
    BlueSun wrote:
    They were distributed by floppy disks mostly. I didn't get any DOS viruses, but I did have a boot sector virus which basically didn't really do anything.
    Yeah, I had a few floppies with the FORM A virus. Basically my DOS\Windows 3.1 virus protection always caught it and the computer would tell me it was infected with FORM A.
  • BlueSunBlueSun
    I remember trying several different anti-viruses but none of them seemed to catch it on the machine itself. I had Empire.Monkey.b, and whenever it infected a floppy disk, I'd stick it into a newer machine and the AV would kill it, so I just lived with it until that hard drive crashed.

    Yay for being young and stupid.
  • nikkigreg1974nikkigreg1974
    I never gotten a dos virus. But my dos computer never went online either. They was no need for it to go online since you can't browse the internet with dos. I don't think there any dos antivirus programs left out there you can download if you made a dos computer.
  • noonenoone
    I remember as a kid, someone in our family went out and bought some clipart program. When it was installed, it came bundled with some win16 virus that basically trashed the entire drive a full week later and left a nice fake bluescreen. I still have that disc in storage somewhere, might try it again and see what happens.
  • DeepFriedCookiesDeepFriedCookies
    Did anyone ever get AIDS?

    Lololol seriously. It's notorious for not working correctly, but after it shows it's little message, it's supposed to wipe the MBR. It's pretty scary, in a way. I shows how little security DOS had (none at all, actually), and how much access DOS programs had to your files. I'm fairly certain that it'd be impossible to make a virus like that today.
  • noonenoone
    DeepFriedCookies wrote:
    Did anyone ever get AIDS?

    Lololol seriously. It's notorious for not working correctly, but after it shows it's little message, it's supposed to wipe the MBR. It's pretty scary, in a way. I shows how little security DOS had (none at all, actually), and how much access DOS programs had to your files. I'm fairly certain that it'd be impossible to make a virus like that today.
    Impossible? Definitely possible.
    say.gif

    There exists malware that actually does that to windows machines still. I've seen one during a service call (almost like the one above) that hosed a partition table with a ransom message. Luckily, it saves the old data at the end of the drive and all you have to do is a couple dd commands in a linux live cd to that drive with minor data loss (that is, if the drive was full).
    Some info:
    https://www.securelist.com/en/blog/2081 ... Ransomware
    [url]https://www.pcworld.com/article/253650/ransomware_prevents_windows_from_starting_by_replacing_the_master_boot_record.html[/url] wrote:
    Ransomware Prevents Windows From Starting by Replacing the Master Boot Record
    A new ransomware variant prevents infected computers from loading Windows by replacing their master boot record (MBR) and displays a message asking users for money, according to security researchers from Trend Micro.

    "Based on our analysis, this malware copies the original MBR and overwrites it with its own malicious code," said Cris Pantanilla, a threat response engineer at Trend Micro, in a blog post on Thursday. "Right after performing this routine, it automatically restarts the system for the infection take effect."

    The MBR is a piece of code that resides in the first sectors of the hard drive and starts the boot loader. The boot loader then loads the OS.

    Instead of starting the Windows boot loader, the rogue MBR installed by the new ransomware displays a message that asks users to deposit a sum of money into a particular account via an online payment service called QIWI, in order to receive an unlock code for their computers.

    "This code will supposedly resume operating system to load and remove the infection," Pantanilla said. "When the unlock code is used, the MBR routine is removed."

    As the name implies, ransomware applications hold something belonging to the victim in ransom until they pay a sum of money. This type of malware is considered the next step in the evolution of scareware, malicious programs that scare users into paying money.

    The majority of ransomware applications disable important system functionality or encrypt documents and pictures, but this is the first ransomware program that Trend Micro researchers have seen replacing the MBR to prevent the system from starting.

    This represents a serious escalation in ransomware techniques. While users can still run security tools to clean their systems of traditional ransomware applications and even recover some files, if Windows doesn't start at all, like in this case, the remediation procedure becomes much more difficult.

    Repairing the MBR is no trivial matter and usually requires booting from the Windows installation disk, getting into the recovery command console and typing special commands.

    Ransomware infections are typically more common throughout Eastern Europe and South America, but this type of malware is slowly gaining traction in other regions of the world as well. Some variants that impersonate law enforcement agencies and ask victims to pay fictitious fines have recently been detected in Western Europe.

    "Though overshadowed by other more newsworthy threats, ransomware attacks are definitely not out of picture. In fact, this threat appears to be flourishing, as evidenced by the growth of ransomware infections in other parts of Europe," Pantanilla said.

    And a video of one in action:
    http://www.youtube.com/watch?v=6MkwiJ_rZh4 (NSFW)

    EDIT: That message in that picture above is asking for 930 Robles (Russian obviously) to be wired to some bank account number. Don't know any Russian, but that's basically what I can get from that message.
  • DeepFriedCookiesDeepFriedCookies
    Woah. Just.. woah. That's insane. Laughing SO hard at the video though, lol.
  • nikkigreg1974nikkigreg1974
    Someone told everyone what it said if you scroll down and here what it said!


    Your computer was blocked for watching, copying and sharing videos with pedophilia, child porn and gay porn elements. To unlock your computer you must pay a 500 roubles fine. To do this, in any payment terminal pay the bill of Beeline's number 89096698355 with this money amount. If the payment is equal to or bigger than the fine, you'll find an unlock key on your cheque. You must enter this key in the lower part of the screen. After unlocking you must delete all...
  • DeepFriedCookiesDeepFriedCookies
    LOL. Fun fact, pretty sure gay porn is kinda a big deal and the now very conservative Russian too. Either way, that's both genius and insane. I'd hate to get a virus like that- and even worse, I'd hate to be dumb enough to run an EXE I downloaded from a porn site.
  • noonenoone
    DeepFriedCookies wrote:
    LOL. Fun fact, pretty sure gay porn is kinda a big deal and the now very conservative Russian too. Either way, that's both genius and insane. I'd hate to get a virus like that- and even worse, I'd hate to be dumb enough to run an EXE I downloaded from a porn site.
    Some people do. You always have to assume the end user is stupid in some cases. Honestly, I think we will see more stuff like that (not full fledged mbr trashing), or botnets now and in the future than stuff that just spreads just to spread. Some of those earlier viruses back in the day tried to make political statements, or were made by kids who wanted their names plastered on the news to get 15 min of fame.
    nikkigreg1974 wrote:
    Someone told everyone what it said if you scroll down and here what it said!
    Your computer was blocked for watching, copying and sharing videos with pedophilia, child porn and gay porn elements. To unlock your computer you must pay a 500 roubles fine. To do this, in any payment terminal pay the bill of Beeline's number 89096698355 with this money amount. If the payment is equal to or bigger than the fine, you'll find an unlock key on your cheque. You must enter this key in the lower part of the screen. After unlocking you must delete all...
    The text in that video and the screenshot in my post don't match. The fine and the account is different. It's the same virus though.
  • KirkKirk
    Random fact... I was using a "millitary grade" MSI motherboard recently, and I needed to change a setting in the BIOS.

    This is the first BIOS I have seen which has a web browser. This just seems like a BAD idea to me.

    41j.png
  • DeepFriedCookiesDeepFriedCookies
    MSI Motherboards are horrible anyways imo. I had one that would NOT work with a PCIe 2.0 card, even though true PCIe 1.0 compatible motherboards are supposed to be completely forwards compatible with PCIe 2.0. MSI make a genuinely shoddy product, and their customer support is HORRIBLE. The very obviously Indian person I emailed was snappy with me, and didn't even offer me an upgrade path or anything. To add to that, there's Engrish on their customer support page. In other words, this very, VERY bad idea isn't surprising to me at all.
  • Linuxgamer94Linuxgamer94
    Wow a motherboard with an online BIOS. Wow I now want one. Dang it looks so cool, but I have no idea on what problums it has as I have no clue about the words that you type.
  • XeChrisXeChris
    DeepFriedCookies wrote:
    MSI Motherboards are horrible anyways imo. I had one that would NOT work with a PCIe 2.0 card, even though true PCIe 1.0 compatible motherboards are supposed to be completely forwards compatible with PCIe 2.0. MSI make a genuinely shoddy product, and their customer support is HORRIBLE. The very obviously Indian person I emailed was snappy with me, and didn't even offer me an upgrade path or anything. To add to that, there's Engrish on their customer support page. In other words, this very, VERY bad idea isn't surprising to me at all.
    I perosnally like Gigabyte, never had a problem with them.
  • DeepFriedCookiesDeepFriedCookies
    Linuxgamer- Lol. Have fun with those BIOS exploits!

    XeChris- MSI, not Gigabyte. Then again, I've never dealt with them either. I prefer Intel, Asus, and (prepare for shitstorm) Biostar.
Sign In or Register to comment.