Virus.Win32.HLLP.Toadie

I believe the PE/COFF format is a superset of MZ-DOS, and does not contain any code that specifically checks for Windows.

COFF executables start with an MZ-DOS stub, followed by a magic number then valid DOS code that prints "nope" then exits. When Windows opens a COFF executable, it reads the magic number and immediately skips ahead to the _real_ entry point. At no point does the program itself make any sort of "check" that it is running on Windows.

This allows for hybrid executables such as REGEDIT to exist, where both the MZ and COFF sections contain a complete program, not unlike Universal (PPC/x86_64) and Universal 2 (x86_64/AArch64) programs under Darwin.

In the case of Toadie, I'd love to load an infected executable through Cutter, but I'm pretty sure it overwrites the MZ section and the COFF magic number, with an MZ program that manually performs a protected call into the COFF entry point, presumably after running a malicious payload in MZ mode.

In other words, Toadie is not really a Win32 virus. It is an MS-DOS virus capable of identifying and hooking into Win32 COFF executables non-destructively.

itsthesola

One of the main things I've gathered from watching your videos over the years is that pointing a camera at your monitor seems to be a valid substitute for an antivirus considering how it seems to cause malware to stop working correctly

Toxoidb

8:07 "Fool me once, I'm mad. Fool me twice, how could you. Fool me three times, you're officially that guy..." - JonTron

spendle

"It's about this point that my eyes begin glazing over and my mind becomes one with the Toadie virus, rendering it useless"
dan is clearly having fun with subtitles and I'm all here for it

RPCHN_FRNZY

The video length and the virus' ability to throw you off its path for however long is honestly more reminiscent of meltingscreen.

thishandle.wasnttaken

ARP and REGEDIT are valid EXEs for both Windows and DOS mode, so that's why it's not a problem for them, ARP just opens the DOS version of itself instead of the Windows one, just like REGEDIT

IrisGalaxis

a new danooct1 video is the best birthday gift i could've ever asked for. thank you

NotThatSalty

Every Windows program is secretly a DOS program too, even today. Usually, it just prints a message and quits. But it doesn't have to be like that.

pvc

Always glad to have a 20-minute long danooct1 video

exaltedb

Almost 20 minutes?!
What did we do to deserve THIS prize!

ItzTerraYT

Seeing "REGEDIT - HUHIUEH" was so sudden and funny that i almost dropped my drink. It's just for a frame but that's suspicious, lol

SpessWarlock

When the virus does it job so well it completely bricks the kernel, now that I've never seen happen in a danooct video before LOL

letcreate

This was a super weird virus! Definitely wasn't expecting it to get to the Kernel so quick!

Thank you Dan for pushing through the setbacks, and thank you for the work you put into these!

glitchyglyphva

I can't believe that Toadie literally toasted the computer LMAO

Povilaz

Your videos have the most pleasant subtitles, your effort is greatly appreciated. Your voice is also very soothing.

Kilgamesh

I have been subscribed to you for a very long time. Every video is great and done in that old style that I enjoy. Thanks for the years of entertainment and here's to many more!

Also, I've seen the kernel error before, it's so rare. I got it by randomly deleting registry entries.

thedarkdragon

0:48 Cause I’m the Taskman, yeahhh I’m the taskman 🎶

justinhamilton

5:05 "It's always good to thoroughly infect your machine whenever possible"
LMAO

aznxknight

My mind is blown by the captions explaining each hardware and software sound. Thank you for doing this still after all these years

HowPettyful

Two Danooct1 videos! It really is the Christmas season!
Always love the videos when they drop man.

maiyannah