I believe the PE/COFF format is a superset of MZ-DOS, and does not contain any code that specifically checks for Windows. COFF executables start with an MZ-DOS stub, followed by a magic number then valid DOS code that prints "nope" then exits. When Windows opens a COFF executable, it reads the magic number and immediately skips ahead to the _real_ entry point. At no point does the program itself make any sort of "check" that it is running on Windows. This allows for hybrid executables such as REGEDIT to exist, where both the MZ and COFF sections contain a complete program, not unlike Universal (PPC/x86_64) and Universal 2 (x86_64/AArch64) programs under Darwin. In the case of Toadie, I'd love to load an infected executable through Cutter, but I'm pretty sure it overwrites the MZ section and the COFF magic number, with an MZ program that manually performs a protected call into the COFF entry point, presumably after running a malicious payload in MZ mode. In other words, Toadie is not really a Win32 virus. It is an MS-DOS virus capable of identifying and hooking into Win32 COFF executables non-destructively.

One of the main things I've gathered from watching your videos over the years is that pointing a camera at your monitor seems to be a valid substitute for an antivirus considering how it seems to cause malware to stop working correctly

The video length and the virus' ability to throw you off its path for however long is honestly more reminiscent of meltingscreen.

8:07 "Fool me once, I'm mad. Fool me twice, how could you. Fool me three times, you're officially that guy..." - JonTron

"It's about this point that my eyes begin glazing over and my mind becomes one with the Toadie virus, rendering it useless" dan is clearly having fun with subtitles and I'm all here for it

ARP and REGEDIT are valid EXEs for both Windows and DOS mode, so that's why it's not a problem for them, ARP just opens the DOS version of itself instead of the Windows one, just like REGEDIT

Every Windows program is secretly a DOS program too, even today. Usually, it just prints a message and quits. But it doesn't have to be like that.

a new danooct1 video is the best birthday gift i could've ever asked for. thank you

Almost 20 minutes?! What did we do to deserve THIS prize!

Always glad to have a 20-minute long danooct1 video

I can't believe that Toadie literally toasted the computer LMAO

This was a super weird virus! Definitely wasn't expecting it to get to the Kernel so quick! Thank you Dan for pushing through the setbacks, and thank you for the work you put into these!

Seeing "REGEDIT - HUHIUEH" was so sudden and funny that i almost dropped my drink. It's just for a frame but that's suspicious, lol

This virus was...a trip, to say the least. Possibly one of the most weird set of payloads, intentional or otherwise, that have showed up in your videos

Your videos have the most pleasant subtitles, your effort is greatly appreciated. Your voice is also very soothing.

I have been subscribed to you for a very long time. Every video is great and done in that old style that I enjoy. Thanks for the years of entertainment and here's to many more! Also, I've seen the kernel error before, it's so rare. I got it by randomly deleting registry entries.

When the virus does it job so well it completely bricks the kernel, now that I've never seen happen in a danooct video before LOL

I don't have any interesting technical insight to contribute, but I just wanna say that you and your videos are seriously appreciated. I've always been ecstatic whenever you upload.

Two Danooct1 videos! It really is the Christmas season! Always love the videos when they drop man.

It's so nice to see you still continuing to make videos on viruses even now. I used to be so fascinated with all your videos many years ago. I remember watching you and some other guy with a Zapdos pfp for a lot of virus content back then (no idea what his channel was called anymore). You and other virus channels really made my childhood and figure out pretty young to avoid getting viruses, while also making me a bit scared of using computers lol

0:48 Cause I’m the Taskman, yeahhh I’m the taskman 🎶

I LOVE That you're still doing these things man, I remember you talking like 9 tears ago and showing off trojans and viruses. You're admirable.

My mind is blown by the captions explaining each hardware and software sound. Thank you for doing this still after all these years

You're much more active again! I always love your humor in these videos, keep em coming!

It's not a danooct video if the virus doesn't work on the first try. So glad to see you back, though!

If you think about why the kernel got infected so quick it makes sense He rebooted in MS-DOS which wasn’t a full reboot Therefore he booted into the KERNEL of windows which didn’t kill any other applications that can run in DOS and since the virus change’s applications from windows into dos applications the virus itself has dos code

your anger is immeasurable yet my day is fulfilled

Weird. If the VXHeaven archive is correct, Toadie.6810 isn't just "corrupt", it's not even Toadie (or an MS-DOS executable, for that matter)! It's some part of a (mIRC?) script which tries to DCC a file from the Windows directory to everyone upon joining a channel. (I'd post it, but even though it's literally just some random script fragment I'd still feel kinda dirty, so yeah) You can also see this when you're looking at the 6810 ""binary"" at about 0:28 as the size is only 142 bytes, far from the claimed 6810.

wake up babe new monthly danooct1 content drop

5:05 "It's always good to thoroughly infect your machine whenever possible" LMAO

The unpredictability of these videos triggers the anxiety these viruses caused when you didn't know what was going on with your computer. Luckily you cannot get an infection via KZbin video, so it's only a simulation.

BABE WAKE UP NEW DANOOCT1 VIDEO JUST DROPPED

Welcome back, Dan. I'm so excited to listen to you again.

"It's always good to throughoutly infect your machine whenever possible" -Dan

I actually enjoy the dead-air moments, adds to the depth of the video, keep them more often if possible :P I'm sure it will make editing a bit more relaxing aswell

thank you danooct1 for another fantastic vid where the virus operates exactly as planned

It's always a good Friday when danooct1 uploads!

danooct's VMs in a nutshell: "Oh, what a beautiful day, fresh install and... Oh f***, not this shit again. Yet another round of viruses."

I like the extra flavour found in the closed captions.

2:25 The rush of nostalgia from that boot-up sound!

Another Danooct1 video this year?? Amazing gift.

Should start a new series of old anti viruses that can fight old malware and such.

Danooct1: Toadie Actuality: Poisonous.Toadie

I got disappointed to hear the Gateway seek test instead of the Packard Bell seek test. But oh well, still a cool video! Nice job, Dan!

Seek test is like music to my ears. Good to have a new video, thank you!

I did not expect this upload, how incredible.

Danooct, your the best. Your the reason I became interested in cybersecurity and malware. If it werent for your videos peaking my interest, I wouldn't have the career path I have today. Thank you so much.

Thank you for capturing the real PC rather than VM, its way more introducing!

I like the George Bush reference especially considering I could see him getting his computer infected with something like this back in the day.

When a virus is so good that it kills Windows in a Dan video. It's amazing.

I think the pace of the auto generated subtitles is good. The big difference to me from the manual captions is that it usually splits up the sentences into 2 lines for each caption instead of being all on one line and spills over between sentences often as they're said out loud, but it's still fine to read. I want to mention 8:01 though for a specific instance where I personally feel like the quoted message should be all together instead of leaving the last word "mode" to the next set of captions.

These videos are better than ASMR to me.

Pascal? Never heard of it. I still keep enjoying on your videos even this keeps going. Never give up Dan!

Good to see you back Dan. Hope you’re alright

good to have you back lol. loading the kernel

i'm glad to see your back, especially with a longer video

missed ya man. keep up the great work

Yeah a new virus video!! That seek test never gets old 😍

sir, thank you for the malware knowledge over the years, but sir can i pls say that your voice is so calming

BABE WAKE UP NEW DANOOCT JUST DROPPED

The W reference 8 minutes in was beautiful

Lol that dubya quote. Dan, you’re a true Texan.

19 minutes of content, thank you

Good to see you're still uploading, great stuff as always

I tried running this one on a Windows XP 32 bit virtual machine a while ago, and it somehow worked, but barely. It seems to infect some files in the current directory and executing those shows the command prompt with the weird title and removes their icon, but seconds later they seem to get restored (they regain their icon and original size, and no longer launch the command prompt). Only one file got permanently infected (chrome.exe, yeah, Google Chrome), and the payloads shown in the video worked, but just for that file. Still it amazes me that it can run on a NT based system, because I believe most DOS/Windows 9x viruses like CIH don't work on NT versions of Windows.

Do you manually reinstall Windows everytime you make a video? Just take an image (a dump of all the partitions) of a fresh install, and when you want to reinstall, connect the drive into your computer using an external HDD enclosure and re-image it.

Glad to see a new video! Welcome back! :)

The auto-generated subtitles work pretty well 👍

8:07 nice impression of GWB there

Would the original Toadie virus have that warning message when launching or was that added in by a software analyst?

He has once again risen

It must be Christmas! Dan released a second video!

Hey Danoct, just in case you didn't know, you can save a lot of time by installing Windows onto a CF Card instead of a traditional hard drive. That way you can clone the contents of a fresh Windows install and copy them over for each new video, that way you don't have to keep going through the windows setup process.

Return of the King

Toadie: The virus SO powerful, it infects your KZbin videos 20+ years after its creation!

no way, bro's alive

The computer got frogged.

14 years later and he still doesn’t use a screen recorder

big fan for a couple years glad you’re still doing these:)

Slightly weird the amount of steps you have to go through to get this into your system. What kind of person would infect their computer with this? IRC you said is a vector but I can't imagine many people back in the day would get this going unless a kid was playing around with the executables or something to that effect. I remember renaming Doom95.exe as a kid and I got a smack for that.

Year 2022 and Windows still hides file extensions by default.

its back

new danooct (real)

bushism a little past 8:00 is highly appreciated

2:25 Good old days :(

my oshi just posted omg

Surprised there's still viruses to be documented.

Love these, thanks for continuing to upload

It wasn't written in Pascal. It was written in ASIC V5 and Assembler in tasm but later versions nasm. And that box has nothing to do with Toadie. You might be wondering How I know this about it? Well you did a video on my virus. I can answer any questions you have? About it if you'd like me to do so

LOL I am sure many will not appreciate your Bush quote.

awesome video, appreciate the captions :P

another banger from danooct1 ty bro

do you also play normal games on the machine's outside of doing a virus thing?

I wonder what this might do on Wine or an NT system.

TWO VIDEOS???

HE IS BACKKKKKKK

7:00 lol

What the hell happened to Rogueamp? He last posted in 2017.

you have some beef with.. certain viruses.. i have a fun challenge, what's the eariliest video, that dan has shown beef with the virus?

I like that you often run these different malwares on original hardware, but I'm curious as to why you don't use a VM or Qubes?