Virus.DOS.Coconut


Hello everyone! Sorry it’s been a while, some real-life stuff has gotten in the way, but today we’re back with a new MS-DOS virus called “Coconut”. Now this one is a bit more simplistic than some of the others we’ve seen as this is just a direct file overwriting virus, so it doesn’t actually infect the files in the way that they still work. It just, kind of searches out “.com” files and overwrites them entirely. *Drive activity* So… when we run this it searches for some files and infects them, overwrites them. So every time we do this, it infects a few more files *Typing* We should be able to see, uh, overwritten files performing the same sort of behavior. As we can see, “graphics” normally doesn’t take that long to load It, uh, usually just runs and quits fairly quickly, within about a second. However, now it is also actively searching out, and trying to destroy other files. *Drive activity* So, the same thing happens with “Sys.com”, instead of giving us the error message, it just quits back out. So, these files have been overwritten by the virus, and are now just trying to infect all the other files they can find. And, what makes this virus a little bit cool, is that it activates on August 31st, of every year. So, we missed it by a couple days, but oh well. But, anyway, any time we run any infected file now… …we get a very nice… creepy smiley face. Which looks pretty neat. and… go ahead and infect “command.com” a little bit here… We’ll see if it’ll do it. Alright, so it looks like it’s starting to infect more and more files here… …so basically every file you run on the 31st will result in this. This virus is pretty limited, as you would have to be running your programs on the 31st in order to actually see this creepy smiley face. Uh, if you’d run it on any other day, all your files would just be lost, and you would probably reformat, or restore from backups, and you’d never get the opportunity to see this glorious piece of art! So we’re preserving history here, see not many people have gotten to see this. You’re special. *keystroke* We’re gonna go ahead and restart, and see if it has actually overwritten the “command.com” file. And if it has, it should be… …fairly interesting. And there we go, we can see it has been infected, as it is missing our command interpreter, if we type in the name though, we get our nice, creepy smiley face. And then the computer fails to boot anyway, because the command interpreter has been overwritten. So, that’s really about it. Nothing too special, I just really like this creepy smiley face that not many people have gotten to see, and, uh, yeah, that’s about it. We’re going to hopefully be coming back to regular uploads now, should be another one next Friday, and the one after that, …and the one after that. So, we gonna try to keep on going here. So, thank you, as always, for watching, hope you enjoyed it! You know, leave a comment, try and recreate this ASCII smiley face in the comments, do whatever you want, I don’t really care. Have fun. Thanks for watching. Wait for it… …it didn’t do it. Alright, that sucks. *Typing* *Continued typing* *Computer beeping* …Okay, sorry about that. I have now gone through, I moved an infected.com file to the root directory… …and infected “Command.com”. So now we’re going to restart. And we should hopefully see this creepy smiley face pop up. *Drive activity* *Error beeping*