Virus.DOS.Deicide


Hello everyone Today we’re taking at a family of viruses called Deicide. Now this virus is named this because the author actually names himself In comments inside the virus body. and his name, is apparently “Glen Benton” and Glen Benton, is the founder and lead singer of heavy death metal band “Deicide” Hence the name Now, If you look at this guy You might not think this guy is actually a DOS Virus author, but. Don’t let the looks, and the career history deceive you, this is is definitely the guy who wrote these viruses. I assure you. So, the first version of this virus is 622 bytes long, it’s relatively benign; it does not do ANYTHING other than display a message. Like all these viruses, it searches out and infects “.com” files when it’s executed… …and it’ll infect ONE “.com” file each time you run it, and THIS virus activates between August 3rd and August 18th with a message. So we’ll go ahead and change the date, and when we run any infected file, we’ll get the message “This personal computer has been struck by the uncurable- disease that is called “The Doom Of Morgoth” and that’s about it. Although “The Doom of Morgoth” sounds pretty bad, and we said UNCURABLE instead of INCURABLE. Rest assured, this is NOT a dangerous virus, It doesn’t format your drive or delete your files, However, this next version, DOES. So I’m gonna change the date back here.. So that we don’t activate the previous version, and THIS version appropriately is 666 bytes long (ha ha) and its supposed to infect files by overwriting them, which would DESTROY files. However, this doesn’t work… and when it runs out of files to overwrite, it’s supposed to trash the file allocation table of the hard-drive and display a message, Right here: “BYE BYE HARD-DISK” from Glen.. Deicide, next time be CARUFUL with illegal stuff and… the computer is frozen now.. *BEEP* Yep, It doesn’t like me pressing “enter” that much. As its no longer accepting input. However, If we restart the computer with “Control, alt, Delete.” Your computer WILL boot back up and the virus failed to overwrite any files and also failed to trash our FAT. So as we see here, the computer STILL boots. Ok… Ignore the “INT 10h hooked”, that is a program I use to make sure DOS runs in 60Hz, which makes it not flicker like crazy when I’m recording these videos with my phone camera So this next variant is another benign version of the virus, it doesn’t overwrite or delete anything. However, its a bit more verbose in it’s message, and this activates during the early days of september. So we are going to change the date to, September 9th, 1995, and when we run this OR any infected file- We get a nice long message that says: Gotta say, That’s one way to win a girls heart I-I envy you glen, you certainly have a way with the ladies. and…gives us the message to “Press the(?) key to start the program (This time no damage!)” and, true to it’s word, we go back to the DOS prompt. Last, but CERTAINLY not least is the “message” variant of Deicide Which, spruces up your DOS prompt to be really, REALLY cool. Now, are you tired of boring error messages? Like: “Required parameter missing”? Do you wish that when you ran “graphics.com” it actually did something? Instead of just quitting back to the DOS prompt? Well THIS virus, is the virus for you! * HI! Virus Billy Mays here!* We’re gonna go ahead and run it… and every time it infects a file, It adds a new line to it’s repertoire, over 60 LINES that it ends up displaying on your DOS prompt Including: “My I EFF with your wife?” I’m not swearing this time. What else we got? “Faces of DEATH!” Cool! Spread this like hell! Let’s do it. “David Grant is a @#%!-Head” Well, so much for not swearing. ‘Greetings to Cracker Jack in Italy.” “Copyright by Glenn Benton” “Program to big to fit in a$s” (Nice english!) “Deicide wasn’t that good after all” Y’know what? I disagree. ‘cuz I love this variant of this virus, this is amazing! Because now, when we run infected files- If they get infected properly, we should see a message pop up! But were not, hold on we gotta run this a bunch of times. We gotta make sure we infect the hell out of this disk, like it said, we gotta spread the hell out of it- “RAM Parity error.” “Insert tracktor toilet paper in printer” “Vote for Saddam” (No thank you.) “Dead by Dawn” “May I F#[email protected] with your wife?” (As I said before, no swearing!) “Do not use drugs, Make a virus!” (How about neither.) “This virus is SHAREWARE” (Unwanted “shareware”) So share it with your friends! (Don’t do it!) “Dame Edna is cool!” “We like the pope, he gives us his dope!” (… thats no pope.) Like, this is just so cool! “MacAfee is a bum-hole” “Patricia Hoffman is a virgin” (How is this relevant!?) “David Grant is a @^$#-Head” (Stop swearing [email protected] YOU!) “Jan Terpstra sucks” “Vesselin Bontchev is a lamer” and on and on – “HAHAHA You have a virus!” “Dutch virus Research Laboratory”- -and theres a bunch of different versions of this, DEICIDE, MORGOTH, BREEZE, BROTHER, By Glenn Benton Look at graphics, Uh, It got infected by an earlier variant but not by this one for some reason. But “sys.com” has certainly been infected because its like 5 times bigger than it should be, it’s over 46 thousand bytes now… Here we go… and now we are getting a BUNCH of messages oh god it’s broken. Alright so, every time we run “sys.com” instead of “Required parameter missing” we get all of these! So let’s just keep running this, I like this. [Dan breaks everything] Oh-oh god, oh no. Um… Ok.. I-I think we might’ve broken it. (Ya think!?) But, We had fun while it lasted. So, that is about it for Deicide I don’t have any more variants to take a look at, and this kinda broke spectacularly here at the end, so. I hope you enjoyed this virus, I hope you enjoyed this video. Thanks for sticking around, thank you for watching, and take care! Great, More Subtitles This next variant is another benign one that doesn’t overwrite anything or try to delete anything, however it gets a bit more verbose with its message. So we’re going to change the date to any day in September… which is when it activates… Why not today’s date? What is today? The 24th? I don’t remember what today is. [Of course] Oh well, it doesn’t matter. But anyway. We’re gonna go ahead and run the virus here… This time, we should get a lovely message… but we’re not.
Why aren’t we getting the message? We’ll wait until it infects graphics.com. Every time we run it, it’s infecting a new file. So here we go. We can see graphics.com has increased in size… to 21,077 bytes.
Now, when we run this… …nothing happens.
Why… doesn’t anything happen? [Virus Breaks]