Introduction
Gyros is a computer virus written for the Commodore Amiga. It is a simple bootvirus.
Summary
- Overwriting the original bootblock of an unprotected disk when booting with it
- The virus is not encrypted
- Uses DoIO()-vector from the exec.library for infection
- Makes itself reset resident by using the CoolCapture
Details
After booting with an infected disk the virus copies itself to memory-location $7EC00. Unlike other typically old bootviruses on the Amiga this memory location can't be overwritten by the AmigaOS afterwards because the virus sets this memory area as allocated by using AllocAbs() of the exec.library.
Then the virus makes itself reset resident by using the CoolCapture. On next reset the virus hooks the DoIO()-vector of the exec.library.
If then the Amiga is booted by an unprotected disk the virus will infect the bootblock and increases a counter. If this counter reaches the value 10 the Amiga will be blocked immediately, the user will only see a black screen.
This is the routine used to cause this behaviour:
block:
lea $DFF000,a0
move.b #3,$BFE201
move.b #2,$BFE001
move.w #$7FFF,$96(a0)
move.w #$200,$100(a0)
move.w #0,$110(a0)
move.w #0,$180(a0)
move #$2700,sr
In the virus-bootblock you can see the following text:
0210h: 00 00 44 65 61 72 20 41 72 6E 64 21 20 59 6F 75 ; ..Dear Arnd! You
0220h: 72 20 41 6D 69 67 61 20 69 73 20 66 75 63 6B 65 ; r Amiga is fucke
0230h: 64 20 66 72 6F 6D 20 61 20 6E 69 63 65 20 47 59 ; d from a nice GY
0240h: 52 4F 53 2E 20 4D 61 6E 79 20 67 72 65 65 74 69 ; ROS. Many greeti
0250h: 6E 67 73 20 74 6F 20 79 6F 75 20 66 72 6F 6D 20 ; ngs to you from
0260h: 47 6F 65 62 6C 6F 64 69 65 6C 21 21 AB AB AB AB ; Goeblodiel!!««««
Clones and variants
None
