Introduction
The 16bit Crew is a computer virus written for the Commodore Amiga. It is an old bootvirus written in 1988.
Summary
- Overwriting the original bootblock unprotected disk while booting
- It is not crypted
- Hooks DoIO()-vector from the exec.library
- Makes itself reset resident by using the CoolCapture
Details
After booting with an infected disk the virus copies itself to ChipRam location $7EC00 without allocation. If another programm overwrites this area the Amiga will crash. Then it makes itself resident by using the CoolCapture.
On next reset the virus will hook the DoIO()-vector of the exec.library. This routine will be activated next time you boot with a disk. Then the virus will check if the disk is unprotected and writes itself onto it.
The DoIO()-hook will then be removed. And will be hooked again next time you reset your Amig, etc…
If you press the left mousebutton while booting the virus will flash the power LED of the Computer and will perform a cold-reset which removes the virus:
reset:
movea.l 4.w,a6
jsr -$96(a6)
move #$2700,sr
lea $F80000,a1
reset
jmp (a1)
At the end of the virus-code you can read the following text:
01d0h: 00 00 00 82 FF 7E 54 68 65 20 31 36 42 69 74 20 ; ...‚ÿ~The 16Bit
01e0h: 43 72 65 77 20 31 39 38 38 00 00 00 00 00 03 EC ; Crew 1988......ì
