VIRUS HELP TEAM Amiga Antivirus Website www.vht-dk.dk
------------------------
Amiga Virus Encyclopedia
Crime! virus
------------------------
- Crime! Linkvirus extends a file by 1000 bytes. hangs
to the first codehunk. Cool, AllocMem, Dos:Open, LoadSeg,
Dosbase+$2e
KS2.04 = NO
No message program part found.
Can hang in the same file MULTIPLE TIMES because it is already infected
routine is missing. (I stopped after 3 links to the same file)
However, another file must always be called in between
so that the file name buffer (created by VirusPrg.) is overwritten
will be.
In memory, 19 bytes are decoded with eori.b #$5e,-1(a5):
Crime!00dos.library
Propagation conditions:
- Flag disk o.k. ($52)
- #16 blocks free
- File smaller than #102400 (#$19000)
- 1.LW #$3F3 (file executable)
- #$3E9 is found (1st hunk is CodeHunk)
- last command in 1st hunk is #$4E75 (RTS). carries virus
then enter $4E71 (NOP).
or
is found back up to $3E+1 word steps. carries virus
then enter $60xy (bra.s xy).
- Name does not contain: #, *, -, ., ?,
Memory detection tested with VT: 02/15/92
Removal tested with VT: 02/16/92
important !!!!!!!!!!
VT should definitely find the affected file in the file test. Since the
other VT routines work partially block-oriented
only 2 long words are in the block and the 3rd LW in the next block.
VT does NOT answer then!!!
Note 08/31/92: From VT2.44 several CrimeLinks should be the same
File can be expanded in one go. If no, report please. Thanks
Removal: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
Kickstart all others: VirusZ III with Xvs.library installed
Test by Heiner Schneegold
Translated to english by Google Translate
