------------------------    
     Amiga Virus Encyclopedia    
     Crime! virus
     ------------------------

    
    - Crime! Linkvirus extends a file by 1000 bytes. hangs
      to the first codehunk. Cool, AllocMem, Dos:Open, LoadSeg,
      Dosbase+$2e
      KS2.04 = NO
      No message program part found.
      Can hang in the same file MULTIPLE TIMES because it is already infected
      routine is missing. (I stopped after 3 links to the same file)
      However, another file must always be called in between
      so that the file name buffer (created by VirusPrg.) is overwritten
      will be.
      In memory, 19 bytes are decoded with eori.b #$5e,-1(a5):
                  Crime!00dos.library
      Propagation conditions:
            - Flag disk o.k. ($52)
            - #16 blocks free
            - File smaller than #102400 (#$19000)
            - 1.LW #$3F3 (file executable)
            - #$3E9 is found (1st hunk is CodeHunk)
            - last command in 1st hunk is #$4E75 (RTS). carries virus
              then enter $4E71 (NOP).
              or
              is found back up to $3E+1 word steps. carries virus
              then enter $60xy (bra.s xy).
            - Name does not contain: #, *, -, ., ?,

      Memory detection tested with VT: 02/15/92
      Removal tested with VT: 02/16/92
      important !!!!!!!!!!
      VT should definitely find the affected file in the file test. Since the
      other VT routines work partially block-oriented
      only 2 long words are in the block and the 3rd LW in the next block.
      VT does NOT answer then!!!
      Note 08/31/92: From VT2.44 several CrimeLinks should be the same
      File can be expanded in one go. If no, report please. Thanks
     
      Removal: Kickstart 1.2 & 1.3 : VT-Schutz v3.17
               Kickstart all others: VirusZ III with Xvs.library installed
     
     
      Test by Heiner Schneegold 
      Translated to english by Google Translate