VIRUS HELP TEAM Amiga Antivirus Website www.vht-dk.dk
------------------------
Amiga Virus Encyclopedia
Crime! virus
------------------------
Name : Crime!
Aliases : No Aliases
Type : Link virus
Size : 1000 bytes
Clones : No Clones
Symptoms : No Symptoms
Discovered : 22-05-92
Way to infect: Link infection
Rating : Less Dangerous
Kickstarts : 1.2/1.3
Damage : No Damage.
Removal : Use viruskiller.
Comments : The Crime virus is a very simple link-virus. The virus
copies itself always to the same memory-address
$7DC00. For infection the virus patches the Open();
LoadSeg()-Vectors from the dos.library and additional-
ly a vector from the GlobalVectorTable (Dosbase +$2E).
A new patch will be installed in the Allocmem()-Vector
from the exec.library which sets always the above
mentioned dos-vector to the virusvalue. The virus
uses the CoolCapture-Vector to stay resident in the
memory.
The virus infects files by linking itself behind the
1st hunk of the file. In this hunk the virus searches
for a RTS. If a RTS was found the virus repalces the
RTS with BRA.S (To make sure that the virus will be
activated!).
The virus only infects files which are:
- executeable
- smaller than 100000 bytes
- don`t have "#"; "*"; "-"; "?"; in their names.
There is a crypted text in the file, decrypted you
can read: "Crime!"
Info : Can hang in the same file MULTIPLE TIMES because it is
already infected routine is missing. However, another
file must always be called in between so that the file
name buffer (created by VirusPrg.) is overwritten will
be.
Antivirus : Kickstart 1.2 & 1.3..... : VT-Schutz
Kickstart 2.0 and higher : VirusZ III, with the new Xvs.library installed
Test made by : Heiner Schneegold & safe Hex International
