------------------------ 
     Amiga Virus Encyclopedia    
     Crime++ 872 Virus
     ------------------------

 
     Name         : Crime!++

     Aliases      : No Aliases

     Type         : Link virus
     
     Size         : 872 bytes

     Clones       : No Clones 

     Symptoms     : No Symptoms

     Discovered   : 7 may 1992

     Way to infect: Link infection

     Rating       : Less Dangerous

     Kickstarts   : 1.2
                    1.3

     Damage       : No Damage

     Comments     : The  Crime!++  virus  is a very simple link-virus. The
                    virus  calculates  its memory over the Sysstyklower ->
                    $3A(a6). For infection the virus patches a vector from
                    the  GlobalVectorTable (Dosbase + $2E). Additionally a
                    new  patch will be installed in the Wait()-Vector from
                    the exec.library which sets always the above mentioned
                    dos-global  vector  to the virus value. The virus uses
                    the CoolCapture-Vector to stay resident in memory.
                    
                    The  virus  infects files by linking itself behind the
                    1.st hunk of the file. In this hunk the virus searches
                    for a RTS.  If a RTS  was found the virus repalces the
                    RTS  with  BRA.S  (To make sure that the virus will be
                    activated!).

                    The virus only infects files which are:
                    - executeable
                    - smaller than 102400 bytes
                    - don`t have "." or "*" in their names.

                    The whole virus is crypted depending of $DFF00A.
                    In the decrypted virus you can read:
                    "Crime!++"

     Removal      : Kickstart 1.2 & 1.3 : VT-Schutz v3.17
                    Kickstart all others: VirusZ III, and also Xvs.library must be installed

     Test made by : Safe Hex International