------------------------
Amiga Virus Encyclopedia
Crime! Link Virus
------------------------
Name : Crime!
Aliases : No Aliases
Type : Link virus
Size : 1000 bytes
Clones : No Clones
Symptoms : No Symptoms
Discovered : 22 may 1992
Way to infect: Link infection
Rating : Less Dangerous
Kickstarts : 1.2
1.3
Damage : No Damage.
Comments : The Crime virus is a very simple link-virus. The virus
copies itself always to the same memory-address
$7DC00. For infection the virus patches the Open();
LoadSeg()-Vectors from the dos.library and additional-
ly a vector from the GlobalVectorTable (Dosbase +$2E).
A new patch will be installed in the Allocmem()-Vector
from the exec.library which sets always the above
mentioned dos-vector to the virusvalue. The virus
uses the CoolCapture-Vector to stay resident in the
memory.
The virus infects files by linking itself behind the
1st hunk of the file. In this hunk the virus searches
for a RTS. If a RTS was found the virus repalces the
RTS with BRA.S (To make sure that the virus will be
activated!).
The virus only infects files which are:
- executeable
- smaller than 100000 bytes
- don`t have "#"; "*"; "-"; "?"; in their names.
There is a crypted text in the file, decrypted you
can read:
"Crime!"
Removal : Kickstart 1.2 & 1.3 : VT-Schutz v3.17
Kickstart all others: VirusZ III with Xvs.library installed
Test made by : Safe Hex International
