home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Amiga Plus 1995 #3 & #4
/
Amiga Plus CD - 1995 - No. 3 and 4.iso
/
pd
/
anti-virus
/
vib
/
virus
/
c
/
crime!++
< prev
next >
Wrap
Text File
|
1995-07-20
|
2KB
|
54 lines
Name : Crime!++
Aliases : No Aliases
Type/Size : Link/872
Clones : No Clones
Symptoms : No Symptoms
Discovered : 07-05-92
Way to infect: Link infection
Rating : Less Dangerous
Kickstarts : 1.2/1.3
Damage : No Damage.
Removal : Use viruskiller.
Comments : The Crime!++ virus is a very simple link-virus. The
virus calculates its memory over the Sysstyklower ->
$3A(a6). For infection the virus patches a vector from
the GlobalVectorTable (Dosbase + $2E). Additionally a
new patch will be installed in the Wait()-Vector from
the exec.library which sets always the above mentioned
dos-global vector to the virus value. The virus uses
the CoolCapture-Vector to stay resident in memory.
The virus infects files by linking itself behind the
1.st hunk of the file. In this hunk the virus searches
for a RTS. If a RTS was found the virus repalces the
RTS with BRA.S (To make sure that the virus will be
activated!).
The virus only infects files which are:
- executeable
- smaller than 102400 bytes
- don`t have "." or "*" in their names.
The whole virus is crypted depending of $DFF00A.
In the decrypted virus you can read:
"Crime!++"
A.D 04-94
