home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Amiga Plus 1995 #3 & #4
/
Amiga Plus CD - 1995 - No. 3 and 4.iso
/
pd
/
anti-virus
/
vib
/
virus
/
c
/
crime'92
< prev
Wrap
Text File
|
1995-07-20
|
2KB
|
68 lines
Name : Crime'92
Aliases : No Aliases
Type/Size : Link/1800
Clones : No Clones
Symptoms : No Symptoms
Discovered : 05-10-92
Way to infect: Link infection
Rating : Dangerous
Kickstarts : 1.2/1.3/2.0
Damage : Destroys tracks.
Removal : Use viruskiller.
Comments : The Crime'92 virus is a dangerous link-virus. The
virus allocate 4028 bytes of chip memory. Then it
checks your Kickstartversion. If you have Version 1.3
or smaller the virus:
1) Patches the Cool-Vector to stay resident
2) Changes the GlobalVectorTable $2E(A6) from the
dos.library to infect other files.
3) Patches the Wait()-Vector from exec.library.
If you have Version 2.0 of higher the virus:
1) Patches the Cool & Cold Vector to stay resident
2) Changes the LoadSeg() & NewLoadSeg()-Vector from
from the dos.library to infect other files.
3) Patches the Wait()-Vector from exec.library
The virus infects files by linking itself behind the
1st Hunk of the file. In this hunk the virus searches
for a RTS. If a RTS was found the virus repalces the
RTS with BRA.S (To make sure that the virus will be
activated!).
The virus only infects files which are:
- executeable
- smaller than 102400 bytes
- don`t have "." or "*" in their names.
The whole virus is crypted.
In the decrypted virus you can read:
"Crime'92"
A.D 04-94
