Factbites
 Where results make sense
About us   |   Why use us?   |   Reviews   |   PR   |   Contact us  

Topic: CIH virus


Related Topics

In the News (Sun 19 Nov 17)

  
  CIH virus - Wikipedia, the free encyclopedia
CIH, also known as Chernobyl or Spacefiller, is a computer virus written by Chen Ing Hau of Taiwan.
The virus made another comeback in 2001 when a variant of the Loveletter Worm in a VBS file containing a dropper routine for the CIH virus was circulated around the internet, disguised as a nude picture of Jennifer Lopez.
CIH is considered a threat only if it infects programs used by mass-mailing computer worms, such as Klez, or if the Anjulie Worm comes into play.
en.wikipedia.org /wiki/CIH_virus   (679 words)

  
 CIH virus - Wikipedia, the free encyclopedia   (Site not responding. Last check: 2007-11-07)
The most common version, CIH 1.2, activates its payload on April 26, the birthday of the author.
The payload of CIH v1.2 activated for the first time in the public eye on April 26, 1999.
The payload, which is considered extremely dangerous, first involves the virus overwriting the hard drive with junk, beginning at sector 0.
wikipedia.lotsofinformation.com /wiki/index.php/CIH_virus   (730 words)

  
 CERT®/CC Frequently Asked Questions About the CIH Virus
Once the virus is triggered, the first 2048 sectors of each hard drive in the computer are overwritten with random data.
The virus will also write one byte of data to the BIOS boot block which is critical for booting a computer.
Yes, since one of the triggers for the CIH virus is the date.
www.cert.org /tech_tips/CIH_FAQ.html   (857 words)

  
 Viruslist.com - 1998   (Site not responding. Last check: 2007-11-07)
In February, the Excel4Paix (or Formula.Paix) virus was detected, This new macro virus install itself in Excel tables by using an unusual macro area of formulas which were capable of containing self-replicating code.
CIH's complex procedures caused antivirus products to significantly increase their speed of development.In August of 1998 the emergence of BackOrifice (or Backdoor.BO) caused controversy, it was designed to be a secret utility to be used for remote host administration across networks.
Virus writers were moving towards a networks worm which exploited flaws in MS Windows and Office and infectted remote computers through Web servers or via email.
www.viruslist.com /en/viruses/encyclopedia?chapter=153311178   (1277 words)

  
 CNN - CIH virus may hit on Monday - April 22, 1999
The virus, which is called CIH 1.2 and infects Windows 95 and 98.EXE files, is not nearly as prevalent or easy to spread as the recent Melissa virus, but is significantly more destructive to the computers it does infect because it goes directly to the hardware.
CIH was first discovered in summer 1998 in the Far East, according to Symantec's Trilling, who explained that viruses tend to be most threatening within the first six months of release.
CIH, however, does have the strength to destroy the hard drives of infected computers when they are booted up on April 26.
www.cnn.com /TECH/computing/9904/23/cihvirus.idg/index.html   (570 words)

  
 [ISN] CIH virus to hit April 26th. Infecting tens of thousands
The CIH virus is believed to be the first virus to attack a PC's BIOS (basic input/output system), the built-in program that helps a machine boot.
Though the virus is not irreversible, experts said that resetting the BIOS is a major pain in the neck that's beyond the expertise of most computer dealers, let alone average users.
The CIH virus is version 1.2, a variant of the equally destructive Win95-CIH virus, which is timed to strike on the 26th of every month.
lists.virus.org /isn-9904/msg00040.html   (551 words)

  
 F-Secure : Security Information Center   (Site not responding. Last check: 2007-11-07)
CIH is a virulent and widespread computer virus working under Windows 95 and 98 systems.
The CIH virus was first located in Taiwan in early June 1998.
The most common version of the virus, CIH 1.2, activates on the 26th of April.
www.datafellows.com /cih   (583 words)

  
 Sophos virus analysis: W95/CIH-10xx
CIH is a family of computer viruses which infect Windows 95/98 programs.
But on certain trigger dates (the most common variants of the virus activate on 26 April, but other variants activate on 26 June or even on the 26th of any month), it detonates its warhead.
The virus was first reported in June 1998, and has been widely reported in-the-wild.
www.sophos.com /virusinfo/analyses/w95cih.html   (259 words)

  
 Symantec Security Response - W95.CIH   (Site not responding. Last check: 2007-11-07)
CIH is a destructive virus with a payload that destroys data.
CIH is a virus that infects the 32-bit Windows 95/98/NT executable files, but can function only under Windows 95/98 and ME. It does not function under Windows NT or Windows 2000.
The CIH removal tool safely detects and removes all the known strains (as of August 3, 1998) of the W95.CIH (Chernobyl) virus from memory in Windows 95 and Windows 98.
www.symantec.com /avcenter/venc/data/cih.html   (1691 words)

  
 Network nuke set to blow 26 April 1999
Once you are infected, the virus will soon spread throughout your computer, and so the chance of your passing an infected file to someone else is high.
Even though the first reports of CIH appeared only around the middle of 1998, the virus reached the Number Two spot on the Sophos Virus Top Ten for the whole of 1998.
The virus can infect Windows NT programs, but such programs will no longer run, and will therefore not be infectious themselves.
www.sophos.com /pressoffice/pressrel/uk/19990310chernobyl.html   (547 words)

  
 Virus Info - CIH virus information   (Site not responding. Last check: 2007-11-07)
The most prevalent and dangerous form of the virus, CIH 1.2, appears once a year on April 26, the anniversary of the Russian nuclear accident.
CIH can destroy a hard drive by overwriting the first 1 MB of each hard disk on the system.
This virus is unlike any other virus in that it is possible for the virus to render your computer hardware useless.
mediswww.meds.cwru.edu /bit/help/virusinfo/cih_virus.htm   (477 words)

  
 CIH virus finds a few victims | Tech News on ZDNet
CIH can be contracted by downloading an infected file, inserting an infected floppy disk into your machine, or by opening an infected e-mail attachment.
A variant, CIH 1.2, that appears only once a year in April, is the "most prevalent and dangerous" form of the virus, said Sal Viveros, marketing vice president for Network Associates Inc., the largest computer security company.
The virus is also called the Chernobyl virus because it's timed to go off on the anniversary of the Russian nuclear accident, one of technology's worst disasters.
news.zdnet.com /2100-9595_22-514464.html?legacy=zdnn   (727 words)

  
 WinZip® Self-Extractor - CIH Virus causes corrupt headers
All executable files are susceptible to virus infection, and since self-extractors are executable files, they are susceptible to virus infection, as well.
If you suspect your computer is infected with the CIH virus (or with any other virus), we recommend that you run a reliable virus scanner with the latest virus updates.
If you are unsure if your virus scanner can detect CIH, or if you have any other questions about this virus or how to deal with a virus infection, you may want to check with the vendor for your virus scanner.
www.winzip.com /xcih.htm   (582 words)

  
 CNN - CIH virus causes little permanent damage - August 28, 1998
(IDG) -- A strain of the malicious CIH virus struck at least 750 Windows-based PCs in the U.S. yesterday, but one data recovery firm said that nearly all of the damage can be repaired in a vast majority of the cases.
The original CIH virus, PE_CIH Version 1.2, was first found in Asia on April 26 and has appeared in virtually every country since.
The virus, in addition to attacking data on the hard drive, attempts to rewrite -- and therefore destroy -- a PC's flash BIOS ROM, said Stuart Hanley, vice president of worldwide operations at Ontrack Data International, Inc. in Minneapolis.
www.cnn.com /TECH/computing/9808/28/cihvirus.idg/index.html   (711 words)

  
 CIH virus information
The CIH which was first located in Taiwan is a virus which infects Windows 95 and Windows 98 EXE files.
Another feature that this virus includes is the capability of not increasing the size of the EXE file which infects, therefore would not be noticed by any user unless an virus scanner detects it.
CIH v1.2 TTIT (CIH 1003) which activates on April 26th of any year, and is the most common CIH variant.
www.xmission.com /~comphope/vcih.htm   (237 words)

  
 Symantec Security Response - W95.CIH.1049   (Site not responding. Last check: 2007-11-07)
CIH is a virus that infects 32-bit Windows 95/98/NT executable files, but it can function only under Windows 95/98/Me. It does not function under Windows NT/2000/XP.
Once the virus is resident, CIH virus infects other files when they are accessed.
Files infected by CIH may have the same size as the original files because of CIH's unique mode of infection.
securityresponse.symantec.com /avcenter/venc/data/w95.cih.1049.html   (918 words)

  
 Symantec Security Response - W95.CIH Removal Tool   (Site not responding. Last check: 2007-11-07)
As of August 3, 1998, the KILL_CIH tool was designed to safely detect and remove all known strains of the W95.CIH (Chernobyl) virus from memory under the Windows 95 and Windows 98 systems; the W95.CIH virus cannot infect the Windows NT/2000 systems.
If the tool is run before the virus infects the system, the tool will also inoculate the computer's memory to prevent the W95.CIH virus from infecting the system until the next system reboot.
The tool has inoculated the computer and will prevent the virus from infecting system memory, if an infected file is run during the remainder of the computer session (until reboot).
securityresponse.symantec.com /avcenter/venc/data/kill_cih.html   (588 words)

  
 Alert: CIH virus
This virus infected and destroyed several computers on campus in April 1999 and was the inspiration for the university's Virus Notification Program.
CIH virus infects other files when they are accessed (e.g.
If the virus is present on your system, it is most likely loaded into active memory, in which case scanning the computer using a standard anti-virus program could cause the virus to spread.
www.helpdesk.umd.edu /virus/alerts/cih.shtml   (704 words)

  
 CIH virus real but not epidemic | CNET News.com
A virus that activates on the 26th of each month struck some computers yesterday but doesn't appear to be widespread.
Although the virus has spread at a rapid rate and infected a large number of systems, the CIH virus is deficient, according to major antivrus firms, in one respect: actual damage.
Amid the CIH publicity, it is important to remember that the more common "macro-virus" is much more of a potential danger to typical users, according to experts.
news.com.com /2100-1001-214924.html?legacy=cnet&st.ne.fd.mdh   (796 words)

  
 NRC Handelsblad - Computerbeveiliging - Virussen
Sommige varianten van het virus worden elke maand op de 26e actief, andere worden alleen op 26 april of 26 juni actief.
Het virus wordt ook wel Chernobyl-virus genoemd, omdat een van de varianten op 26 april, de dertiende 'verjaardag' van de kernramp in Tsjernobyl, actief wordt.
De variant die op 26 april actief wordt, CIH 1.2, is het meest verbreid.
www.nrc.nl /W2/Lab/Beveiliging/virussen24041999b.html   (316 words)

  
 CNN - How to prepare yourself for the CIH 1.2 virus - March 12, 1999
CIH 1.2 is a file virus that infects Windows 95/98 EXE files, and infects your PC when the application is run.
It's a relatively new and nasty variant of the original CIH virus, which first appeared in May of 1998, and received widespread publicity at the time.
CIH 1.2 is particularly nasty because it has what virus researchers call a dual payload.
cnn.com /TECH/computing/9903/12/cihvirus.idg   (474 words)

  
 SecuriTeam.com ™ - April 26th is approaching - CIH virus day
The virus is 1k in size, and it infects EXE files as they are opened by the operating system.
When the executable is ran, the virus loads itself into memory, and cleverly jumps from Ring 3 (a logical "ring" where standard applications are executed) to Ring 0 (a logical place where the privileged operating system code runs).
When the virus is triggered it erases all data on all the hard drives in the system, using direct writing functions (this bypasses the BIOS "virus protection" setting that protects the boot sector and master boot record).
www.securiteam.com /securitynews/2EUQ5QAQPU.html   (542 words)

  
 CERT Incident Note IN-99-03: CIH/Chernobyl Virus
Some versions of the CIH virus become active on April 26, 1999 which is the 13th anniversary of the Chernobyl disaster.
This is a known virus and anti-virus vendors are able to detect the CIH virus.
To properly clean the CIH virus we recommend booting an infected computer from a clean floppy diskette (one that is not infected) and then run anti-virus software.
www.cert.org /incident_notes/IN-99-03.html   (663 words)

  
 F-Secure Computer Virus Information Pages: CIH
In December 2002, over four years after the original CIH virus was found, a modified variant known as CIH.1106 was found.
The virus also employees advanced tricks in jumping from processor ring 3 to ring 0 in order to hook file system calls.
CIH can be successfully disinfected from memory and from files using a fresh version of FSAV and the latest updates for it.
www.f-secure.com /v-descs/cih.shtml   (682 words)

  
 CIH virus about to activate again - InfiniSource, Inc.   (Site not responding. Last check: 2007-11-07)
However, the situation is different in Asia, where the CIH virus is still widespread in corporate computers as well.
According to Hypponen, CIH activation will not become nearly as serious a problem as it was in 1999: "Although CIH is still an in-the-wild virus, most infected machines were overwritten a year ago, when the virus activated last time.
F-CIH will determine whether the CIH virus is currently active in the machine and warn the user if it is. F-CIH is provided as a single standalone program, it is very quickly downloaded [50KB] and easy to use - and totally free.
www.infinisource.com /features/cih-virus.html   (544 words)

  
 CIH computer virus toll tops 540,000 | Tech News on ZDNet
The April variant is also known as the Chernobyl virus because its activation date -- April 26 -- is the anniversary of the 1986 Chernobyl nuclear disaster in the former Soviet Union.
The virus hit computers in some private banks, police departments, an army school, an airport in Izmir on Turkey's Aegean coast and the state-owned TRT television.
That makes the virus much more destructive than the Melissa virus, which infected over 100,000 computers in the United States at the end of March, putting CIH at the top of the viral heap, said Rob Rosenberger, webmaster of Computer Virus Myths Homepage.
news.zdnet.com /2100-9595_22-514476.html   (875 words)

  
 CIH Virus Recovery   (Site not responding. Last check: 2007-11-07)
CIH virus finds a few victims CIH impact was minimal; but don't say that to Boston College students who lost term papers.
While this behavior places the CIH virus among the nastiest of all viruses, the damage is more recoverable than at first appears:
The CIH virus erases the first 2,048 sectors (1 megabyte) of each of the system's non-removable and writable disk drives.
www.grc.com /cih.htm   (1043 words)

  
 Symantec Security Updates
The KILL_CIH tool is designed to safely detect and remove all known strains of the W95.CIH (Chernobyl) virus (known strains as of August 3rd, 1998) from memory under Windows 95 and Windows 98 (the W95.CIH virus cannot infect Windows NT systems).
If the tool is run before the virus has infected the system, it will also "inoculate" the computer's memory to prevent the W95.CIH virus from infecting the system until the next system reboot.
This CIH removal tool can be run from either the DOS command line or from a login script, allowing an administrator to automate the disinfection process.
www.symantec.com /avcenter/kill_cih.html   (612 words)

Try your search on: Qwika (all wikis)

Factbites
  About us   |   Why use us?   |   Reviews   |   Press   |   Contact us  
Copyright © 2005-2007 www.factbites.com Usage implies agreement with terms.