Chernobyl Virus "WOW" - Posted by Jerry Greer

Posted by Sandy FL on April 30, 1999 at 18:41:12:

CIH 1.2 virus threatens PC systems’
hardware

By Emily Fitzloff
InfoWorld Electric

Posted at 2:45 PM PT, Apr 23, 1999
The patience of IT managers and the strength of the security measures they
have put into practice will be sorely tested next week.

A fiercely destructive virus, that may already be sitting dormant in computer users’
systems, is expected to become active April 26.

The virus, which is called CIH 1.2 and infects Windows 95 and 98 .exe files, is not
nearly as prevalent nor as easily spread as the recent Melissa virus, but is significantly
more destructive because it goes directly to the hardware.

Steve Trilling, director of research at the Symantec AntiVirus Research Center, said the
payload of CIH 1.2 “will not only delete programs from your hard drive, but it can
overwrite flash BIOS and totally destroy the motherboard.”

Although CIH 1.2 is much slower than most macro viruses, its threat is greater because
it typically goes undetected, according to Sal Viveros, group marketing manager at
Network Associates’ Total Virus Defense product line.

CIH was first discovered in summer 1998 in the Far East, according to Symantec’s
Trilling, who explained that viruses tend to be most threatening within the first six months
of release.

"Because CIH is now in its eighth month, the threat has been significantly reduced,"
Trilling said.

CIH, however, can destroy the hard drives of infected computers when they are booted
up on April 26. Some observers have speculated that the payload release date is
designed to coincide with the 13th anniversary of the nuclear meltdown in Chernobyl.

According to Viveros, the relatively benign Melissa virus, which struck in March, may
have been a blessing-in-disguise for users.

“Most U.S. users updated their antivirus solutions because of Melissa,” Viveros said.

All of the leading antivirus products have been aware of CIH 1.2 since summer 1998, so
people who have updated their systems since then will have the current fix for CIH 1.2
and should be safe, according to Viveros, who also remarked that the virus has been
extremely prevalent in Asia.

Computer users who are unsure if their systems are carrying the CIH 1.2 virus,
especially those who have not been updating their antivirus systems on a regular basis,
are urged to contact their antivirus solution provider.

Symantec is offering a fix called Kill CIH that can be downloaded from
www.symantec.com/avcenter. Sophos, Network Associates, and others are also
offering fixes.

A Microsoft representative said the company’s products had no particular vulnerabilities
to the CIH virus, and added that updated versions of the Windows-based antivirus
software should keep Windows systems secure.

“[CIH 1.2] can run on Windows 95 and Windows 98,” the representative said. “The
virus payload cannot run on NT systems. It could infect, but not run on NT.”

Symantec Corp., in Santa Monica, Calif., is at www.symantec.com. Network
Associates Inc., in Santa Clara, Calif., is at www.nai.com. Sophos, in Woburn, Mass.,
is at www.sophos.com.

Chernobyl Virus “WOW” - Posted by Jerry Greer

Posted by Jerry Greer on April 30, 1999 at 15:19:54:

Wanna talk about a very nasty virus? I do. I have CIH virus in my 6 mo old computer. I am using my old one to send out this distress call…HHHHHHHEEEEEELLLLLPPPPP!!!
I can’t seem to do anything with it. Does anyone know if I can save this computer? Or will I have to dump my hardrive and start all over? Anyone who could shed some light I would appreciate it.
I have all of my realestate leads,outstanding offers,info on props and pretty much the rest of my life in there…LOL!
Ps. I think I am having Jim Piper and David Segars withdrawals. I don’t know how to act if I can’t talk to them in the chat room.

Your virus catching friend,
Jerry the sick one Greer.

Re: Chernobyl Virus “WOW” - Posted by Laure

Posted by Laure on May 02, 1999 at 09:07:51:

If the virus ran long enough, before you turned your machine off, it flashed your bios chip,which ruined it you will have to get a new one. And yes, you lost your hard drive. Wayne, my hubby, works as a network specialist out of a computer store. They have tons of them sitting waiting on new bios chips to ship in.

Good luck.

Laure :slight_smile:

Re: Chernobyl Virus “WOW” - Posted by Jim IL

Posted by Jim IL on April 30, 1999 at 16:19:09:

Dear Fellow CIH victim,
I just got my hard drive reloaded. You see, on the 26th, right after midnight, I siogned on quick to check e-mail.
Then, I signed off and shut down.
Right after shutting down, I realized that I had forgotten to print some faxes I needed to read before bed.
Well, I went to re-boot, and got NADA!!
No operating system recognized, and no hard disk available.
Tried to run my old S.O.S. disk from the virus software, but got nothing.
So, I went to my laptop, all angry and upset, and figured that I could use it to print the files from disk I had saved.
OOPS!!
Laptop was killed too!!
So, This week, I had to reload OS’s on both my computers, and am now the proud owner of some really nice Virus killing software, and waiting on the arrival of my new zip drive.
Lesson learned, OH YAH!
Most definitely, always BACK UP everything, and look at the news once in a while.
I completely missed the MANY stories on T.V, the web, and in the paper that covered CIH and said, "Do NOT even turn on your P.C. on 4/26/99!"
Oops,
Jim IL

Re: Chernobyl Virus “WOW” - Posted by Jim IL

Posted by Jim IL on April 30, 1999 at 16:19:09:

Dear Fellow CIH victim,
I just got my hard drive reloaded. You see, on the 26th, right after midnight, I siogned on quick to check e-mail.
Then, I signed off and shut down.
Right after shutting down, I realized that I had forgotten to print some faxes I needed to read before bed.
Well, I went to re-boot, and got NADA!!
No operating system recognized, and no hard disk available.
Tried to run my old S.O.S. disk from the virus software, but got nothing.
So, I went to my laptop, all angry and upset, and figured that I could use it to print the files from disk I had saved.
OOPS!!
Laptop was killed too!!
So, This week, I had to reload OS’s on both my computers, and am now the proud owner of some really nice Virus killing software, and waiting on the arrival of my new zip drive.
Lesson learned, OH YAH!
Most definitely, always BACK UP everything, and look at the news once in a while.
I completely missed the MANY stories on T.V, the web, and in the paper that covered CIH and said, "Do NOT even turn on your P.C. on 4/26/99!"
Oops,
Jim IL

Re: Chernobyl Virus “WOW” - Posted by David Alexander

Posted by David Alexander on April 30, 1999 at 15:28:26:

Dude,

Hate to hear it. I lost my Hard drive about 8 months ago, had my life on it for the last five years. Had to reformat my hard drive and start over.

from what I hear you have to do the same with the chernobyl virus also, reformat and start over.

Good luck my friend,
by the way, Zip drives are wonderful

David Alexander

Re: Chernobyl Virus “WOW” - Posted by David Alexander

Posted by David Alexander on April 30, 1999 at 15:28:26:

Dude,

Hate to hear it. I lost my Hard drive about 8 months ago, had my life on it for the last five years. Had to reformat my hard drive and start over.

from what I hear you have to do the same with the chernobyl virus also, reformat and start over.

Good luck my friend,
by the way, Zip drives are wonderful

David Alexander

Re: Chernobyl Virus “WOW” - Posted by JohnBoy

Posted by JohnBoy on April 30, 1999 at 18:02:07:

I missed all the news about this virus also. How would you know you have it before it wipes everything out? Why was 4/26/99 a concern about turning on your computer? Where is this virus coming from? How does this virus get into your system? Is it something transfered off the net somehow? Sorry, I don’t know much about computers except how to turn the thing on. LOL

Re: Chernobyl Virus “WOW” - Posted by JohnBoy

Posted by JohnBoy on April 30, 1999 at 18:02:07:

I missed all the news about this virus also. How would you know you have it before it wipes everything out? Why was 4/26/99 a concern about turning on your computer? Where is this virus coming from? How does this virus get into your system? Is it something transfered off the net somehow? Sorry, I don’t know much about computers except how to turn the thing on. LOL

from IDG.NET - Posted by Sandy FL

Posted by Sandy FL on April 30, 1999 at 18:41:12:

CIH 1.2 virus threatens PC systems’
hardware

By Emily Fitzloff
InfoWorld Electric

Posted at 2:45 PM PT, Apr 23, 1999
The patience of IT managers and the strength of the security measures they
have put into practice will be sorely tested next week.

A fiercely destructive virus, that may already be sitting dormant in computer users’
systems, is expected to become active April 26.

The virus, which is called CIH 1.2 and infects Windows 95 and 98 .exe files, is not
nearly as prevalent nor as easily spread as the recent Melissa virus, but is significantly
more destructive because it goes directly to the hardware.

Steve Trilling, director of research at the Symantec AntiVirus Research Center, said the
payload of CIH 1.2 “will not only delete programs from your hard drive, but it can
overwrite flash BIOS and totally destroy the motherboard.”

Although CIH 1.2 is much slower than most macro viruses, its threat is greater because
it typically goes undetected, according to Sal Viveros, group marketing manager at
Network Associates’ Total Virus Defense product line.

CIH was first discovered in summer 1998 in the Far East, according to Symantec’s
Trilling, who explained that viruses tend to be most threatening within the first six months
of release.

"Because CIH is now in its eighth month, the threat has been significantly reduced,"
Trilling said.

CIH, however, can destroy the hard drives of infected computers when they are booted
up on April 26. Some observers have speculated that the payload release date is
designed to coincide with the 13th anniversary of the nuclear meltdown in Chernobyl.

According to Viveros, the relatively benign Melissa virus, which struck in March, may
have been a blessing-in-disguise for users.

“Most U.S. users updated their antivirus solutions because of Melissa,” Viveros said.

All of the leading antivirus products have been aware of CIH 1.2 since summer 1998, so
people who have updated their systems since then will have the current fix for CIH 1.2
and should be safe, according to Viveros, who also remarked that the virus has been
extremely prevalent in Asia.

Computer users who are unsure if their systems are carrying the CIH 1.2 virus,
especially those who have not been updating their antivirus systems on a regular basis,
are urged to contact their antivirus solution provider.

Symantec is offering a fix called Kill CIH that can be downloaded from
www.symantec.com/avcenter. Sophos, Network Associates, and others are also
offering fixes.

A Microsoft representative said the company’s products had no particular vulnerabilities
to the CIH virus, and added that updated versions of the Windows-based antivirus
software should keep Windows systems secure.

“[CIH 1.2] can run on Windows 95 and Windows 98,” the representative said. “The
virus payload cannot run on NT systems. It could infect, but not run on NT.”

Symantec Corp., in Santa Monica, Calif., is at www.symantec.com. Network
Associates Inc., in Santa Clara, Calif., is at www.nai.com. Sophos, in Woburn, Mass.,
is at www.sophos.com.