WEB13


Virus on PC.

 

 

You say, why a virusscanner on my PC.  I don't need one. I download nothing and all the floppies are self made.  Cd's are original.  I have no mail.
Untill one day, you got infected by a virus.  I can assure you when you've got one, it's serious business.

 


W32.CIH.Spacefiller


I have been infected by W32.CIH.Spacefiller on 9 Sept.'99 on 19.00, and it is a nasty one.  Untill today I don't know how it happened, but it was there.
The W32.CIH.Spacefiller originated in Taiwan in early June '98.  It was within one week worldwide.  The virus infects Windows 95 and 98 executable files and quikly infect all the files of that type it can find.  When a infected file is run, the virus becomes memory resident.  It will infect other files when they are copied or opened.  The virus will first look for empty spaces in the file and than break itself up into smaller pieces and hide in the file in those unused spaces.

Specifications :

Virusname

W32.CIH.Spacefiller
Aliases W95.CIH.Spacefiller
W98.CIH.Spacefiller
PE_.CIH.Spacefiller
Known variants W32.CIH.Spacefiller v1.2 , v1.3, v1.4
Symptoms The header information of a self extracting .exe is destroyed so to make it appear corrupt.  However the contains can still be extracted.
Infection When the virus is initiated it loads itself into the memory.  From now on, every window exe file that's been opened or copied is infected.  When a virusscanner doesn't detect the virus, it will infect each and every windows exe and spreading further out.
Activity The virus fills the empty spaces inside the windows exe files (clusters) without modifying the size, time or date stamp of the file.
Payload On the 26th of each month, or other trigger date according to the variant and once a year, the virus drops 2 extremely dangerous payloads.
The first one distroys the infected hard drive by deleting the header information of the drive and then destroying the drive's partition information.  Now, all data on the infected drive are permanently and irrevocably lost.
The second payload is a fatal write to the machine's Flash BIOS chip (Basic Input Output System), destroying the boot information on the chip. Without an operational BIOS, the PC will not boot and thus one can not get the computer up to a state that the virus can be removed or the BIOS repaired.

The PC will not be able to be turned on.

When the computer doesn't start even with a start up diskette, the only solution is to replace the BIOS chip on the motherboard and there is the big problem.   Many of the computers have soldered Bios ships that generally cann't be replaced.   This means that the motherboard have to be replaced.
On the payload the virus will reportedly overwrite certain flash Bios chipsets on some PC's.  Some computers have a jumper on the motherboard wich acts as hardware write protection.  Some PC's also have a DIP switch which allows the flashing Bios to be disabled.  Some newer computers that cann't be protected by the switch and therefore are very vulnerable to the virus.
Bios : Basic Input Output System.  This is a part of your computer that initializes and manages the relationships and date flow between the system devices, including the hard drive, serial and parallel ports and the keyboard.

Other files to read

CompuDirect

Press Release W32.CIH.Spacefiller and a quote from McAfee's site.

PCProtecPlus download

Info and variants of Win95.CIH, Spacefiller, Win32.CIH, Chernobyl.
Instructions and Command line options on using Clean CIH.exe
Download CleanCIH.exe

PCProtecPlus

FAQ about Win95.CIH and MSDOS commands, also other questions.

Symantec

Symantec AntiVirus Research Center: overview, details, remove utility.
To remove the virus with KILL_CIH go to kill_cih

Datafellows

Full description of W95/CIH

Complex

Anti virus F-Prot for Dos.

VirusInformation

More info about virus and links.

Symantec

Norton Kill_CIH.

Sod net

Norton Kill_CIH., McAfee scan, Dr.Solomon's Finfvirus

Virus scanners

AVP      McAfee     Norton AntiVirus     Dr.Solomon

I downloaded the trial version from AntiViral Toolkit ( AVP and see by Trial Versions and download the "AntiViral Toolkit Pro Platinum" ) and installed it.  During the installation this files were also infected.  By running the program it cleaned my whole PC.  After it I did a deep scan and it toke about 45 min/gigabit.  No virus found.  Until now the files stays clean.

 

Download this full trial version from AVP (Anti Virus Protection), see at Trial Versions
Anti Virus Experts: Your First, Last, and Only Line of Defense

Anti Virus Experts, AVX 2000 Professional Evaluation, FULLY FUNCTIONAL for 30 days


Bonus

3-D flight simulator

Ever wondered why Microsoft programs are so big?   Believe it or not, but there is a 3-D flight simulator in the Excel '97 program.   It was inexplicably hidden by the programmers at MS deep inside Excel '97.
Here the instructions on how to access the little flight simulator :

1. in Excel 97, open a new blank work sheet
2. press F5 to open the "reference" box
3. type X97:L97 and click OK
4. click your "tab" key once, this is to end up in the cell M97
5. press "Ctrl" and "shift" while clicking once on the "chart wizard" icon
6. after a few moments you should be flying.  Steer with the mouse, accelerate and deaccelerate with left and right mouse buttons respectively
7. exit the screen by pressing "Ctrl + Shift + Esc"
8. before exitting excel see in the taskbar, there should be a ????-icon.

Enjoy


You're not alone.

 


  mailto  Michel Beyens

W32.CIH Spacefiller | BAT.Chone worm
Internet Explorer | email | Backdoors | PC | Macro Warning | Virus Warning

HomePage | Overview Pages
Calpe-Spain | Entertainment | Favorite | Hockey | Reefaquarium | Virus

Sign My Guestbook   Go to GuestWorld Lycos   View My Guestbook


sqCLOUD19 sqCLOUD11