high
Summary
Summary
Action- More Information
| Detected by | All Sophos products |
|---|---|
Action
- Summary
- Action
- More Information
Please follow the instructions for disinfecting PE executables.
As this virus is not active in Windows NT/2000/XP, there is no need to shut down any programs or services when disinfecting it.
More Information
CIH is a family of computer viruses which infect Windows 95/98 programs. If you run an infected program on your computer, the virus will become active and begin to copy itself into other programs (EXE files) on your system. The virus usually replicates very quickly, so you will probably soon have hundreds of infected files on your computer.
Normally, CIH simply spreads itself. But on certain trigger dates (the most common variants of the virus activate on 26 April, but other variants activate on 26 June or even on the 26th of any month), it detonates its warhead. CIH is a family of computer viruses which infect Windows 95/98 programs. If you run an infected program on your computer, the virus will become active and begin to copy itself into other programs (EXE files) on your system. The virus usually replicates very quickly, so you will probably soon have hundreds of infected files on your computer.
Normally, CIH simply spreads itself. But on certain trigger dates (the most common variants of the virus activate on 26 April, but other variants activate on 26 June or even on the 26th of any month), it detonates its warhead.
The warhead wipes data from your hard disk, and then tries to overwrite the computer's BIOS chip. Once the BIOS is overwritten, you will be unable to use your computer at all. Repair involves physically removing the BIOS chip and replacing it with a fresh one. On some computers, the BIOS chip is not removable, so it can only be replaced by swapping the entire motherboard.
The virus was first reported in June 1998, and has been widely reported in-the-wild.
|
