Background information
The CIH virus was first located in Taiwan in early June 1998. After
that, it has been confirmed to be in the wild worldwide. It has been
among the ten most common viruses for several months. CIH has been
spreading very quickly as it has been distributed through pirated
software.
The most common version of the virus, CIH 1.2, activates on the 26th of April. At this time,
it can overwrite the hard disk and the flash BIOS
of an infected computer -- causing complete
loss of data, and possibly rendering the computer unusable. F-Secure is
advising all computer users to check their systems with an anti-virus program
and back up their data.
CIH does not pose a risk to users of DOS, Windows 3.x, Windows NT or Macintosh users. It only replicates
and activates under Windows 95 and Windows 98.
The original warning on CIH virus from summer 1998, is available from our Virus News
pages. Press releases on the virus from March 1999, April 1999 and April 2000 are available
in our Press Room.
Screenshots of CIH and other are available on the Virus
Activation Screenshots Archive.
Virus Description Database Entries
The F-Secure Virus Description Database contains
a searchable database of descriptions of thousands of viruses.
What to do if CIH has activated on the computer?
If the computer is dead (nothing comes to screen) then the BIOS chip has
been overwritten and needs to be reprogrammed or replaced. If you get
"boot error", "insert bootable media" or "insert system disk" then the
BIOS is ok but the data on the harddrive is still gone.
If this data was very important then you can contact a professional data
recovery company, otherwise take the computer to a technician who can
then repartition the harddrive and reinstall the operating system.
Detect and remove CIH
For a quick and easy check on whether you're infected by CIH or not, simply download and run our small and free
F-CIH tool.
To do a thorough check on all of your files on local drives and network drives,
download the full trial version of F-Secure Anti-Virus for Windows 95/98.
If you're using Windows NT Workstation, Windows NT Server or Windows 3.1, download
F-Secure Anti-Virus from the Download Center - remember, CIH
does not spread under these operating systems, but you might still want to check your files if
you share them with 95/98 users.
If you want to protect your Macintosh or OS/2 Warp computer or servers running
Novell NetWare, Microsoft Exchange, Check Point FireWall-1, TIS Gauntlet
or AltaVista Firewall, contact an F-Secure
Business Partner close to you.
Contact
information
For more information, contact
cih-virus-info@F-Secure.com
USA:
F-Secure, Inc.
Tracey
Thomas, Product Manager
675 N.
First Street, 8th Floor
San Jose,
CA 95112
USA
tel (408)
938 6700
fax (408)
938 6701
Europe:
F-Secure Corporation
Mikko
Hypponen, Manager, Anti-Virus Research
PL 24
FIN-02231
Espoo
Finland
tel +358 9 2520 5513
fax +358 9 2520 5014
gsm +358
400 648180
