Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » Win95.CIH

Overview

Threat Risk MEDIUM MEDIUM
Destructivity HIGH HIGH
Payload
Detection files published
Description created 19 Apr 1999 03:00:00
Description updated 08 Nov 2001 02:37:00
Malware type VIRUS
Alias Chernobyl
Spreading mechanism FILE_INFECTION
Summary None

Win95.CIH

Spreading

n/a

Payload Details

Indication of infection As long as the computer has only been infected, but before the destructive part of the virus has run, most programs will behave as usual. However, due to a bug in the virus, some infected applications will halt the computer when they are launched.

It he destructive routine has run, it will be impossible to start the computer at all. If Flash-BIOS has been overwritten, it will even be impossible to restart the computer from a boot diskette. It may be impossible for the virus to overwrite Flash-BIOS on some computers (because it may be write protected or incompatible with the way CIH writes to the BIOS). If so, the computer may be booted from a diskette. The hard disk however will most likely be overwritten by garbage and all data lost.

Description This virus is directed towards Windows95 and Windows98 operating systems. Infected files may be stored on WindowsNT, but the NT operating system itself cannot be harmed by this virus.

Analysis

n/a

Removal

n/a


Last Updated: 12 Nov 2015 11:06:15