This destructive file infector inserts itself into the free space at the end of a PE file and in between the file as well. The change in file size is not noticeable. Once the virus is triggered, it overwrites the hard drive and destroys FLASH BIOS. The virus has three variants and each is triggered on a separate date. CIH V1.2 is triggered on April 26, CIH v1.3 is triggered on June 26 and CIH v1.4 is triggered when the current system date is 26. A system infected with PE_CIH v1.2, a message is displayed upon reboot. This virus only infects Windows 95/98 systems and does not affect Windows NT/2000 systems.
Even though data recovery is possible after this virus unleashes its payload, many users will find it difficult to do so. Therefore Trend Micro encourages all users to clean all files detected as PE_CIH with an Emergency Rescue Disk (ERD).