PE_CIH.1003



			Overview					Technical Details

QUICK LINKS Solution

Virus type: File Infector

Destructive: Yes

Aliases: CIH, Chernobyl, Win95.CIH, Win32.CIH, W95.CIH V1.2, W95.CIH V1.3, W95.CIH V1.4

Pattern file needed: 593

Scan engine needed: 2.062

Overall risk rating:		Low

Reported infections:		Low

Damage Potential:		High

Distribution Potential:		Low

Description:

This destructive file infector inserts itself into the free space at the end of a PE file and in between the file as well. The change in file size is not noticeable. Once the virus is triggered, it overwrites the hard drive and destroys FLASH BIOS. The virus has three variants and each is triggered on a separate date. CIH V1.2 is triggered on April 26, CIH v1.3 is triggered on June 26 and CIH v1.4 is triggered when the current system date is 26. A system infected with PE_CIH v1.2, a message is displayed upon reboot. This virus only infects Windows 95/98 systems and does not affect Windows NT/2000 systems.

Solution:

Even though data recovery is possible after this virus unleashes its payload, many users will find it difficult to do so. Therefore Trend Micro encourages all users to clean all files detected as PE_CIH with an Emergency Rescue Disk (ERD).

Trend Micro offers best-of-breed antivirus and content-security solutions for your corporate network or home PC.

For additional information about this threat, see Technical Details.

PE_CIH.1003

549	Articles
3 500	Commentaires

2022	1
2021	4
2010	2
2009	1
2008	2
...

Personnel	106
Humour	97
Infos diverses	74
Paroles/Lyrics	46
Histoires	18
...