Was sitting on my desk abt 8.15a.m, still warming up before work, when I received a call from the engrg department,, 2 computer down, can't boot ,SOS cries. It really sounds familiar, 2 computers down at the same time. The symtoms were, cant' boot up, Windows files wipe out. Then the engrg guy shook me, up, what's " April 26" ???

Replaced the drive of one computer(hopeless one, BIOs cant' see it), while the other was still able to be recognised , so down to fdisk and reformat for the second one.

Really tied up and worn out by this darn CIH virus. Remembered, I actually did encountered this menace a year ago, actually sent 2 computers to the computer repair shop. But I guess, I never learned from history, that's my mistake and ignorance, what a painful way to loose your data , is what means the most, it doesn't matters which brand your motherboard, Processor, or even if it's a mainframe computer. And what consequences it will impact on us, when the responsibility is place on us, the people who support them ? I cannot imagine, might be a 'Dent' in our track record. Really can't take it easy. Luckily the database were stored elsewhere, managed to get away with it.

For those of you, remember "April 26", means 'Judgement Day' for computers windows files. And tribute to CIH programmer, who really make my 'Day'. Such talent in the other 'Way'. Guess it's 'Good' and 'Evil' do stand hand in hand. The creator and the destroyer. That's what make the world, I guess.

Just had a girl come into my shop today... didn't realize what it was when the board was dead... threw in a used board (Old P166MMX) and tried to boot... hard drive erased, then it hit me what day it was.

what are the effects of this virus!

Edrod13

This is the basic info: http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=PE_CIH&VSect=T

There are a few variants:
http://www.antivirus.com/vinfo/virusencyclo/default2.asp?m=q&virus=CIH&alt=CIH

Wow!, I never knew the damage could be so severe.

Edrod13

Yup, thank god for Norton and Mcaffee etc...

sometimes....you just have to appreciate the big companies...sometimes ;)

Hey... keep in mind, the drive can be recovered. There is a utility at www.grc.com to repair the damage done to the drive. Keep in mind though, you repair the drive, you also repair the virus, so a thorough scan is a must afterwards.

With four-failed hard-disks pilling up on the table like toy LEGO, seems worth the try- HAL9000 suggested FIX-CIH utility. The other antivirus CleanCIH.exe, was not much use, as the BIOS can't even see the C:\ drive.

While downloading the FIX-CIH utility, uncertaintly hung in the thin air.But quickly dissipated, as HAL9000 reputation was highly rated .Scanned the utility with Inoculate IT 4.5x for NT Server, just to make sure, I got that covered.

Pulled out a TX PRO-II Mobo(I know,....notoriously ), on with power supply, PC100-SD 32MB RAM,Pentium 233 MHZ CPU+Fan, connected the VGA cable and pluged in the CIH infested Western Digital 2.6 HD.
Pushed in Win95 boot disk and fired up the system .Went into the a: drive, and entered the command "FIX-CIH".An amazing well written 'dos shell'program propped up, really suave and polished.
Just followed through the instructions, as the amazing utility not only perform the recovery, it has some 'beeps' and 'hones'and progress bar ! Took abt 15 minutes , on the next reboot, not only it was able to see C drive, the lost Win95 operating system came back to life !!!

Remembered I had to kill the CIH viruses next ,which is still on the loose in the harddisk.(the utility says it only reconstruct the files to the stage when it was not activated yet)

Downloaded a CIH antivirus (http://www.pspl.com/download/cleancih.htm ).Reboot in MSDOS mode, ran in a: drive : CleanCIH.EXE C:\
While scanning, the files were displayed in blue on the left, and on the right were in Red, showing the message, " WIN95.CIH virus found, Win95.CIH found...... !!!.After 10 minutes,the results were:" Total files scanned 429, Total files infected 148 ".Though this utility could not match the likes of FIX-CIH, but it did the job, I hope.

Recovery mission success !!! TRIBUTE TO HAL9000 !!!

Exactly what is meant by variant of a virus. I was going to make a post in this section on the new variant of the CIH that I saw on the symantec web site and I saw that a post on CIH had already been started. Is a variant of a virus when someone copies the code of an existing virus and tweaks the code so that AV software wont pick up on it?

They may make subtle changes to the original code. The original CIH was designed to trigger on April 26th, variants were created that would trigger on the 26th of any given month.

Look at this (http://securityresponse.symantec.com/avcenter/venc/data/w95.cih.1049.html) variant. It says it triggers august 2nd.

Everyone has their reasons for a trigger date.