Fravia's Messageboard ~ Moderated
Re: BE VERY CAREFUL
Wednesday, 10-Mar-99 04:00:20
I know a lot about CIH virus. I found it about 4 months ago on a friend computer.
There are three versions, this was 1.2.
It infects any file that is opened. Version 1.2 attacks on (I'm not totaly sure) 26-Apr, it overwrites first 10MB of HDD and tries to overwrite flash BIOS by random stuff(?). Writing to flash BIOS is not always succesful because of incompatibility between motherboards.
Version 1.1 attacks on 26-Aug
Version 1.4 attacks on 26 of any (random) month
(please check it)
Currently I a lot of antiviruses can detect CIH
for example:
AVG5.24 (not as VXD)
AVAST (don't know version) including resident support
Search the Net for CIH and you will get a lot of results.
Virus uses space between sections in PE file to store self without increasing file size.
Infected files could be detected in textviewer of filemanagers like NC. You can search for CIH text or look for PE sign, if you see U letter before it (UPE) it's probably infected.
JT