A few more of these destructive PESTS


A few more of these destructive PESTS

Chernobyl- The Virus King Of 1999

A lot of attention has been called to the CIH virus, also known as Chernobyl. At first glance, it looks like a typical Win 95 EXE infector, in that it stays in memory and can infect other EXE files when you open them. But, it has a nasty payload. For one particular variant, on the 26th of every month, it activates and overwrites data on your hard disk so severely that restoring from a full backup is recommended. (this is why I suggest making backups in the first place!) Furthermore, if your motherboard has the Intel 430TX chipset and your, CIH will erase your Flash BIOS, which basically makes your machine unbootable.

Win CIH is a memory resident virus. So before scanning for it with an antivirus software, ensure that it is currently not in the memory.

If you want some "official" information about the CIH virus from CERT, it can be found here

Lastly, if your system got whacked by CIH when it activated on April 26th, at the very least you will have to reinstall Windows 95/98 and restore from your most recent backup, since it overwrites enough of the hard drive to make it difficult, if not impossible to recover your files.

If you have an Intel 430TX chipset and your BIOS was overwritten, making your system unbootable, you have a few options availible to you:

1.Swap out the motherboard of your system for an identical one. This would be fairly easy to do, assuming an identical motherboard can be found.

2. Try to find a way to reprogram the BIOS chip. This would probally require an decidcated piece of hardware to do it, which isn't likely to be very cheap nor easily found.

3. Swap out the BIOS chip, assuming that it is in a socket and not soldiered to the motherboard. I have no idea where to find just a BIOS chip by itself though.

4. Call the tech support line for your computer and complain. I have the feeling they won't be of much help, but you could get lucky.

Happy99- A Troublesome Worm

First, Happy 99 is not a virus. It is a worm, which is different from a virus in that worms exist as seperate files rather than infecting other files on a system.

Anyway, what happens when you run this program for the first time is that is replaces the file WSOCK32.DLL in your C:\WINDOWS\SYSTEM directory. This DLL file is responsible to connectivity to the Internet. What then happens is whenever you send an e-mail, a copy of Happy99.exe will also be UUencoded and sent to the recipient. Then, the recipient sees this file from you, runs it, and Happy 99 gets installed on their system as well.

The copyright of the article A few more of these destructive PESTS in Internet Security is owned by Mayur Kamat. Permission to republish A few more of these destructive PESTS in print or online must be granted by the author in writing.

Go To Page: 1 2

Articles in this Topic    Discussions in this Topic