[WinMac] Virii on Windows

Marc Bizer(mlbizer[at]mail.utexas.edu)
Thu, 23 Jul 1998 22:10:56 +0200

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: by way of Marc Bizer: "[WinMac] Using a Mac Zip scsi with a PCMCIA adapter questions?"
• Previous message: Ed Humes: "Re: [WinMac] Outlook Win-Mac Conversions"
• Next in thread: Jared & Jamie Hay: "Re: [WinMac] Virii on Windows"

        I just received the following message from the Univ. of Texas
administration. Frankly, it makes me glad to use a Mac. But I wonder at the
maliciousness of those who would conceive of such a virus.

        --Marc

This June, a new virus called "Win32/CIH" or "PE_CIH" first
 appeared, and it has now been discovered on campus machines. The
 virus infects Windows 95 and Windows 98 executable files (PE
 format), but NOT Windows NT or any Macintosh computer.

 Win32/CIH viruses can split up the body of the virus code and place
 it within unused parts of the infected file. The viruses contain
 highly destructive code, which triggers on the 26th of any month.
 On the 26th (this Sunday is 26 July), the virus code attempts to
 overwrite the flash-BIOS in infected machines. If the flash-BIOS is
 write-enabled, and most modern computers have a writable flash-BIOS,
 the overwriting renders the machine UNUSABLE because it will no
 longer boot. Any hardware damage caused by the virus is not covered
 under manufacturer's warranties. At the same time, the disk
 partition information is destroyed.

    The Win 32/CIH virus was triggered in a test using a Windows
    95 system. After the computer's date rolled over to 26 July, all
    disk partitioning information was lost, leaving the system
    unbootable and the data unrecoverable. No known tools are
    available to help save lost work, but analysts are searching.

 This virus has been discovered on computers in several campus labs,
 including the Windows 95 systems in the Student Microcomputer
 Facility. If you have used a diskette on one of these systems and
 then used it elsewhere, you may have spread the virus. Of course, it
 is always possible that you picked up the virus elsewhere. Testing
 your system may be prudent.

 What Can You Do?

 NOTE: If you do not have time to disinfect your machine before
 Sunday, 26 July, you should shut your system down on the 25th and
 not use it again until the 27th. This virus can be a very
 devastating and ALL precautions should be taken to avoid it. Do NOT
 turn on an untested machine any time during the 26th.

 DETECTION --

 To detect the virus, you should immediately run a virus detection
 program that scans for the CIH virus. If your detection software
 will not run BECAUSE of the virus (and we have found a case of that
 for the Dr. Solomon's software), you must boot your system with a
 clean boot disk containing the disinfecting software.

* Windows-MacOS Cooperation List *
* FAQ: <http://www.darryl.com/winmacfaq/> *
* Archives: <http://www.darryl.com/winmac/> *
* Subscribe: <mailto:winmac-on@xerxes.frit.utexas.edu> *
* Subscribe Digest: <mailto:winmac-digest@xerxes.frit.utexas.edu> *
* Unsubscribe: <mailto:winmac-off@xerxes.frit.utexas.edu> *

• Next message: by way of Marc Bizer: "[WinMac] Using a Mac Zip scsi with a PCMCIA adapter questions?"
• Previous message: Ed Humes: "Re: [WinMac] Outlook Win-Mac Conversions"
• Next in thread: Jared & Jamie Hay: "Re: [WinMac] Virii on Windows"

This archive was generated by hypermail 2.0b2 on Thu Jul 23 1998 - 13:14:23 PDT