Alias:Chernobyl, PE_CIH, Win95.CIH, Win32.CIH, W95/CIH.1003, CIH.Spacefiller
Type:Worm 
Size:up to 1 KB 
Origin: 
Date:00-00-0000 
Damage:Deletes files and provokes posible damage to CMOS  
VDF Version:  
Danger:High 
Distribution:Medium 

Technical Details
W95/CIH.A is a 32-bit Window95/98/ME virus which infects executable files. It works on Windows 95/98 or ME, but not on Windows NT or 2000. Among others, the virus also infects antivirus programs. The virus does not function on DOS, Windows 3.1 or Macintosh computers.
When the virus becomes memory resident, it also infects other files which it has access to. The infected files have the same size as the original ones.

The payload of W95/CIH.A starts on August, the 2nd.: the first routine overwrites the harddisk with arbitrary data. The overwriting does not stop until the system is destroyed. The second routine attacks Flash BIOS and tries to destroy the data saved there.
Description insérée par Crony Walker le mardi 15 juin 2004

Retour . . . .