ticalc.org
Basics Archives Community Services Programming
Hardware Help About Search Your Account
   Home :: Archives :: News :: Win95.CIH Spotted In 83PlusAsm v1.01

Win95.CIH Spotted In 83PlusAsm v1.01
Posted by Nick on 23 March 2000, 23:37 GMT

Well.. this is a piece of sour news. From bombing the chem test to getting waitlisted at Washington University to this. Last night, a file was added that contained the Win95.CIH virus. THIS FILE WILL CAUSE YOUR SYSTEM TO CEASE FUNCTIONING ON THE 26TH OF ANY MONTH! For those of you who can't tell the emboldened red text apart from everything else, this is a very bad thing. The program was called 83PlusAsm v1.01; it had 255 downloads before we removed it from our archives. If you downloaded this file, do a virus scan of your machine IMMEDIATELY or head to this page to get an online scan of your system. If you have any problems with disinfecting your system, head over to this page or email me.

DO THIS PROMPTLY - Win95.CIH WILL RENDER YOUR MACHINE INOPERABLE AFTER MARCH 26TH!

We apologize for any problems this may cause anyone. Any other TI sites - scan your systems if you added this file. Once again, if you have ANY problems with getting this virus off your computer, email me and I'll try to make my response as prompt as possible.

Update (Nick): An esteemed colleague, David Hall, has informed me of a free virus scanner with free updates. You can find a copy of it here.

Update (Nick): Another kind-hearted person, Matt, has given me the linkage to a disk recovery tool called SpinRite. This can even be used after the virus goes off. I don't know how much it can help people, but it's there. (Updated with correct link)

 


The comments below are written by ticalc.org visitors. Their views are not necessarily those of ticalc.org, and ticalc.org takes no responsibility for their content.


Re: Win95.CIH Spotted In 83PlusAsm v1.01
Hieu-Trung Le  Account Info
(Web Page)

Man who the hell is the author of that file? probably trying to trick us and make us have the virus... =(

     23 March 2000, 23:50 GMT

Re: Re: Win95.CIH Spotted In 83PlusAsm v1.01
emx
(Web Page)

I TOLD YOU ALL!! read my comment in the "Virtual TI 5.0 released" article. i made it clear to everyone and noone replied.. u guys thought i was lying! try to clean it up!

emx

     24 March 2000, 01:14 GMT


Re: Re: Re: Win95.CIH Spotted In 83PlusAsm v1.01
emx
(Web Page)

my bad, i sound mad @ everyone. im not. im just upset cuz some guy decdided to do this. im just so lucky my mcafee picked this one up immediatly after i downloaded it.
i ain't mad at yall!

emx

     24 March 2000, 02:04 GMT


Re: Re: Re: Re: Win95.CIH Spotted In 83PlusAsm v1.01
Etec  Account Info
(Web Page)

Yea, Network Associates rules (they make McAfee). I feel sorry for those people who don't have a realtime virus scanner. Anyway, I think someone did this as a hate crime to the TI-83 Plus community. Anyone is a suspect. Oh well. I suggest everyone with Windows get McAfee Office 2000 and anyone with a Mac gets Virx.

     25 March 2000, 23:34 GMT


Re: Re: Re: Re: Re: Win95.CIH Spotted In 83PlusAsm v1.01
Jake B
(Web Page)

I think it was the CIA myself...

~Jake B

     26 March 2000, 19:46 GMT

Re: Re: Win95.CIH Spotted In 83PlusAsm v1.01
Jeff Chai  Account Info

To every one who spotted a virus in Objhex,
I didn't intentionally put a virus in Objhex. Everyone thinks I tried to trick you, but I really didn't. If you look in the help file, you can see that I put hours and hours of effort in to try to help people. This is the most unfortunenet of incidences. I... I... I'm sorry if the program caused anybody's computer to become infected. I guess I'll take my account off ticalc so I can't do anymore damage...

regretably,
Jeff



     24 March 2000, 13:03 GMT


Don't take this the wrong way...
Nick Lewis  Account Info

Please, I don't want to sound like I am accusing anyone, because I am not. I would just like to know how a virus accidently got into Objhex. My machine (a school computer, actually) caught it when I opened the zip file, so no damage was done. Maybe you should check your machine to see if the CIH virus is on it. I think maybe ticalc.org should scan all uploaded files for viruses before they post them. I know this would be a lot of work, so it's just a suggestion.

Nick

     24 March 2000, 13:38 GMT

Re: Don't take this the wrong way...
Magnus Hagander  Account Info
(Web Page)

See note below - we normally do this.

     24 March 2000, 17:44 GMT

Re: Don't take this the wrong way...
Jeff Chai  Account Info

No, the virus is not in the original file. Here is the source in C for the ObjHex program:

// This program converts an object file into a hexdecimal file
// Include header files
#include <stdlib.h>
#include <stdio.h>
#include <malloc.h>
// Main program starts here
int main( int argc, char **argv )

{
FILE *obj_in; // Declare a file pointer
unsigned char byte_in; // A byte buffer
static char hex[] = {"0123456789ABCDEF"}; // ASCII code
int hi, lo, i; // high, low nibbles and index


// Open the object file using name in argv[]

if( (obj_in = fopen(argv[1],"rb" )) == NULL )
{
// NULL returned, file does not exist.
fprintf( stderr, "Couldn't open %s\n",argv[1] );
return 1;
}


i = 1;
while( !feof(obj_in) ) // While Not End-of-file, loop
{

// Get one unsigned character from file

byte_in = fgetc( obj_in);
if (!feof(obj_in)) // not an EOF character
{
// Shift right 4 bits to get the high nibble
hi = byte_in /16;
// Mask off high nibble to get the low nibble
lo = byte_in & 0xF;
// Put the corresponding Hexdec charecter out
fputc( hex[hi], stdout );
// Put the corresponding Hexdec charecter out
fputc( hex[lo], stdout );
if (i > 5) // Put a new line character every 6 bytes
{
i = 0;
fputc ('\n',stdout);
}
++i;
} // End if
} // End of loop

// DONE, close file

fclose(obj_in);

return 0; // Return 0 to indicate a normal return
} // End of program

I am not taking this the wrong way. I didn't intentionally upload a virus. Now that my reputation has been ruined, I am also facing problems with people who want to "get even" even though I didn't put a virus in. I just wanted to share a piece of quality work to help people. I guess I won't be doing that anytime this century...

Jeff

     24 March 2000, 22:11 GMT

Re: Re: Don't take this the wrong way...
Etec  Account Info
(Web Page)

Don't worry I'm sure at least most if not all here will forgive you. And if your worried about reputation, just come up with a new Account when you want to upload something.

     25 March 2000, 23:37 GMT


Re: Re: Don't take this the wrong way...
Etec  Account Info
(Web Page)

Don't worry I'm sure at least most if not all here will forgive you. And if your worried about reputation, just come up with a new Account when you want to upload something.

P.S. I take back calling this a Hate Crime, If you can't find the virus on your computer, possibly you might want to consider the fact that one of the machines that your file was relayed and sent through had the virus.

     25 March 2000, 23:39 GMT

Re: Don't take this the wrong way...
Skiddy
(Web Page)

Here Here

     25 March 2000, 08:35 GMT


Re: Don't take this the wrong way...
Andy Lundell Account Info
(Web Page)

"...I would just like to know how a virus accidently got into Objhex..."

Do you have any idea of what a computer virus is? It's the definition of a virus to infect files and/or disks without the user's knowledge.

Also do we know for a fact that the file is infected? Virus scanners often will give false positives.

-Andy "Don't have an 83 so I do'nt care." L.

     25 March 2000, 21:03 GMT


Re: Re: Don't take this the wrong way...
Etec  Account Info
(Web Page)

Scanners that give false signals must really suck because a good virus scanner checks the whole file before concluding that it is a virus, while some see a heading that looks the same and will say its a virus, even if its a clean microsoft works file. McAfee had a problem with this once, yet it was with one of their own programs. Mcafee Virus Scans DAT files once thought a file of Mcafee First Aid's was a virus. They soon fixed this though, if you got your DATs updated. I suggest that people with McAfee software subscribe to their backweb channel (secure cast) or download the cilent configured for that only. Software updates will be downloaded in the backround as soon as their posted.

     25 March 2000, 23:46 GMT

Re: Re: Win95.CIH Spotted In 83PlusAsm v1.01
Jeff Chai  Account Info

To the entire TI calculator Community,

As you already know, I am the author of the help file and the creator of the ObjHex program. To sum up what I've said in comments throughout this page, I did not put the virus in the file. For those of you out there who believe me, thank you. For those of you who still have doubts, I will try to explain the most logical answer to this problem.

The file, as you know, is uploaded through the site's FTP (File Transfer Protocol). The Win95.cih virus has been known to automatically attach itself to unsuspecting files, according to a McAffee consumer services spokesperson. So while uploading the file, the Win95.cih virus attached itself to my file. Which explains why the virus isn't on my computer. As Nick said, the ticalc server has been without protection (from viruses, etc.) for a while. This isn't their fault. So the virus may have been lingering on the FTP.

If the Win95.cih virus has infected your computer, delete the affected .exe file(s). I will gladly help anyone having trouble removing it. Please e-mail me at ecchai@netzero.net.

This has been a very dissapointing day for me. To see my hard work infected by Win95.cih and then unusable is devastating. For those of you who still trust me and want to learn TI-83 Plus Asm, I will be releasing a newer version of these tutorials that will use Obj83 instead of ObjHex which can be downloaded from Ticalc bug free. There will be an HTML version hopefully posted here soon. I hope Nick is still up to putting it up.

If the Win95.cih virus damages any of your computers, I'm truly sorry it happened. But as you can see, It is not something I could have really prevented. I just don't know why these things happen to me... nor do I know how people could create viruses that could do things like this.

Best wishes to all.

Jeff L. Chai

     25 March 2000, 04:37 GMT

Re: Re: Re: Win95.CIH Spotted In 83PlusAsm v1.01
Hieu-Trung Le  Account Info
(Web Page)

Ok ok... I am sorry I said bad thing about you earlier before. Now i believe that you are innocent. I still hope that you still provide the TI community with more quality files =)

For everyone else, stop accusing him, he is innocent and what happened could have happened to anyone... Just forget this whole mess =)

it is alright Jeff

     25 March 2000, 19:44 GMT


Re: Re: Re: Win95.CIH Spotted In 83PlusAsm v1.01
Nick Disabato  Account Info
(Web Page)

First, we have virus protection. Every time a staff member starts up the file archiving script to administrate the archives, all the files in the pending directory are checked.

My guess as to what happened was that someone sent an attachment to an email to one of the mailing lists or to one of us, and it contained CIH, and the virus spread to the pending files.

This is NOT Jeff's fault. We also had an outdated virus checker file which might not have caught the virus in question.

To reiterate once more, *this is NOT Jeff's fault.*

Also, about the feature, Jeff, I need the HTML form as an email attachment by tomorrow at 12 PM CST. Thanks :)

--BlueCalx

     26 March 2000, 22:06 GMT


Re: Re: Win95.CIH Spotted In 83PlusAsm v1.01
sunnywu1

Hey guys,

Please make sure that your Anti-virus scanner was not infected by that CIH virus at all. It is proved that if Mcfee Antivirus is infected with CIH, it will not even tell you there is a virus in your computer!! Well, I am using Norton Antivirus 2000 now, so even if the main program is infected by CIH, it will still identify the virus and remove it for ya :-)

     29 March 2000, 06:11 GMT

Re: Win95.CIH Spotted In 83PlusAsm v1.01
Native

Whoa-I'm glad I don't have an 83+ =)

     24 March 2000, 00:07 GMT


Re: Re: Win95.CIH Spotted In 83PlusAsm v1.01
net-cat
(Web Page)

And I'm glad my computer is old enough not to have Flash-BIOS!!!!

     24 March 2000, 04:30 GMT


Re: Re: Re: Win95.CIH Spotted In 83PlusAsm v1.01
Etec  Account Info
(Web Page)

Booooo, Flash BIOS rules, except for the fact that companies can break the law and write to your BIOS and make it so you can't use their demos by deleteing all the files.

     25 March 2000, 23:51 GMT

1  2  3  4  5  6  

You can change the number of comments per page in Account Preferences.

  Copyright © 1996-2012, the ticalc.org project. All rights reserved. | Contact Us | Disclaimer