Copied and pasted...

CIH (Also known as Win95.CIH, Spacefiller or Chernobyl)
There are 3 known variants of the CIH virus - all have the same payload but each is triggered on a different date/set of dates:
* Win95.CIH.1003 - Triggers on the 26th of April
* Win95.CIH.1010 - Triggers on the 26th of June
* Win95.CIH.1019 - Triggers on the 26th of every month
The CIH virus infects PE files only under Windows 95/98 i.e. it infects Windows 95/98-only executable files of the PE format, usually 32 bit executables with the .exe extension. (i.e. notepad.exe, explorer.exe, winword.exe etc).
The virus shows very few symptoms as it is clever in its ability to infect files without increasing their length. It may also cause system crashes, although since it is relatively bug free, the virus can spread and remain unnoticed for some time.
The virus has a nasty payload, consisting of 2 parts:
1) The virus tries to destroy the flash BIOS ROM by reprogramming it with garbage. This does not always work.
2) The virus overwrites the contents of the hard disk with garbage, working through a number of sectors of each cylinder of the hard disk.
If the virus succeeds in reprogramming the flash BIOS ROM, there is no software remedy for it: your PC will no longer be bootable and the flash BIOS will need to be replaced or reprogrammed in a special EPROM programming device. Where the flash BIOS ROM is permanently attached to the motherboard, the entire motherboard will need replacing. The damage caused to the information on the hard disk is possibly recoverable by using data recovery services, and the success depends on the disk size, format, fragmentation etc.

no, on some computers (like mine) you can have the BIOS reprogramed with a switch.

Heh. I only copied what my scanner told me :)
And besides, 99% of people won't have that switch :)

Spinright isn't the CIH recovery utility, spinrite is actually a disk maintnance utility found at the same site. For the address to the CIH part of the site, click the URL above

I downloaded the virus and have spread it throughout my computer. When I ran Mcafee Scan, it detected 600 infected files with the WIN95.CIH, luckily I was able to clean 550 of them.

I still have 50 files left, and everytime I try to clean them I can't, I can't even delete them, because they are currently in use by windows at the time. Even when I end all my tasks...What should I do?

Are there any does virus scan programs I can run...even so everytime I run dos it gets stuck after it initiazes the mouse right before the prompt..please help!


Frustrated - Steve

Steve- "If someone is more successful than you are, they must be doing something you are not..."

I too got the virus.
I do not blame the Author.
I have gotten this virus several times because I rarely run a real-time virus scanner such as Norton AntiVirus 2000.
It was a hassle to remove the virus, I ended up formatting, but hey that's what you get when you run Windows ;)
I own a TI-83+ and I appreciate the hard work that people put into making software to better other people.
Keep programming man!

You should be able to make a McAfee boot disk that you can start your system with and will scan your system for several passes.

Here is what you need to do: If you still have the virus, the mcafee boot disk you make may not work(unless you made it before you got the virus.) I would go to a friend's computer and install virusscan and make a boot disk from there. Then write-protect the diskette and use that to disinfect. If that doesn't work or mcaffee won't remove the virus, download f-prot from ftp.complex.is(f-prot is a good freeware virus scanner). Then download nomacro.def from that site. Delete the macro.def file and all of the documention files (read the documention first though), and rename nomacro.def to macro.def and put it in with f-prot (macro.def is only for removing msword viruses and nomacro.def is much much smaller). This will make f-prot small enough to fit on a diskette. Then make a boot disk(format a disk with the 'copy system files' checked). Then you can boot your computer with the boot disk, then switch to the f-prot disk and run f-prot with no danger of the virus coming into the program. Remeber, EVERY step of creating these diskettes(even downloading f-prot) must be done on a totally clean computer! Otherwise the virus could interfere and infect the virus scanner.

Why don't you use Norton Antivirus instead?