Join AllAdvantage.com         
Banner 10000056

Want to earn money? Earn $12.5 for just referring ONE person!
Click HERE to start earning money!



[Index] [Friendship] [Information Please] [Letter] [Tommy's Essay] [Don't Quit] [Troubles]

[The Fence] [The Wallet] [Creation of Woman] [Friendship A to Z] [CIH Information] [Relationship]


Do You Have CIH Virus??

 Join AllAdvantage.com

�H�U��r�OCIH�f�r�@�̳��ջ��b�h�~�P�x�W�dzN����BBS�o�����A���� �ް_�\�h�_��(�s�ڳ��O�ݨ즹�g�~���D�ڤ]���FCIH,�٦n�S�o�@)�C �{�b����p�U...

The following was presented on the Taiwanese Academic BBS by the author of the CIH virus:

�w�w�w�w�w�w�w�w �����r �w�w�w�w�w�w�w
--------------- quoted text ------------

�۫H���֤H�ܷQ���... ~~~>_<~~

I trust that many people would like to kill me for this... ~~~>_<~~

�ڲ{�b�����򳣨S��, ��b�ܩ�p...

No matter what I say now, it's not going to help, I'm really sorry...

�藍�_...

sorry...

�����ǨƱ��n��N�@�U, �]�����ǥu�|���۵��R�F�H�s�i�����r���q�S��N�M��, �ܮe���y����j���a�`...

But there are some things that must be clearified. Because those antivirus companies who know nothing but to advertise their companys with glamorous lies didn't state the facts completely, further major damages can easily be done...

����H�u���z, �������f�r�J�I, ���O����...

All the talks about artificial intelligence, protection from future viruses, they are all bullsht...

���r���q���s�i... �ڥ��N�O�F�H��... �o�����ƥ�, �N�i�H�ݱo�X��...

From this incident, it is evident that the company's ads are all to fool people...

�i�ثe�������j

[current versions]

�����W�� v1.2 v1.3 v1.4

Out there, there are v1.2, v1.3, v1.4

�ܩ� v1.0 v1.1 �h�S�y�쥫���W...

as for v1.0 and v1.1, they didn't get out...

�i�U�����S�ʡj

[Characteristics of each version]

v1.0 : �P�V��, �ɮ��ܤj, �S�}�a�O.
v1.1 : �P�V��, �ɮפ��|�ܤj, �S�}�a�O.
v1.2 : �P�V��, �ɮפ��|�ܤj, ��}�a�O.
v1.3 : �P�V��, �ɮפ��|�ܤj, ��}�a�O. �P�ɤ��P�V�����۸���.
v1.4 : �P�V��, �ɮפ��|�ܤj, ��}�a�O. �C�� 26 ��o�@, ��Ҧ��۸��ɳ����P�V.

�ثe������, �Y�Ϧb NT ���ҤU�],�]���|�o�Ϳ��~, ���b NT �U���h�f�r���Ҧ��@��...

v1.0 : After being infected, file becomes larger, not prone to cause damage.
v1.1 : After being infected, file doesn't become bigger, not prone to cause damage.
v1.2 : After being infected, file doesn't become bigger, can (will) cause damage.
v1.3 : After being infected, file doesn't become bigger, can (will) cause damage, but at the same time won't infect some of the self extracting file.
v1.4 : After being infected, file doesn't become bigger, can (will) cause damage, active on the 26th of each month, and does not infect ANY self extracting files.

There won't be any errors when any of the current versions are run under NT environment, but the virus loses all its effects anyway...

�i�o�@�ɶ��j

[Active Time]

(1) �p�G�����O v1.2 �� v1.3 ������, �C�~�� 4/26 �|�o�@...
(2) ���p�G�����O v1.4 ��, �h�C�Ӥ몺 26 ��|�o�@...

(1) If you are infected by v1.2 or v1.3, it is active on April 26 every YEAR.
(2) If you are infected by v1.4, then it is active on the 26th of every MONTH.

�i�b Windows 95/98 �o�@���ˤl�j

[What it looks like when active in Windows 95/98]

(1) �w�Шg�b... �Ҧ��w�и�Ƥ���... �������s fdisk...

(1) Hard disk keeps searching like crazy... all information from the hard disk dissapears... have to run fdisk again...

(2) �����t�P�u�� 5V �Y�i reflash �� BIOS EEPROM(�p : SST), �h�|�Q�M��...
�y���L�k�}��... �u���e�h���שάO�� IC �N�������s���ƿN�^�h...
�Q���ϥγn��q���s�N��, �N�|�o�{ reflash �{���~�P EEPROM ����,
�ɭP�L�k�N�J...

(2) BIOS EEPROM (i.e. SST) of some brands of hard disk that only need 5V to reflash will be all cleaned out... Resulting you not able to turn on your computer (cannot bootup)... ONLY way is to send it for repair OR use IC burner... but when attempting to burn from software, reflash will incorrectly determine EEPROM type, causing burning procedure to fail...

�ܩ�ݭn�� jumper �~�i�H reflash �� 12V BIOS EEPROM, �h�L�k�}�a(��ڤW, �ڤ]�S�չL...)

As for those 12V BIOS EEPROM that can only be reflash by adjusting the jumper... they can't be damaged. (well.. actually I haven't tested that before...)

�ܩ�u����~�� BIOS ��ƶ� !? ��ۮe��, �ڤ��ܲM��...
���ڸչL��إD���O, �޹ťH�ηL�P... �o�@��, �T��i�H...

And can BIOS information really be erased!? I'm not too sure...
But I've tried it on two brands of boards, Gigabyte and MSI, BIOS info can really be erased when the virus is active...

���ǥH�e��ۥ@�ɤW�ڥ��S�� BIOS �f�r���H, �{�b�j�������\�n...
���M�o���f�r�S�g�J�f�r�X�b BIOS �̭�, �ӥu�O��J�U����ƨ� BIOS,
�N���H�ҩ�, ���� BIOS �i��|�Q�f�r�M����{��, �ƦܳQ�f�r�P�V...

Those who believe that virus that affect BIOS cannot exist probably don't know what to say now...
Eventhough this virus doesn't write any virus program into the BIOS, rather just fill in some junk into the BIOS,
But this is enough evidence that there is a chance that parts of the BIOS can be erased by virus, or even be infected by virus...

�o�j���]�O���@�ɲĤ@����}�a reflash BIOS ���f�r...

This is also probably the first virus that can damage reflash BIOS in history...

�i�p��o�{�ۤv�w�g���r�j

[How to find out whether you are infected]

�@��ӻ�(�o�Ǥ�k�ä��@�w����Ҧ����r���ɮ�, �i��ּƧ䤣��), �� UltraEdit �}�� C:\Windows\Notepad.exe, �M��d�� CIH v1. ���r��... �Y�o�{���r��, �N�N���t�Τ��ФF...

Generally speaking (these methods may not necessarily find all the infected files, some may not be found), use UltraEdit to open C:\Windows\Notepad.exe,
then search for the string "CIH v1." ... if this string is found, then you are infected...

>���ɨt�Τw�g�æ��f�r...
�d�U���n�ӵ� Virus ������k, ���è�@��,
�A�����j�M�Ҧ�������, �ˬd���L�o�� mark,
���u�|�X�j�f��... ���A�j�M����, ���ӨS�����ɮ�, �]�������F...

At this time, your system has already be infected by the virus...
now DO NOT idiotically search through the rest of the executable files to see if this string exists in any of them.   That will only make things worse... by the time you are done searching through all of them, those that weren't infected will be now...

�ܩ� Notepad.exe �S���o�Ӧr��, �h�N���t�ΨS���r...
�o�ɤ~�i�H��ߪ��γn��j�M���Ҧ�������, �ݬݭ��X�ӷs��^�Ӫ��ɮצ��r...

And if the string is not found in Notepad.exe, then the system is not infected...
THEN you can go ahead and search through the rest of the executables to see if the files you downloaded were infected or not...

���ثe��n����k, �i�H�� Virus �����s�X�Ӫ����r/�Ѭr�{��...

Actually the best method right now is to go find the newest virus detection/fix program

�i�p�󰻬r/�Ѭr�j

[How to detect/fix]

�b�U�j BBS ���� Virus ��, �N�|���䪺��...
�U�������Ѭr, ���G���s�b�Y�ǰ��D...

Fix can be found on Virus section of most large BBSs...
But there seems to be some sort of prblem with each of those fixes out there...

�H SSCAN �ӻ�, �@�̦��G�S�� SECTION TABLE, �H�ίf�r�P�V���� mark �٭�, �o�N�|�y�� teleport, �۸���, ���n��b�i��ۧ��ˬd�O�_���Q�ק��, �|�o�{�Q�ק�, �ɭP�L�k���Q����...

For SSCAN, the author didn't seem to undo the mark marked by the virus and SECTION TABLE, this will cause an error when running self testing on softwares like teleport, self extracting files, etc. because it's been modified.

�j���o�ˤl... ��L���Ѭr... �S�H�ߥ�... :(

That's about it... not much confident in using the rest of the fixes... :(

���F v1.4 �����H, �d�U�O���C�Ӥ몺 26 ��|�o�@...

Remember, those who are infected by v1.4, the virus is active on EVERY 26th day of the month...

�ɧ֮��Ѭr�{���Ѭr...

Try and find a fix to fix the virus as soon as possible...

�j�P�u�ǰ| CIH 6/6
TTIT CIH 6/6


 You can get "Kill-CIH" here or here.


[Index] [Friendship] [Information Please] [Letter] [Tommy's Essay] [Don't Quit] [Troubles]

[The Fence] [The Wallet] [Creation of Woman] [Friendship A to Z] [CIH Information] [Relationship]

         GoHome

Join AllAdvantage.com

You are the person to stumble in here.

  Disclaimer:  The Chinese part was fwd to me by email, all I did was translate it to english.  So please do NOT email me with any questions about this article, unless there was a mistake in my translation. Thanks! *^_^*