Do You Have CIH Virus?? |
�H�U��r�OCIH�f�r�@�̳��ջ��b�h�~�P�x�W�dzN����BBS�o�����A���� �ް_�\�h�_��(�s�ڳ��O�ݨ즹�g�~���D�ڤ]���FCIH,�٦n�S�o�@)�C �{�b����p�U...
The following was presented on the Taiwanese Academic BBS by the author of the CIH virus:
�w�w�w�w�w�w�w�w �����r �w�w�w�w�w�w�w |
--------------- quoted text ------------ |
�۫H���֤H�ܷQ���... ~~~>_<~~ I trust that many people would like to kill me for this... ~~~>_<~~ �ڲ{�b�����S��, ��b�ܩ�p... No matter what I say now, it's not going to help, I'm really sorry... �藍�_... sorry... �����ǨƱ��n��N�@�U, �]�����ǥu�|���۵��R�F�H�s�i�����r���q�S��N�M��, �ܮe���y����j���a�`... But there are some things that must be clearified. Because those antivirus companies who know nothing but to advertise their companys with glamorous lies didn't state the facts completely, further major damages can easily be done... ����H�u���z, �������f�r�J�I, ���O����... All the talks about artificial intelligence, protection from future viruses, they are all bullsht... ���r���q���s�i... �ڥ��N�O�F�H��... �o�����ƥ�, �N�i�H�ݱo�X��... From this incident, it is evident that the company's ads are all to fool people... �i�ثe�������j [current versions] �����W�� v1.2 v1.3 v1.4 Out there, there are v1.2, v1.3, v1.4 �ܩ� v1.0 v1.1 �h�S�y�쥫���W... as for v1.0 and v1.1, they didn't get out... �i�U�����S�ʡj [Characteristics of each version]
v1.0 : �P�V��, �ɮ��ܤj, �S�}�a�O. �ثe������, �Y�Ϧb NT ���ҤU�],�]���|�o�Ϳ��~, ���b NT �U���h�f�r���Ҧ��@��... v1.0 : After being infected, file becomes larger, not prone to cause damage. There won't be any errors when any of the current versions are run under NT environment, but the virus loses all its effects anyway... �i�o�@�ɶ��j [Active Time]
(1) �p�G�����O v1.2 �� v1.3 ������, �C�~�� 4/26 �|�o�@... (1) If you are infected by v1.2 or v1.3, it is active on April 26 every YEAR. �i�b Windows 95/98 �o�@���ˤl�j [What it looks like when active in Windows 95/98] (1) �w�Шg�b... �Ҧ��w�и�Ƥ���... �������s fdisk... (1) Hard disk keeps searching like crazy... all information from the hard disk dissapears... have to run fdisk again...
(2) �����t�P�u�� 5V �Y�i reflash �� BIOS EEPROM(�p : SST), �h�|�Q�M��... (2) BIOS EEPROM (i.e. SST) of some brands of hard disk that only need 5V to reflash will be all cleaned out... Resulting you not able to turn on your computer (cannot bootup)... ONLY way is to send it for repair OR use IC burner... but when attempting to burn from software, reflash will incorrectly determine EEPROM type, causing burning procedure to fail... �ܩ�ݭn�� jumper �~�i�H reflash �� 12V BIOS EEPROM, �h�L�k�}�a(��ڤW, �ڤ]�S�չL...) As for those 12V BIOS EEPROM that can only be reflash by adjusting the jumper... they can't be damaged. (well.. actually I haven't tested that before...) �ܩ�u����~�� BIOS ��ƶ� !? ��ۮe��, �ڤ��ܲM��... And can BIOS information really be erased!? I'm not too sure... ���ǥH�e��ۥ@�ɤW�ڥ��S�� BIOS �f�r���H, �{�b�j�������\�n... Those who believe that virus that affect BIOS cannot exist probably don't know what to say now... �o�j���]�O���@�ɲĤ@����}�a reflash BIOS ���f�r... This is also probably the first virus that can damage reflash BIOS in history... �i�p��o�{�ۤv�w�g���r�j [How to find out whether you are infected] �@��ӻ�(�o�Ǥ�k�ä��@�w����Ҧ����r���ɮ�, �i��ּƧ䤣��), �� UltraEdit �}�� C:\Windows\Notepad.exe, �M��d�� CIH v1. ���r��... �Y�o�{���r��, �N�N���t�Τ��ФF... Generally speaking (these methods may not necessarily find all the infected files, some may not be found),
use UltraEdit to open C:\Windows\Notepad.exe, >���ɨt�Τw�g�æ��f�r... At this time, your system has already be infected by the virus... �ܩ� Notepad.exe �S���o�Ӧr��, �h�N���t�ΨS���r... And if the string is not found in Notepad.exe, then the system is not infected... ���ثe��n����k, �i�H�� Virus �����s�X�Ӫ����r/�Ѭr�{��... Actually the best method right now is to go find the newest virus detection/fix program �i�p�r/�Ѭr�j [How to detect/fix] �b�U�j BBS ���� Virus ��, �N�|���䪺��... Fix can be found on Virus section of most large BBSs... �H SSCAN �ӻ�, �@�̦��G�S�� SECTION TABLE, �H�ίf�r�P�V���� mark �٭�, �o�N�|�y�� teleport, �۸���, ���n��b�i��ۧ��ˬd�O�_���Q�ק��, �|�o�{�Q�ק�, �ɭP�L�k���Q����... For SSCAN, the author didn't seem to undo the mark marked by the virus and SECTION TABLE, this will cause an error when running self testing on softwares like teleport, self extracting files, etc. because it's been modified. �j���o�ˤl... ��L���Ѭr... �S�H�ߥ�... :( That's about it... not much confident in using the rest of the fixes... :( ���F v1.4 �����H, �d�U�O���C�Ӥ몺 26 ��|�o�@... Remember, those who are infected by v1.4, the virus is active on EVERY 26th day of the month... �ɧ֮��Ѭr�{���Ѭr... Try and find a fix to fix the virus as soon as possible... |
�j�P�u�ǰ| CIH 6/6 |
TTIT CIH 6/6 |
Disclaimer: The Chinese part was fwd to me by email, all I did was translate it to english. So please do NOT email me with any questions about this article, unless there was a mistake in my translation. Thanks! *^_^*