W95.CIH.corrupt


Aliases: Win95.CIH.corrupted, W95/CIH.remnants, W95.CIH.damaged
Variants: Win95/CIH.remnants , TR/FlashKiller.B , Win95.CIH.Rest.Gen

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 28 Jun 1998
Damage: Low

Characteristics: The W95.CIH.corrupt program is a virus that infects 32-bit Windows 95 executable files. This virus modifies or corrupt the software that manages the data flow between system devices and overwrites a part of the BIOS program to keep the computer from starting up when the power is turned on.

More details about W95.CIH.corrupt

W95.CIH.corrupt infects by first looking for empty, unused spaces in the file then breaks itself up into smaller pieces, and inserts its code in the unused spaces. It can overwrite critical data areas in the first 2,048 sectors of the hard disk. If this happens, a "non-system disk" is seen when the computer boots from the hard drive, or an "invalid media" message when trying to boot from a system floppy disk or from a Rescue disk. It overwrites the sectors until the system crashes. It may cause permanent damage to the computer once the Flash BIOS is attacked.

When a file is diagnosed infected by the W95.CIH.corrupt virus, the file usually can no longer be repaired. The only solution is to delete and replace the file with a backup from a clean copy. If the system is infected with W95.CIH.corrupt virus when an application is being installed or upgraded, the virus tends to interfere with the installation process. This leaves the application useless, waste, and unusable. And if an application is infected after it was installed or upgraded, the application will work normally, however, there may be noticeable delay in time of loading in memory to be executed.