CIH virus deletion: The answer to your worries

Question: I found out my Windows 95 system is infected by Win95.CIH virus version 2.1. I’ve used Norton AntiVirus to eliminate this virus, and I reformatted the hard drive. Still, I know this virus can do harm to the flash BIOS, so how can I check this part of the system? When Norton AntiVirus checks the master boot record, does that do the job? Please answer by the 26th! – Desperate

Answer: Today’s the 22nd, so I’ve got to you in time.

The W95.CIH virus is a particularly nasty beast that infects Windows 95 executables (files with the .EXE extension). It is triggered on the 26th of the month (hence your deadline), and may cause the entire contents of a system’s hard drive to be lost.

So how does it do its evil deed? It overwrites the flash BIOS, which is the place on the computer where all the hard drive and system settings are saved. If the flash BIOS is write-enabled, which is the case in most newer computers with a flash BIOS, overwriting it makes the PC unusable because it will no longer boot up.

Win95.CIH also overwrites the hard disk with garbage. Nasty bit of work, don’t you think? When an infected program is run, the virus becomes memory-resident – so it jumps into the computer memory and sits there until new files are copied or run – then it infects those, too.

This family of viruses, which has three variants, was written in South-East Asia and first appeared in June 1998. You did the right thing by curing it with Norton AntiVirus. Likewise, McAfee VirusScan and most other brand-name anti-virus programs will do the trick. Once your system is clean of the virus, you don’t have to worry about the flash BIOS. The virus doesn’t store itself in the flash BIOS, it just corrupts the data already there.

If you want to check into other anti-virus software rather than the ones mentioned, visit the TechnologyTips Software Library. TechnologyTips lists both free and commercial versions for you.

So have a happy 26th!