Cih virus

In learning of any CIH-destroyed, FAT32 drives, which this freeware FIX-CIH program is unable to reconstruct.NOTE: Do NOT ask me to repair or reconstruct non-FAT32 drives or drives not destroyed by the CIH virus. Our commercial SpinRite 5.0 product is the best utility ever created for assuring the integrity and reliability of personal computer mass storage. If you care about the long-term safety of your data, nothing beats SpinRite.Release #6: (5/29 @ 12:00 PST) Recovery of Non-Primary Partitions EVEN IF the first was FAT16!A number of people lost drives with multiple FAT16 parititons. With this release of FIX-CIH, and by using the special command line option /SkipFirst, FIX-CIH will reconstruct a drive's main partition table (Master Boot Record or MBR) EVEN IF the first partition can not be recovered for any reason.If FIX-CIH won't recover your first partition, because it was formatted with a 16-bit FAT, you can start FIX-CIH with this command line to recover the REST of your drive's partitions:Release #6.1: (5/31 @ 12:15 PST) Optional Alternative Root Directory Finding StrategyA few people have reported that after FIX-CIH reported an apparently successful reconstruction of their drive, there "wasn't anything there" after rebooting their system. This is caused when FIX-CIH's heuristic root directory finder locates the wrong cluster as the root directory. It's easily repaired when the proper cluster is known. So, I've added a command-line option /BootRoot to cause FIX-CIH to utilize an alternative root directory finding strategy which can (only) be used when the lost partition had been bootable.If FIX-CIH believed that it successfully recovered your first partition, but nothing was there after the reboot, AND IF that partition had been the system's primary bootable partition, you can try re-running FIX-CIH with this command line option:CLICK HERE TO DOWNLOAD THEFINAL FIX-CIH.EXE (21k bytes)Best of luck with FIX-CIH! If this release doesn't work for you I'll keep working on it until it does! PLEASE let me know!Would You Share Your Success?When FIX-CIH works for you, I would LOVE to hear about it!(And, of course, I want to hear from you if it doesn't so I can make it work for you!) So, if you would take a moment to share your FIX-CIH SUCCESS STORIES with me, I will create a web page here to share them with everyone! (Your name and eMail address will be removed for confidentiality.)

The virus was first identified by Virus Bulletin, a premiere research laboratory in Great Britain that publishes a subscription newsletter about viruses. According to Nick FitzGerald, the Bulletin's editor, the virus goes beyond the traditional disk-trashing mayhem of other rogue programs. Computers based on Intel-compatible processors use a Basic Input Output System (BIOS) to provide a cold start-up. The BIOS is software that initialises and manages the relationships and data flow between the system devices, including hard drive, serial port, parallel port, and the keyboard; it sits between those hardware devices and the operating system. Most desktop, server, and notebook computers built in the last few years store their BIOS on a flash ROM chip. These flash chips are rewritable, which allows users and manufacturers to upgrade the BIOS with new capabilities, or to fix bugs. For the first time ever, the CIH Virus attacks the software code stored in those flash BIOS chips. The virus overwrites part of the BIOS code that's stored in some flash ROM chips. In fact, it overwrites the part of the BIOS program that runs first when the system is powered up or reset. As a result, the virus can render your computer unbootable-- it just won't start-up at all when you turn on the power. The virus may be breaking new ground, but it still has a sense of history. Like other nasty viruses of old, it also overwrites the first megabyte of your hard drive, obliterating your files. That loss can be devastating, but if the virus stopped there, at least your computer would still work-- if you had DOS or another operating system on a floppy disk. According to the Virus Bulletin, CIH can be downloaded from "warez" sites on the Internet. Those are the underground or "hacker" sites that store programs, including some that claim to be hacking tools or provide additional utilities for games. The virus is known to have been downloaded from at least one "warez" site in Europe. In one case, it was even disguised as a Windows 98 service pack. The connection to Windows 98 is not a coincidence. The CIH Virus can reportedly affect any system running Windows 95 or 98. That possibility has caused tremendous concern among researchers. But while concern is warranted, there is no need to panic about the dangers of CIH. The virus is not yet widespread, and not every kind of flash ROM chip can be overwritten. Some are simply not affected by the payload's activation sequences. The problem, however, is that it can be almost impossible to know whether your computer has the kind of flash ROM chip that is vulnerable to attack. There are approximately 15 to 30 chips that are commonly used in current systems. Luckily, many motherboards, including those built by Intel and sold to a variety of top computer manufacturers in the United States, come with the flash BIOS protected against attacks like this. These motherboards have a jumper set that write-protects the flash chip,

Much like a diskette, cassette, or VHS tape can be write-protected. However, even if the virus can't overwrite the BIOS, it will still delete data stored on hard-drives. That puts every Windows 95 and 98 based machine at risk when the virus triggers. At present, all four known versions of the CIH Virus are connected to the date of the 26th. The first two are programmed to trigger on the 26th of April. The third takes action on the 26th of June. And the fourth, and least common, drops its payload on the 26th of every month. That's this Sunday. And if you're one of the unlucky ones who get infected, the damage can be extreme and expensive. "PCs on which the Win95/CIH payload has triggered (completely) require the BIOS to be replaced," FitzGerald said. "This is where a rash of infections within a company can quickly become expensive." In some cases, the BIOS can be replaced by removing the current chip and inserting a new one. But such a remedy would require the BIOS to be installed in a socket. In most cases, the Flash ROM chip is soldered to the motherboard of the computer. In that event, the entire motherboard will have to be replaced. "With some laptops, it may be more economic to buy a new machine," FitzGerald said. Such potential harm makes it prudent to take protective action right away. While the threat may be slight, it's undoubtedly increasing. So far, the virus has been identified in Australia, Chile, France, Germany, Japan, Korea, Norway, Romania, Russia, South Africa, and Taiwan, where it may have been written. As the 26th of each new month arrives, the number of CIH victims seems destined to rise.