Sign In Sign-Up

Welcome!

Close

Would you like to make this site your homepage? It's fast and easy...

Yes, Please make this my home page!

No Thanks

  Don't show this to me again.

Close

ANA SAYFA

Name: CIH :
Type: Resident  EXE-files
Alias: PE_CIH, CIHV, SPACEFILLER
Origin: Taiwan

CIH virus infects Windows 95 and 98 EXE files. After an infected EXE is
executed, the virus will stay in memory and will infect other programs as
they are accessed.

Sadece win95 ve win98 exe dosyalarını etkiler. Eğer virüslü dosya çalıştırılırsa

virüs hafızada kalır ve diğer programlarada bulaşır

The CIH virus was first located in Taiwan in early June. After that, it has
been confirmed to be in the wild in at least France, Germany, The
Netherlands, Sweden, China, Israel, Chile and Australia. CIH has been
spreading very quickly as it has been distributed through pirated software.

İlk Taiwan da ortaya çıktı ve hızla dünyaya yayıldı. Özellikle korsan programlarala yayıldı.

It seems that at least four underground pirate software groups got infected
with the CIH virus, and they inadvertently spread the virus globally in new
pirated softwares they released through their own channels. These releases
include some new games which will spread world-wide very quickly. There's
also a persistent rumor about a 'PWA-cracked copy' of Windows 98 which would
be infected by the CIH virus but Data Fellows has been unable to confirm
this.

Korsan program dağıtan firmalar nasibini aldıktan sonra   bu virüs onların korsan olarak

dağıttığı programlarla yayıldı..

What makes the CIH case really serious is that the virus activates
destructively. When it happens the virus overwrites most of the data on the
computers hard drive. This can be recovered with recent backups.

Çernobil virüsünü tehlikeli yapan yıkıcı bir virüs olması.

However, the virus has another, unique activation routine: It will try to
overwrite the Flash BIOS chip of the machine. If this succeeds, the machine
will be unable to boot at all unless the chip is reprogammed. The Flash
routine will work on many types of Pentium machines - for example, on
machines based on the Intel 430TX chipset. On most machines, the Flash BIOS
can be protected with a jumper. By default, protection is usually off.
Virüsün dosyalara zarar vermesinden başka flash (yeniden programlanabilri)

bios ları silmesi gibi özellikleride var.

The CIH virus infects Windows executable files (EXE files). It does not
infect Word or Excel documents. CIH works under both Windows 95 and Windows
98, but it does not work under Windows NT.

Sadece exe dosyalarına zarar veriyor. Windows NT de çalışmıyor. Word Excel dosyalarına bulaşmıyor.

CIH uses a peculiar way of infecting executables. As a result, the size of
the infected files does not grow at all. The actual size of the virus code
is around 1 kB. The virus also employees advanced tricks in jumping from
processor ring 3 to ring 0 in order to hook file system calls.

Bulaştığı dosyanın boyutu büyümüyor.

Dört türü var:
There are four known closely-related variants:

CIH v1.2 (CIH.1003): Activates on April 26th. This is the most common
variant. It contains this text: - Nisan 26 da aktive olan

CIH v1.2 TTIT

CIH v1.3 (CIH.1010.A and CIH.1010.B): Activates on June 26th. Contains this
text:  -  Haziran 26 da aktive olan

CIH v1.3 TTIT

CIH v1.4 (CIH.1019): Activates on 26th of every month. It is in the wild,
but not particularily common. It contains this text: - Her ayın 26 sında aktive olan

CIH v1.4 TATUNG

[Mikko Hypponen/Data Fellows]

ANA SAYFA