Symantec United States
global sites
products and services
purchase
support
security response
downloads
about symantec
search
feedback


© 1995-2007 Symantec Corporation.
All rights reserved.
Legal Notices
Privacy Policy

masthead
 
 
News Release

Symantec is the only Major Vendor to Provide Tool to Disable CIH Virus without Rebooting

- Symantec Develops Automated Process for Removing CIH Virus, Saving Administrators Time and Money -

Sunnyvale, Calif --August 10, 1998-- Symantec Corporation (Nasdaq: SYMC), the world leader in utility software for business and personal computing, today announced that the Symantec AntiVirus Research Center (SARC) has developed a tool that will essentially "turn off" all strains of the CIH virus in an infected computer's memory. The first and most critical stage of any virus repair process is to deactivate the virus before applying removal techniques. This is the only tool provided by a major vendor that does not require a user to first re-boot the computer from a clean floppy disk before disinfecting the system, saving administrators valuable time and money. This tool is free and available now for download from the Symantec Web site at www.symantec.com/avcenter and can be used in conjunction with any anti-virus program.

This CIH removal tool can be run from either the DOS command line or from a login script, allowing administrators to automate the disinfection process. This means that administrators do not have to go to each workstation on their network to reboot from a clean floppy in order to clean each computer. If the computer has not been infected, the tool will inoculate the memory so the virus cannot infect it. If the computer has already been infected, the tool will look for the virus strains in memory and disable them to prevent further infection or spread. In both instances, the use of this tool should be followed by a complete scan of the computer with an anti-virus program, like Norton AntiVirus, to eliminate the virus and repair any damaged files. The tool itself is architected to be immune to infection by CIH. This means that it can be safely and effectively deployed into a hostile virus environment without risk of making the infection worse or furthering the spread of the virus.

"Downloading virus definitions for CIH is not enough to stay protected from this potential threat, since the virus can possibly infect the anti-virus program and any programs that are scanned as it tries to eliminate the problem," said Enrique Salem, vice president of Symantec's Security and Assistance Business Unit. "Before our tool was available, the only way to safely repair a computer was to reboot from a clean floppy, which could be very time-consuming and costly for our corporate customers. This tool provides network administrators with an automated process to eliminate the threat before it spreads."

CIH is a virus that infects 32-bit Windows 95/98/NT executable files. When an infected program is run, the virus will infect the computer's memory. CIH then infects new files when they are opened. Some variants of the virus activate on April 26th or June 26th, while other variants will activate on the 26th of every month. This virus will attempt to modify or corrupt certain types of Flash BIOS, software that initializes and manages the relationships and data flow between the system devices, including the hard drive, serial and parallel ports and the keyboard. By overwriting part of the BIOS program, the virus can keep a computer from starting up when the power is turned on.

The virus infects by first looking for empty, unused spaces in the file; then, it breaks itself up into smaller pieces, and hides in these unused spaces. Norton AntiVirus is able to repair an infected file by looking for these viral pieces and removing them.

Symantec AntiVirus Research Center
SARC is the industry's largest dedicated team of virus experts. With offices located in the United States, Japan, Australia, and the Netherlands, the sun never sets on SARC. The center's mission is to provide swift, global responses to computer virus threats, proactively research and develop technologies that eliminate such threats, and educate the public on safe computing practices. As new computer viruses appear, SARC develops identification and detection for these viruses, and provides either a repair or delete operation, thus keeping users protected against the latest virus threats.

About Symantec
Symantec is the world leader in utility software for business and personal computing. Symantec products and solutions help make users productive and keep their computers safe and reliable anywhere and anytime. Symantec offers a broad range of solutions and is acclaimed as a leader in both customer satisfaction and product brand recognition. Symantec is traded on Nasdaq under the symbol SYMC. More information on the company and its products can be obtained at www.symantec.com.

NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, view the Symantec Press Center at www.symantec.com/PressCenter/ on Symantec's Website.

Brands and products referenced herein are the trademarks or registered trademarks of their respective holders. All prices noted are in US dollars and are valid only in the United States.