Symantec is the only Major Vendor to Provide Tool to Disable CIH Virus without Rebooting
- Symantec Develops Automated Process for Removing CIH Virus, Saving Administrators Time and Money -
Sunnyvale, Calif --August 10, 1998-- Symantec Corporation (Nasdaq:
SYMC), the world leader in utility software for business and personal
computing, today announced that the Symantec AntiVirus Research Center
(SARC) has developed a tool that will essentially "turn off" all
strains of the CIH virus in an infected computer's memory. The first
and most critical stage of any virus repair process is to deactivate
the virus before applying removal techniques. This is the only tool
provided by a major vendor that does not require a user to first
re-boot the computer from a clean floppy disk before disinfecting the
system, saving administrators valuable time and money. This tool is
free and available now for download from the Symantec Web site at
www.symantec.com/avcenter and can be used in conjunction with any
This CIH removal tool can be run from either the DOS command line or
from a login script, allowing administrators to automate the
disinfection process. This means that administrators do not have to
go to each workstation on their network to reboot from a clean floppy
in order to clean each computer. If the computer has not been
infected, the tool will inoculate the memory so the virus cannot
infect it. If the computer has already been infected, the tool will
look for the virus strains in memory and disable them to prevent
further infection or spread. In both instances, the use of this tool
should be followed by a complete scan of the computer with an
anti-virus program, like Norton AntiVirus, to eliminate the virus and
repair any damaged files. The tool itself is architected to be immune
to infection by CIH. This means that it can be safely and effectively
deployed into a hostile virus environment without risk of making the
infection worse or furthering the spread of the virus.
"Downloading virus definitions for CIH is not enough to stay protected
from this potential threat, since the virus can possibly infect the
anti-virus program and any programs that are scanned as it tries to
eliminate the problem," said Enrique Salem, vice president of
Symantec's Security and Assistance Business Unit. "Before our tool
was available, the only way to safely repair a computer was to reboot
from a clean floppy, which could be very time-consuming and costly for
our corporate customers. This tool provides network administrators
with an automated process to eliminate the threat before it spreads."
CIH is a virus that infects 32-bit Windows 95/98/NT executable files.
When an infected program is run, the virus will infect the computer's
memory. CIH then infects new files when they are opened. Some
variants of the virus activate on April 26th or June 26th, while other
variants will activate on the 26th of every month. This virus will
attempt to modify or corrupt certain types of Flash BIOS, software
that initializes and manages the relationships and data flow between
the system devices, including the hard drive, serial and parallel
ports and the keyboard. By overwriting part of the BIOS program, the
virus can keep a computer from starting up when the power is turned
The virus infects by first looking for empty, unused spaces in the
file; then, it breaks itself up into smaller pieces, and hides in
these unused spaces. Norton AntiVirus is able to repair an infected
file by looking for these viral pieces and removing them.
Symantec AntiVirus Research Center
SARC is the industry's largest dedicated team of virus experts. With
offices located in the United States, Japan, Australia, and the
Netherlands, the sun never sets on SARC. The center's mission is to
provide swift, global responses to computer virus threats, proactively
research and develop technologies that eliminate such threats, and
educate the public on safe computing practices. As new computer
viruses appear, SARC develops identification and detection for these
viruses, and provides either a repair or delete operation, thus
keeping users protected against the latest virus threats.
Symantec is the world leader in utility software for business and personal computing.
Symantec products and solutions help make users productive and keep their computers
safe and reliable anywhere and anytime. Symantec offers a broad range of solutions
and is acclaimed as a leader in both customer satisfaction and product brand
recognition. Symantec is traded on Nasdaq under the symbol SYMC. More information
on the company and its products can be obtained at www.symantec.com.
NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products,
view the Symantec Press Center at www.symantec.com/PressCenter/ on Symantec's Website.
Brands and products referenced herein are the trademarks or registered trademarks of their
respective holders. All prices noted are in US dollars and are valid only in the United States.