W95.CIH

Risk Level 2: Low

Discovered:
June 1, 1998
Updated:
April 25, 2002 2:39:44 PM
Type:
Virus
Systems Affected:
Windows 95, Windows 98, Windows Me
W95.CIH, also commonly referred to as Chernobyl, is a destructive parasitic virus. It remains memory resident and infects other exe files when they are opened.

Due to decreased submissions, Symantec Security Response has downgraded this threat level to 2 from 3 as of March 30, 2004.

The CIH virus, also known as Chernobyl, was first discovered in June 1998 in Taiwan. According to the Taipei authorities, Chen Ing-hau wrote the CIH virus. The name of the virus derived from his initials.

CIH is a destructive virus with a payload that destroys data. On April 26, 1999, the payload triggered for the first time, causing many computer users to lose their data. In Korea, it was estimated that as many as one million computers were affected, resulting in more than $250 million in damages.

Although the virus is rather old, Symantec still believes the virus is in the wild and may cause damage to computer users who use outdated virus definitions, or who do not use antivirus software.

Antivirus Protection Dates

  • Initial Rapid Release version June 28, 1998
  • Latest Rapid Release version June 24, 2014 revision 006
  • Initial Daily Certified version June 28, 1998
  • Latest Daily Certified version May 3, 2013 revision 004
  • Initial Weekly Certified release date June 28, 1998
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 1000+
  • Number of Sites: 10+
  • Geographical Distribution: Medium
  • Threat Containment: Easy
  • Removal: Moderate

Damage

  • Damage Level: High
  • Payload Trigger: W95.CIH V1.2 and V1.3 (April 26), W95.CIH V1.4 (26th of any month)
  • Payload: Destroys data and causes possible damage to CMOS

Distribution

  • Distribution Level: Medium
Writeup By: Motoaki Yamamura

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver