- June 1, 1998
- April 25, 2002 2:39:44 PM
W95.CIH, also commonly referred to as Chernobyl, is a destructive parasitic virus. It remains memory resident and infects other exe files when they are opened.
Due to decreased submissions, Symantec Security Response has downgraded this threat level to 2 from 3 as of March 30, 2004.
The CIH virus, also known as Chernobyl, was first discovered in June 1998 in Taiwan. According to the Taipei authorities, Chen Ing-hau wrote the CIH virus. The name of the virus derived from his initials.
CIH is a destructive virus with a payload that destroys data. On April 26, 1999, the payload triggered for the first time, causing many computer users to lose their data. In Korea, it was estimated that as many as one million computers were affected, resulting in more than $250 million in damages.
Although the virus is rather old, Symantec still believes the virus is in the wild and may cause damage to computer users who use outdated virus definitions, or who do not use antivirus software.
Antivirus Protection Dates
Initial Rapid Release version June 28, 1998
Latest Rapid Release version August 8, 2016 revision 023
Initial Daily Certified version June 28, 1998
Latest Daily Certified version August 9, 2016 revision 001
Initial Weekly Certified release date June 28, 1998
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Motoaki Yamamura