Risk Level 2: Low

June 1, 1998
April 25, 2002 2:39:44 PM
Systems Affected:
W95.CIH, also commonly referred to as Chernobyl, is a destructive parasitic virus. It remains memory resident and infects other exe files when they are opened.

Due to decreased submissions, Symantec Security Response has downgraded this threat level to 2 from 3 as of March 30, 2004.

The CIH virus, also known as Chernobyl, was first discovered in June 1998 in Taiwan. According to the Taipei authorities, Chen Ing-hau wrote the CIH virus. The name of the virus derived from his initials.

CIH is a destructive virus with a payload that destroys data. On April 26, 1999, the payload triggered for the first time, causing many computer users to lose their data. In Korea, it was estimated that as many as one million computers were affected, resulting in more than $250 million in damages.

Although the virus is rather old, Symantec still believes the virus is in the wild and may cause damage to computer users who use outdated virus definitions, or who do not use antivirus software.

Antivirus Protection Dates

  • Initial Rapid Release version June 28, 1998
  • Latest Rapid Release version August 8, 2016 revision 023
  • Initial Daily Certified version June 28, 1998
  • Latest Daily Certified version August 9, 2016 revision 001
  • Initial Weekly Certified release date June 28, 1998
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Motoaki Yamamura

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube