Early Prime Day Deals Laptop Recommendations AT&T vs. Xfinity Prime Day Deals on TVs 4th of July Sales Best iPhone VPN 2023 Acura Integra Review Best Fitbits

CIH virus real but not epidemic

A virus that activates on the 26th day of each month strikes some computers, but its damage is limited.

A virus that activates on the 26th of each month struck some computers yesterday but doesn't appear to be widespread.

Executives at Ontrack Data International, which assists people in retrieving lost files, said the Windows 95 CIH virus had hit 500 computers at a single company and clusters of 100 or 200 at other locations.

The Virus can be destroyed with antivirus software currently on the market. Symantec's Norton AntiVirus Kill CIH Tool is one antivirus product that can do this.

All variants of the virus can affect Windows 95 or Windows 98 computers and can potentially destroy the first megabyte of data on a hard drive. This critical area on the hard disk contains data about how the hard drive organizes stored information. If this is tampered with, a hard drive's entire data contents can be effectively wiped out.

August 27, 1998, 12:20 p.m. PT
Microsoft Corp. MSFT
111.3750 -1.1875 -1.05%
> more from CNET Investor
> Investor message boards
Quotes delayed 20+ minutes
"The information is still pretty sketchy and it is coming in as we speak," said an Ontrack executive in Los Angeles. "100 affected here, 500 there," he said.

"This month seems to be the most severe," a spokesman for Microsoft said. The software maker urges users to install antivirus software and upgrade it regularly to protect their systems from various viruses.

Although the virus has spread at a rapid rate and infected a large number of systems, the CIH virus is deficient, according to major antivrus firms, in one respect: actual damage.

"It's a perverse way to look at it, but your objective as a virus writer is you want [the virus] to be able to deliver its payload," said Vincent Gullotto, manager of Network Associates McAfee labs.

"In this case, that hasn't really happened." McAfee customers have reported infected systems, but not any actual system damage, Gullotto said.

"The first phase of the virus is of file infector...it replicates very fast," he explained. "The next phase is to...delete the hard drive or destroy data on the hard drive. We have not had any customers say that has happened."

Amid the CIH publicity, it is important to remember that the more common "macro-virus" is much more of a potential danger to typical users, according to experts. Macroviruses are spread as document or spreadsheet attachments with emails, while the CIH virus is associated with executable files, which are seldom sent via the Internet.

"Most customers should not be worried," about CIH, said Carey Nachenberg of Symantec, developer of the Norton Antivirus suite. "Macroviruses are a much bigger problem, because of the way people share information. The threat of a CIH virus is much smaller than getting a Word virus."

Reuters contributed to this report.