How did the action of the Win95.CIH virus manifest on April 26, 1999 in Kiev
Naturally, the consequences of the virus will for a long time be generalized at different levels. However, the first victim of this virus brought his computer to the EPOS service center at 9 a.m. By lunchtime, 28 “hard drives” were waiting in line at the service center, and the new BIOS was flashed like on a factory conveyor.The line of computers whose owners thought that only a breakdown occurred deserves a separate description. One specialist had to be allocated specifically, only to answer phone calls that lasted until nine in the evening.
What happened? Yes, actually, as expected. After all, the epidemic began a long time ago. Recently, most of the computers arriving at the service center due to various breakdowns were, among other things, also infected with viruses (including Win95.CIH). So on April 26, the destructive ability of the virus only intensified. It cannot be said that experts who knew about the threat were silent all this time. Many companies, including, of course, and EPOS, have long been offering, as one of their services, regular anti-virus monitoring. Anti-virus issues are regularly raised on the pages of all computer magazines. For example, on March 1st, the 3rd issue of the CHIP journal was published with extensive material on computer virology. The selection begins with a reminder of the dangerous properties of the Win95.CIH virus. It also provides detailed recommendations on how to avoid a catastrophe. However, apparently, the principle of “maybe” is invincible. The most interesting thing is that on many computers, from those that visited the EPOS service center, and on which viruses were detected, antivirus programs were also loaded with undelivered cargo. So, they were for the collection, but did not use them!
What consequences are expected
As with any mass threat, one of the unpleasant consequences of waiting is panic. Some media outlets, including television, reported on April 26 that the information on the affected hard drives had died permanently, or even that the computer could not be restored at all.
This is not true! The virus spoils only 2048 initial sectors of the disk. This means that if Windows 95 with the FAT32 file system was installed on the computer and the disk did not break into many small ones, then to restore the system, it is enough to boot from the floppy disk and use fdisk.exe to restore the main boot record. In other cases, you can also restore the system, or at least save all the useful information. This, of course, requires more serious knowledge and skills, therefore it is better to entrust the “treatment” of the computer to specialists of firms offering the corresponding services. Serious difficulties arise only in cases where users who do not have professional skills themselves try to correct the situation.
Another, no less dangerous phenomenon, is excessive calmness after the first fright has passed. With someone’s light hand, the statement that along with damage to hard drives the virus itself dies. There is a feeling that he is no longer threatening. This is not true! Win95.CIH virus is alive! He lives in large numbers on numerous pirated CDs. After users recover from fright and restore the operating system, they will begin to reinstall the programs they like from these very pirated disks and thereby quickly restore the virus population. The virus also lives on numerous floppy disks. And finally, the Internet for Win95.CIH is the native element.