The Iron Solution to the 2000 Iron Problem
Before the onset of 2000, about three more months. But the situation was noticeably heated. It is understandable. If even a small fraction of what is written in the press…

Continue reading →

The Iron Problem of 2000
The 2000 issue is already becoming a hot topic. Moreover, a little more than 200 days remain before its onset. The point is that, for a number of reasons, in…

Continue reading →

The Iron Solution to the 2000 Iron Problem
Before the onset of 2000, about three more months. But the situation was noticeably heated. It is understandable. If even a small fraction of what is written in the press…

Continue reading →

Viruses are serious, and Win95.CIH is not alone

Currently, there are quite a few viruses that destroy the contents of CMOS. For example, the stealth virus FindMe (stealth virus – “invisible virus”, like the stealth bomber), the destructive action of which is expected on May 23. Or another virus, V.789, the 14th day of every odd month (May, July, etc.) destroys the master boot record of the hard disk and destroys the contents of the CMOS. There are many viruses that erase individual files, destroy FAT, or format a hard disk. For a long time there are viruses whose effects are no less terrible than the effects of the Win95.CIH virus. For example, it is believed that it is impossible to recover information after the defeat of the OneHalf virus (in fact, of course, it is possible to recover, although it is more difficult).

The mass epidemic was caused precisely by the Win95.CIH virus for three reasons:

This virus has an amazing ability to reproduce.
This is a relatively new virus, therefore, many not recent versions of the antivirus tools available to users could not detect it.
The destructive properties of the virus were activated in all users simultaneously.
How is Win95.CIH different from other viruses?
The main difference is that Win95.CIH virus uses some features of the new .exe file format adopted in Windows 95 and Windows NT, the so-called PE (Portable Executable) format. In this format, along with executable code and data, additional information is stored in the file (in particular, about exported and imported functions). The executable code, data, and additional information are all different objects, each of which is located in a separate section of the .exe file. Also added the header of the PE file, which is located in a separate section.

Naturally, in most sections there is free space, which is used by the Win95.CIH virus. The fragment allocation table and part of the code for allocating memory and collecting the entire virus body is located in the section where the PE file header is located (this section has the most free space). The rest of the virus code is distributed in the remaining sections.

It should be noted that on the Internet you can find a detailed description of the new file format, including one specifically addressed to “virus writers”. So in the near future we should expect the appearance of a whole family of viruses like Win95.CIH.

Removable cartridge technology
Unfortunately, despite repeated attempts by various manufacturers to launch a reliable device with removable media on the market, none of them have yet managed to deceive the laws of nature.…

...

Ways of spreading viruses
How are viruses and, in particular, the Win95.CIH virus spread? It is generally believed that the main path is the Internet. Other viruses cause a lot of controversy about the…

...

SPD EEPROM: Functioning Algorithm
With the advent of the new SDRAM standard, a new I2C interface has also appeared. The interface was developed by Philips and is used as an internal auxiliary bus of…

...

SPD EEPROM Specification
In addition to the description of the transmission interface, I2C information, the PC SDRAM Serial Presence Detect (SPD) Specification specification defines the information recorded in the EEPROM by the manufacturer.…

...