Information Disaster April 26
In April, the biggest problem of the month related to computers can rightly be considered the epidemic of the Win95.CIH virus - Chernobyl. Everyone is used to the presence of…

Continue reading →

Z-tracks
In devices with a moving coil there are no pre-fixed positions. Instead, they use a special guidance system (positioning), which accurately brings the heads to the desired track. The system…

Continue reading →

How to avoid network downtime?
A network of any company or organization is created to provide users with easy access to information, applications and network services. However, both company’s productivity and revenues can suffer significantly…

Continue reading →

Viruses are serious, and Win95.CIH is not alone

Currently, there are quite a few viruses that destroy the contents of CMOS. For example, the stealth virus FindMe (stealth virus – “invisible virus”, like the stealth bomber), the destructive action of which is expected on May 23. Or another virus, V.789, the 14th day of every odd month (May, July, etc.) destroys the master boot record of the hard disk and destroys the contents of the CMOS. There are many viruses that erase individual files, destroy FAT, or format a hard disk. For a long time there are viruses whose effects are no less terrible than the effects of the Win95.CIH virus. For example, it is believed that it is impossible to recover information after the defeat of the OneHalf virus (in fact, of course, it is possible to recover, although it is more difficult).

The mass epidemic was caused precisely by the Win95.CIH virus for three reasons:

This virus has an amazing ability to reproduce.
This is a relatively new virus, therefore, many not recent versions of the antivirus tools available to users could not detect it.
The destructive properties of the virus were activated in all users simultaneously.
How is Win95.CIH different from other viruses?
The main difference is that Win95.CIH virus uses some features of the new .exe file format adopted in Windows 95 and Windows NT, the so-called PE (Portable Executable) format. In this format, along with executable code and data, additional information is stored in the file (in particular, about exported and imported functions). The executable code, data, and additional information are all different objects, each of which is located in a separate section of the .exe file. Also added the header of the PE file, which is located in a separate section.

Naturally, in most sections there is free space, which is used by the Win95.CIH virus. The fragment allocation table and part of the code for allocating memory and collecting the entire virus body is located in the section where the PE file header is located (this section has the most free space). The rest of the virus code is distributed in the remaining sections.

It should be noted that on the Internet you can find a detailed description of the new file format, including one specifically addressed to “virus writers”. So in the near future we should expect the appearance of a whole family of viruses like Win95.CIH.

Information Disaster April 26
In April, the biggest problem of the month related to computers can rightly be considered the epidemic of the Win95.CIH virus - Chernobyl. Everyone is used to the presence of…

...

After checking all the computers and installing, where necessary, the recommended boards, will the 2000 problem be resolved?
Of course not! Most of the problems will remain. The danger of the 2000 problem is that in recent years, very large databases have accumulated in any organization. In these…

...

Intranet no problem
Out of the scope of the article, issues of software selection and technical details of network configuration deliberately remained. These issues must always be addressed specifically for a particular customer.…

...

Work "the old fashioned way"
Traditionally, if there are 2 ... 3 computers in the office, they communicate with each other by a peer-to-peer network. This is a network in which all computers are equitable.…

...