An ancient computer virus has infiltrated the latest fast spreading email scourge to create a nasty "double-infected" virus.

Anti-virus software makers say some versions of the widespread computer virus Klez.h hide a mutation of a very destructive virus first seen in 1998 and known as Chernobyl or CIH. The Chernobyl virus variant automatically infects files and programs files on computers running Microsoft Windows.

"Klez is just another Windows program," says Graham Cluley of the UK anti-virus firm Sophos. "[CIH] just infects the executable file, whereupon Klez then forwards itself around in a double infected state."

Chernobyl can cause permanent damage to some computers' underlying system software, or BIOS (Basic Input/Output System). In some cases this can make the computer unusable. The original virus was programmed to activate on 26 April, the anniversary of the Chernobyl nuclear disaster. But the new variant - W95.CIH.1049 - triggers on 2 August.

More Info Here

CIH is a virus that infects 32-bit Windows 95/98/NT executable files, but it can function only under Windows 95/98/Me. It does not function under Windows NT/2000/XP. When an infected program is run under Windows 95/98/Me, the virus becomes resident in memory.

Although Windows NT system files can be infected, the virus cannot become resident or infect files on a computer running Windows NT/2000/XP. The virus does not function under DOS, Windows 3.1, or on Macintosh computers. Once the virus is resident, CIH virus infects other files when they are accessed.

Files infected by CIH may have the same size as the original files because of CIH's unique mode of infection. The virus searches for empty, unused spaces in the file. Next it breaks itself up into smaller pieces and inserts its code into these unused spaces. When Norton AntiVirus repairs a file that is infected by CIH, it looks for these small viral pieces and removes them from the file.

What Symantec Say