Virus with my New Computer / Software

[CRG]

C:\windows\system32\gsw.exe
virus: w95/cih.remnants

McAfee virus scan picked this up on my new computer. How
did it get there?

Thanks.

CRG

 

[Guest]

Hi there Crg

I am currently working in a PC Production line,let me tell you that even here we do make mistakes
PC's can go out to a user with any problem you can think of.Sometimes the Responsible persons for Software aren't here or...
Production lines still add software,adjust the PC, test and load and sometimes don't load updates etc

I think it is a simple Human error.

 

[pauly [MSFT]]

Hi CRG,

Regarding the virus Cih.remnants, you asked how you could have gotten this
on your system. Please see the following from McAfee:

REFERENCE:
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=10300

Method of Infection:
"The only way to infect a computer with a file infecting virus is to
execute an infected file on the computer. The infected file may come from a
multitude of sources including: floppy diskettes, downloads through an
online service, network, etc. Once the infected file is executed, the virus
may activate".

Virus Characteristics:
"This family of viruses, written in South-East Asia, first appeared in June
1998. Currently there are at least 35 variants available. However original
variants (1003 and 1019) are by far most common and are `in the wild'. The
viruses infect Windows 95 files in PE format. This virus contains a date
activated payload. One alias to this virus is Chernobyl, which is a direct
reference to the nuclear plant accident of the same name which occurred
also on April 26th (in 1986). W95/CIH viruses are able to split up the
body of the virus code and place it within unused parts of the infected
file (PE files usually contain lots of unused space). Such files will not
execute on NT, Windows 2000 or XP because their structure is not valid
(loader for Windows 95/98/Me is much less careless and can load such
files). The virus is contain a very dangerous payload, who's trigger date
depends on the variant. On this date, they attempt to overwrite the
flash-BIOS. If the flash-BIOS is write-enabled (and this is the case in
most modern computers with a flash-BIOS) this renders the machine unusable
because it will no longer boot. At the same time, they also overwrite the
hard disk with garbage".

REMOVAL:

McAfee
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=10300

Symantec:
http://securityresponse.symantec.com/avcenter/venc/data/w95.cih.remnants.htm
l

=========

This posting is provided "AS IS" with no warranties, and confers no rights.

Windows XP Security Homepage:
http://www.microsoft.com/windowsxp/security/default.asp

Windows 2000 Security Homepage:
http://www.microsoft.com/windows2000/security/default.asp

Top 10 Windows Newsgroups Security Questions:
http://www.microsoft.com/technet/newsgroups/default.asp?url=/technet/newsgro
ups/nodepages/sectop10.asp

=========
Paul Hayes, MCSE
Product Support Services
Microsoft Corporation
(e-mail address removed)

--------------------
| From: "CRG" <[email protected]>
| Subject: Virus with my New Computer / Software
| Date: Thu, 5 Feb 2004 06:52:50 -0800
|
| C:\windows\system32\gsw.exe
| virus: w95/cih.remnants
|
| McAfee virus scan picked this up on my new computer. How
| did it get there?
|
| Thanks.
|
| CRG