Hi CRG,
Regarding the virus Cih.remnants, you asked how you could have gotten this
on your system. Please see the following from McAfee:
REFERENCE:
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=10300
Method of Infection:
"The only way to infect a computer with a file infecting virus is to
execute an infected file on the computer. The infected file may come from a
multitude of sources including: floppy diskettes, downloads through an
online service, network, etc. Once the infected file is executed, the virus
may activate".
Virus Characteristics:
"This family of viruses, written in South-East Asia, first appeared in June
1998. Currently there are at least 35 variants available. However original
variants (1003 and 1019) are by far most common and are `in the wild'. The
viruses infect Windows 95 files in PE format. This virus contains a date
activated payload. One alias to this virus is Chernobyl, which is a direct
reference to the nuclear plant accident of the same name which occurred
also on April 26th (in 1986). W95/CIH viruses are able to split up the
body of the virus code and place it within unused parts of the infected
file (PE files usually contain lots of unused space). Such files will not
execute on NT, Windows 2000 or XP because their structure is not valid
(loader for Windows 95/98/Me is much less careless and can load such
files). The virus is contain a very dangerous payload, who's trigger date
depends on the variant. On this date, they attempt to overwrite the
flash-BIOS. If the flash-BIOS is write-enabled (and this is the case in
most modern computers with a flash-BIOS) this renders the machine unusable
because it will no longer boot. At the same time, they also overwrite the
hard disk with garbage".
REMOVAL:
McAfee
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=10300
Symantec:
http://securityresponse.symantec.com/avcenter/venc/data/w95.cih.remnants.htm
l
=========
This posting is provided "AS IS" with no warranties, and confers no rights.
Windows XP Security Homepage:
http://www.microsoft.com/windowsxp/security/default.asp
Windows 2000 Security Homepage:
http://www.microsoft.com/windows2000/security/default.asp
Top 10 Windows Newsgroups Security Questions:
http://www.microsoft.com/technet/newsgroups/default.asp?url=/technet/newsgro
ups/nodepages/sectop10.asp
=========
Paul Hayes, MCSE
Product Support Services
Microsoft Corporation
(e-mail address removed)
--------------------
| From: "CRG" <
[email protected]>
| Subject: Virus with my New Computer / Software
| Date: Thu, 5 Feb 2004 06:52:50 -0800
|
| C:\windows\system32\gsw.exe
| virus: w95/cih.remnants
|
| McAfee virus scan picked this up on my new computer. How
| did it get there?
|
| Thanks.
|
| CRG