Table of Contents
A Modern Computer Virus – Best Information
A modern computer virus – In April 1999, suddenly several thousand computers around the world were affected by it. The reason for this was a virus which brought these computers to a standstill. This virus, whose real name is W95.CIH, is also known by many other names such as Chernobyl, PE_CIH, Win32.CIH, Win95.CIH. This virus was designed to be active on the date of 26 April. Until the computer clock reaches this date, this virus is silently lying aside, but as soon as the computer clock reaches 26 April, this virus becomes active and starts causing havoc. It is believed that this virus occupies about 1K space on the computer.
This virus makes its hiding place in the computer in such a way that most anti virus programs cannot catch it. Generally, anti virus programs work on the principle that when a virus, which is itself a computer program, enters a file, the size of the file increases because in addition to the data in the file, the data of the file containing the virus is also added goes.
Anti virus programs only check that the size of a file has not increased without any reason. In order to avoid being caught by anti virus programs, this virus has been designed in such a way that the code of this virus is added to the end of a file, not increasing the size of that file, writing its code to the empty space located in the file. Because this virus writes its own code in the empty space located in the file, therefore the size of the file does not increase and anti virus programs cannot catch this Modern Computer Virus.
A Modern Computer Virus
Modern Computer Virus
Another feature of this virus is that if there is not enough free space in the file with which it is being linked, that all the code of the virus can be written in it, then it divides its code into many small pieces and divides it into smaller pieces. Writes these fragments in multiple files. Because this virus writes its code to the spaces located in the file, that is why this virus is also called Space Filler. Created as an EXE file, this virus is mainly active in the environment in Windows 95 and Windows 98. This virus mainly affects the computer in two ways.
The first thing it can do after activation is to damage the hard-disk’s master boot record (MBR), file allocation table (FAT) or the hard-disk root directory. When the MBR is damaged, neither the computer is able to understand the structure (partitions etc.) of the hard disk, hence it cannot even ‘boot’ the computer in the absence of the necessary operating system information.
When FAT is destroyed, the computer is also able to find the necessary files needed for the work. Due to this virus damaging the MBR and FAT in this way, the computer is not able to work but the data remains safe. There are many softwares available in the market to recover data even if MBR and FAT are damaged. After being activated, it can also do other things, that is to damage the BIOS of the computer itself. It is possible to boot the computer only after the BIOS has done the Power on Self Test (POST) and without ‘booting’ a computer cannot function at all.
The BIOS is not able to perform the power on self test due to the failure of the BIOS, so it is not possible to ‘boot’ the computer in any way and without it it is not possible to use the computer. In earlier computers, the programs related to the BIOS were written on the ROM chip, but nowadays many new computers of this type are also coming in the market, in which to write the program related to the BIOS, instead of the ROM chip, another type of memory chip, which That’s called Flash Memory Chip, is being used.
These ‘flash memory chips’ also have a system for writing information, in comparison to ROM, that is, these chips can be used not only to read already stored information but also to write new information to it. Actually ‘flash memory chips’ were used so that in the rapidly progressing computer world day by day, old computers can also be easily ‘upgraded’. The facility to write information on them was made available because it would help the computer to work with new equipment, but this facility became the gateway of this CIH virus.
Modern Computer Virus – This Modern Computer Virus is programmed in such a way that it writes its data directly on the information of the BIOS program and on the program and thus when the actual program of the BIOS is destroyed, not only the computer stops working but also its data. Reading or retrieving is also not possible until a new BIOS chip or motherboard is installed.