The Sunday Times on the Web Plus
2nd May 1999

Front Page|
Editorial/Opinion| Business| Sports |
Mirror Magazine

Front Page
Mirror Magazine
Spotting a new Muntjak
Presented on the World Wide Web by Infomation Laboratories (Pvt.) Ltd.

Chernobyl chaos

In the beginning there was the error message… then there was nothing…

By Delon Weerasinghe

The Chernobyl computer virus struck mercilessly last Monday (April 26) leaving many to mourn the loss of valuable data. Chernobyl is a member of the CIH or "Space filler" family of viruses. A more frequent variation of it is the W95 CIH alias PE_CIH virus, which is relatively common infecting computers running the Microsoft Windows 95/98 operating systems. image

However, the Chernobyl variation of this virus, so called because it was timed to go off on the anniversary of the Chernobyl disaster, is the most dangerous.

But make no mistake, as the true connoisseur of virii will tell you, this is still one of the most brilliant viruses ever written. Sitting in your computer like a bomb timed to go off on the 26th of the month, a CIH will destroy your BIOS (Basic Input Output System) and your hard disk.

My first encounter with a CIH virus was about eight months ago when a friend noticed gibberish dialog boxes appearing during his Windows sessions. Suspecting a virus, we hopped over to his "software kade" and grabbed the newest copies of all the virus Scan software they had. We first ran both Mcafee Virus Scan and the Dr. Solomon's Anti-virus Toolkit on his computer - they found nothing. We were now wondering if it wasn't a virus after all, but still decided to give the last Anti-virus software we had a try as well.

By now we were having difficulty starting up the operating system. We installed Norton Anti-virus 5 in safe mode and restarted the computer.

The startup scan found over 1000 program files infected with the same virus - W95 CIH. It took over six hours to clean the computer. When it was done we read the definition of the virus. It truly was brilliant. Affecting any EXE files (program files) in Windows 95/98, it writes itself into the free space found in those files. This is why some older virus-scan software will not detect Chernobyl. The most common methods a virus scan uses to identify a virus or virus-like activity is to check for programs which use up excessive memory or which keep changing size. This virus does neither.

Now, however, CIH viruses are common. Media and Internet bulletin boards were screaming reminders about Chernobyl for almost a week before April 26th. Yet, all the newer virus-scanning software can identify and clean this virus without any problem. In fact, the only way you can be attacked by this virus today is if you have either been lazy or foolhardy.

A number of new virus scanning software can be got from computer vendors (most of them install a free virus-scan), from any outfit renting software CD's for Rs 50, or downloaded from the Internet free.

Remember, complacence is also a killer. Just because a virus-scanner is installed on your computer doesn't mean that everything's OK. It has to be used. If your software can be configured and trusted to scan automatically and clean any viruses it finds on its own it's fine.

If not, unless you work on a computer that has no contact with any other computer i.e. Diskettes, Internet, Network, E-mail, CD-ROMs etc... you are in danger of being infected everyday. Manually run or schedule a virus-scan at least once a month (once a week is better, everyday is being paranoid).

The biggest problem with viruses is ignorance. Chernobyl caused unnecessary panic last Monday. Amateur network administrators shut down entire networks crippling some offices. People using Macintosh computers who were in no danger of being infected by the virus were afraid to switch their machines on.

As those who irretrievably lost valuable data to Chernobyl will tell you (see box) - viruses really are terrible things. And if you don't give them the respect they deserve, they will mess up your computer. But they are avoidable or if it's too late for that, usually repairable. The media, instead of spreading panic last week, should have been spreading solutions, informing people what exactly the virus was and what it does. That it doesn't affect Macintoshes. And that it is completely cleanable even on the 26th of a month by booting your system using DOS Anti-viral programs.

Rumours and panic are more dangerous than any computer virus ever could be.

In Sri Lanka

By Ayesha R.Rafiq

Late last Sunday, television and radio stations broadcast urgent messages over news bulletins, which to anyone who isn't a computer buff, went something like, 'whatever you do, don't switch on your computer tomorrow'.

But why? Panicked button pushers called every whiz kid they knew to find out just why they should be crippled for a whole day, and received an ominous and totally unhelpful 'Chernobyl' in reply.

Many who missed the news on Sunday however, were spared that panic attack only to literally burst a blood vessel when they switched on their computers the next day to find... nothing.

Said Lua Buultjens, a presenter at YES FM radio, "I switched on my computer and there was this error message. I pressed the key for the Scan, and then there was nothing."

'About five years worth of collected data is now just not there. It's nothing short of disastrous,' she complained.

IT Manager of Software Development Services at John Keells Computer Services Milinda Gunasena, too was unaware of the April 26 virus. He lost over 202 files, not funny when you work at a computer company and it takes almost a day to clean your system up.

Variations of the virus are designed to strike computers every April 26, and indeed the 26th of every month.

Professor V.K. Samaranayake, Chairman of the Computer Information and Technology Council of Sri Lanka (CINTEC) says that in future an alert system will be launched to warn the public ahead of time of such potential problems.

Prof. Samaranayake says updated versions of virus guards such as Norton and Mcafee can protect your computer against such attacks. Another software known as Kill CIH once installed will eradicate the virus. CINTEC also advised people to change the date on their computers.

But this is easier said than done for many. Changing the date on your BIOS system is, according to the experts, a task for a computer buff, and not one to be undertaken by your average user. Given a free hand, Chernobyl can not only completely wipe out your hard drive, but affect your motherboard too, which will set you back some Rs. 6000-12,000.

Chief Executive Officer of IT company DataCorp, Dinesh de Silva said the silver lining around the cloud was he hoped that this would teach people the importance of disaster recovery techniques, and especially in companies, that accountability must lie at the top.

More Plus *  Farewell sweet princess....

Plus Archive

Front Page| News/Comment| Editorial/Opinion| Business| Sports | Mirror Magazine

Hosted By LAcNet

Please send your comments and suggestions on this web site to

The Sunday Times or to Information Laboratories (Pvt.) Ltd.