[Please keep in mind the domain name of this site" ", or search in Baidu: Sanlian Literature Network]

Han Ji took people to do virus restoration there, and then simulated it on a test machine, but the time of the virus attack was adjusted, and after five minutes, the hard disk kept spinning, all the data was destroyed, and the hard disk partition information was also lost.

A technician at Han's side explained to Fan Wuxian, "After the outbreak of this virus, the only thing left was to repartition the hard drive. In addition, when the virus occurs, it may also destroy the voltage of some types of motherboards, rewrite the BIOS of read-only memory, and the damaged motherboard can only be sent back to the original factory for repair and re-burned into the BIOS. This is also the only virus we have found so far that can destroy hardware, which is of great significance! ”

Fan Wuxian nodded, and then asked, "This is indeed a major discovery, have you found a way to deal with it?" ”

The staff immediately nodded and replied, "In the version of this virus, the information that identifies the version number is in plaintext, so you can identify whether the virus is infected by searching the string in the executable file, and the search feature string is CIH v or CIH v1, if you want to search for a more complete feature string, you can try CIH v1.2 TTIT, CIH v1.3 TTIT, remember not to search for CIH feature string directly, because this also exists in many normal programs, It is easy to misjudge. ”

Another staff member prompted, "The specific search method is to first open the explorer, select the menu function tool to find a file or folder, enter the feature string to be found in the pop-up window input, and finally click the search key to start the search work." If, during the lookup, a large number of executable files are displayed that match the characteristics of the lookup, it means that your computer has been infected with this virus. ”

Han explained, "Actually, in . There is a fatal drawback in the above methods, that is, if the user has just been infected with the virus, then such a large search process is actually expanding the infection surface of the virus. The best way to do this is to use a regular antivirus software or a targeted killing tool. ”

Fan Wuxian nodded, and then asked, "How did you find this thing?" ”

It stands to reason that the CIH virus will occur in the fourth of the next year. On the 26th of the month, why was it discovered by Han Ji and others at this time? It seems that his rebirth has indeed changed a lot of things, at least the discovery of the CIH virus at this time will prevent a large number of computer paralysis caused by it next year.

"According to our analysis, its carrier is a. A tool called ICQ Chinese Chat module, and with popular pirated disc games such as Tomb Raid or indos95/98 as the medium, through the Internet various websites to reprint each other, so that it spreads rapidly, the main way of transmission is mainly through the Internet and e-mail and other media, some of the CD also found its existence. "But fortunately, it was on April 26 next year, and it has not caused any harm so far." ”

"Is the new virus named?" Fan Wuxi asked casually.

"We're all named after signature codes, and it's called the CIH virus." A worker. member replied.

Fan Wuxi touched his nose very unnaturally, and said in his heart this naming formula. It's the same as before.

CIH virus only infects indos95/98 operating system and from the current analysis it is effective against DOS operation. The system doesn't seem to have any effect yet, probably because it uses the virtual device driver technology under Indos. So, for DOS-only users, this virus doesn't seem to have any effect, but if you are an indos95/98 user, you should be especially careful. It is precisely because of CIH's unique use of VxD technology that this virus spreads in the indos environment, which is very real-time and hidden, and it is difficult to detect the spread of this virus in the system with general anti-virus software.

When the virus strikes, on the one hand, it completely destroys the data on the hard disk of the computer system, and on the other hand, it rewrites the BIOS of some computer motherboards. After the BIOS is rewritten, the system cannot be started, and the computer can only be sent back to the factory for repair and replacement of the BIOS chip.

Since the CIH virus has irreversible damage to data and hardware, once the CIH virus breaks out, users can only watch the computer worth 10,000 yuan and the important data accumulated for many years be destroyed. It has now been determined that the CIH virus is the first virus capable of destroying the hardware of a computer system, and it is also the most lethal and malignant virus.

From a technical point of view, the CIH virus achieves a perfect integration with the operating system. The virus is compiled using the core VxD technology of indos95/98 and is believed to be firmly connected to the underlying operating system, so the CIH virus will neither spread to the DOS operating system nor to the indosNT operating system.

"The reason why we attach great importance to this is not only because of its destructiveness and the first virus that can destroy hardware, but because the technical characteristics of CIH virus pose a huge challenge to us to use traditional anti-virus technology to prevent and control computer viruses, because the traditional anti-virus tools we use are basically pure DOS or emulated DOS applications working under indos95, and they cannot penetrate deep into indos95/ The bottom layer of the 98 operating system goes to completely remove the CIH virus. On the other hand, because it can be tightly integrated with the underlying layer of the operating system, the CIH virus spreads more rapidly and insidiously. The best way to combat a virus like CIH that is tightly integrated with the operating system is to use anti-virus software that is natively integrated with various operating systems. ”

The CIH virus doesn't usually do anything destructive, doesn't show any screen, just takes up some memory. However, some programs will not work properly or even crash when they are infected. However, the CIH virus resides in the main memory, and every time it is executed, it will check the date of the computer, and if it meets the requirements, it will destroy all the data on the hard disk of the user's computer, even the data area of the hard disk and the boot area.

When the user reboots, the screen will appear hard disk boot failure, please insert the system disk and click the enter prompt, even if there has been a backup boot area data, but the data in your disk has been completely destroyed, it is meaningless to boot the computer.

When it comes to the CIH virus, which has paralyzed 60 million computers around the world, Fan Wuxian naturally thinks of the author who made it, Taiwanese Chen Yinghao.

Chen Yinghao has been obsessed with computers since his first year of college, and has to surf the Internet every day to download the most popular software and games, so he often encounters computer viruses. In order to solve the problem of repeated computer poisoning, he read newspapers and bought a lot of anti-virus software that was advertised as extravagant, but it often turned out to be useless, so he felt that he had been deceived.

And the CIH virus was completely designed by him, in order to come up with a foreign appearance that boasted "100% antivirus software" in advertisements.

Chen Yinghao has a history of epilepsy, and although he usually has an easy-going temper, he becomes very stubborn when it comes to computers. According to his college classmates, he usually gets along very well with Chen Yinghao, but if anyone mentions computers, he shows a very aggressive look. In the past, students in the computer department of Datong Institute of Technology often liked to compare programs to see who could program the shortest number of programs and the most complex ones. But this kind of competition is boring in Chen Yinghao's eyes, and he doesn't bother to discuss it with them at all. In order to show his strength, he deliberately wrote a program with only three lines of content but it was difficult, which made computer students wide-eyed.

When Mr. Chen was serving in the military, he boasted to the military that he could devise a program that would paralyze military computers. Taiwan's military intelligence bureau is very interested in this and is ready to take him under its command and act as an expert in electronic warfare. However, after they investigated Chan's family history, it was found that he was mentally unstable and had a family history of mental illness. Therefore, Taiwan's military intelligence bureau not only did not take him in, but also made him retire immediately.

"Do we have antivirus software in place? And disaster recovery procedures? Fan Wuxi shook his hair and asked Han Ji.

"I am afraid that it will not be easy to recover after the disaster, but the software to find out or prevent it is already available, considering the harmfulness of the virus, we plan to officially release the virus's special killing tool and distribute it to users for free." Han Ji said to Fan Wuxi.

For a long time, the anti-virus department of the PCFANS club has often released some special killing tools to the public to solve some virus problems that often plague everyone, and the effect is also very good, so Han Ji believes that this time the discovery of a virus with such a significant impact and destructive power naturally needs to be predicted to users in advance.

However, Fan Wuxi didn't think so, he shook his head and said, "No, this matter needs to be considered in the long run, and I can't release this news to the outside world for the time being, I have important arrangements to consider." ”

The ravages of the CIH virus are mainly in foreign countries, one is because the popularity of foreign networks is much higher than that in China, and the other reason is that the openness of foreign networks is also relatively high, and users are more likely to be infected with the virus through the Internet, while the domestic is generally spread through floppy disks or CD-ROMs, as for the spread of some through the Internet, but the overall number is not large.

Fan Wuxian remembers very well that the number of computers affected in China is very small, but there are many affected overseas, since the impact of this virus has a huge impact overseas, so there is no reason for him to expose this fact now, and then let foreigners enjoy their own results?

Of course, Fan Wuxian also asked Han Ji to integrate the special killing tool against the CIH virus into the new version of the Thunderbolt anti-virus software, and upgrade it for his own users for free.

"We only need to be responsible for our own users, and we can't take the significance of this virus too seriously, and treat it as if it were an ordinary virus." Fan Wuxian said to Han Ji, "Otherwise, once everyone notices this problem, they will blame us for making a fuss and deliberately creating a tense atmosphere." ”

"Isn't that a little unkind?" Han Ji disagreed with Fan Wuxi's opinion.

Fan Wuxian said to Han Ji very seriously, "From a purely commercial point of view, it is understandable for us to do this, at least we are trying to avoid domestic users being affected, this work is free, for overseas markets, they don't buy our antivirus software, do they care if they live or die?" ”

If the CIH virus breaks out as scheduled in April next year, and the situation on my side is as stable as a rock when many anti-virus companies have no solution for a while, then the popularity of the anti-virus software of the PCFANS club will suddenly rise to the point where everyone knows about it, and the role of further expanding the reputation of the company's anti-virus division and expanding overseas markets is very huge.

Sometimes, if the heart is black, the heart must be black, and the hand should be spicy, otherwise it will never be possible to achieve great things!

All in all, this opportunity is rare in a century, and Fan Wuxian didn't think of such a thing before, if it weren't for Han Ji's anti-virus business department discovering the whereabouts of CIH and analyzing the harm of its attack, and Han Ji would have taken this virus that can destroy hardware as a performance to show himself, he would not have thought of using this incident to further expand the popularity of his anti-virus software.

Since the opportunity is in front of you, you need to grasp it, operate it well, and achieve your own goals, so that the company's antivirus software can go to the world market in one fell swoop.

This kind of opportunity was something that Fan Wuxian couldn't let go, so he directly denied Han Ji's opinion on announcing the characteristics of the CIH virus and the elimination tool to the society, and decided to hide this matter and use it as his killer weapon.

"Although this is a bit unkind, we must try our best to do a good job in domestic prevention and control, and I will also communicate with the Ministry of Security in this matter to promote our anti-virus software in domestic office computers to prevent and control the spread of the CIH virus." Fan Wuxian explained to Han Ji, "The Ministry of Security has a good relationship with me, this can be done well, and for national security, it is also beneficial to do so, at least we can start thinking in advance about how to deal with and prevent similar situations in the event of a similar situation." ”

"Okay, I'll listen to you." After thinking about it for a while, although he was a little reluctant, he still agreed.

There are no pop-ups