BBC: "Chernobyl Virus causes Asian Computer MELTDOWN" : LUSENET : TimeBomb 2000 (Y2000) : One Thread

This is at A "catastrophe" reported in Isreal. Everything from the Isreali secret service to banks in India have malfunctioned. Serious economic disruptions possible.

-- jon doe (, April 27, 1999


Link that ought to work

-- link (, April 27, 1999.

Neither works for me.

-- regular (zzz@z.z), April 27, 1999.

try this one

I was just there

looks like nasty things happened

-- same as b4 (, April 27, 1999.


Thanks. Yowza!

-- regular (zzz@z.z), April 27, 1999.

Also see:

-- Kevin (, April 27, 1999.

Anyone know if the virus caused problems with the US Military bases in Turkey or Saudi or So. Korea? They must be integrated with the local systems to some extent.

-- Valkyrie (, April 27, 1999.

From one of the above links "Turkey was caught unprepared. The warnings were there but nobody took any notice of them." Sounds like more than Turkey was caught unprepared. A little wiff of smoke of what it might be like in a short few months. "The warnings were there"

-- thinkIcan (, April 27, 1999.

Dang, if one little virus does all that, Y2K is going to be a bummer!

This virus only affected Pee Cees.

-- Anonymous99 (, April 27, 1999.

From the blued link, above:

Tuesday, April 27, 1999, Published at 18:27 GMT 19:27 UK Chernobyl virus causes Asian meltdown, By Internet Correspondent Chris Nuttall

Hundreds of thousands of computers in Asia and the Middle East have had their data wiped by a malicious program known as the Chernobyl virus. . . .

CIH was discovered as long ago as last June in Taiwan. . . . In the West, companies had protected their computers with anti-virus programs that killed it, but in Asia and the Middle East the same precautions had been ignored in many cases. . . .

China: The state-run media reported that more than 100,000 computers had been affected across China. South Korea: Government officials apologised for not taking more urgent action and estimated that 250,000 PCs were attacked and $250m in damage had been caused.

India: More than 30,000 computers had crashed, said experts and officials. Major industries, banks and other financial institutions had been badly hit.

Middle East and Gulf countries were also badly hit:

Israel: Israeli data recovery experts said there had been a catastrophe with thousands of computers affected, including those of a major financial institution, an intelligence organisation and a large Internet Service Provider.

Egypt: Companies in Cairo sent workers home as their systems were paralysed by the virus. "It's a disaster," said one civil engineering firm.

The Gulf: Industry in the United Arab Emirates estimated that 5-10% of computers had been affected, while there were reports from Qatar of the infection reaching "epidemic" proportions.

Turkey: Banks, police departments, an army school, state television and government offices were hit.

Chernobyl has not been propagated to the same extent as the recent Melissa virus, which jammed networks with e-mail, but it has caused far greater damage.

End of cut and paste.

The most significant statement seems to be: "In the West, companies had protected their computers with anti-virus programs that killed it, but in Asia and the Middle East the same PRECAUTIONS HAD BEEN IGNORED in many cases" (emphasis supplied).

Not very encouraging for Y2K.

-- Old Git (, April 27, 1999.

Reports say the virus knocks out the BIOS so that the computers are rendered inoperable. Does anyone know if the computers must be completely replaced, or can they be made operable by a software fix?

-- Watcher5 (, April 27, 1999.


On newer machines that have a "Flash BIOS" the BIOS must be reloaded. Most, if not all of these machines have a jumper on the motherboard to keep programs like CIH from writing to the BIOS. Many people don't know about the jumper, and the factory default varies from machine to machine. This jumper should be enabled ONLY when one is updating their BIOS, and then disabled immediately after. <:)=

-- Sysman (, April 27, 1999.

PS - On older machines that do not have a Flash BIOS, CIH can not damage the BIOS. It can still wipe your hard drive though. <:)=

-- Sysman (, April 27, 1999.


Thanks for answer. The reason I asked the question was because I was wondering if there would be a huge spike in demand for new PC's. Any ideas?

-- Watcher5 (, April 27, 1999.

I got an email from a friend in Cairo, Egypt and her hard drive was completely erased by the Chernobyl virus. She wrote me from her puter at work.....

Are you ready for fun yet next year?

-- John (, April 27, 1999.

Watcher -

Folks who experience a "Chernobyl" don't have to buy new PCs, but they do have to completely re-initialize and re-install from backups. The PC isn't dead once CIH does its work; it's just very, very empty. Won't affect PC sales, but look for a nice little bump for the service departments at places like CompUSA as people bring their comatose PCs in for resuscitation.

Dang, am I glad I spent the $$$ on a tape backup and Norton Systemworks. Talk about dodging a bullet...

-- Mac (sneak@lurk.hid), April 27, 1999.

This demonstrates a couple of things to start with:

1 - the media remains utterly clueless and credulous when it comes to anything relating to computers (and particularly computer viruses).

2 - Y2K Doomsters remain utterly clueless and credulous when it comes to any news report about computer problems that can be compared to what they imagine Y2K to be like. (In plain English: they believe these things automatically, without even wondering if the reports could be horribly exaggerated -- as they are in this case.)

The BBC piece is far more ominous-sounding than ABC's coverage, and the claimed figures don't agree. (This is typical, by the way.)

Here are the facts.

CIH only affects PE files - ie, Win32 program files. (But the "payload" -- the disk erasure and FLASH overwrite -- doesn't work on NT, because the VxD calls used by the virus aren't available in that OS.) The claimed figures in some of the reports would represent more than the known installed base of PCs with Win95/98 in that particular nation!

The actual infection count hasn't been verified. The only way to do that is to actually examine the machines for traces of the virus and/or the virus's effects. You saw this same thing when Melissa first became the Story Of The Week: hundreds of thousands of machines were supposedly infected. An actual tally done later (which received almost no media attention) showed that probably only a few thousand machines -- total -- were ever harmed by the virus.

For those in need of a dose of skepticism, the Crypt Newsletter is STRONGLY recommended.

-- Stephen M. Poole, CET (, April 28, 1999.

If I understand the workings of this Chernobyl virus, if you just reload your applications and restore your data from backups, you've still got the virus on board. Is this correct?

If so the hard drive has to be reformatted, if you can boot up at all.

-- Tom Carey (, April 28, 1999.


Once again I point out that you keep jumping on people for speaking outside their area of expertise. Are you a virus expert? This is from CERT:

As of 1:30pm EDT (GMT-0400) April 27th, 228 sites including 2328 hosts have reported directly to the CERT Coordination Center that they have suffered damage by the CIH virus. Since not everyone reports incidents directly to the CERT Coordination Center, we believe the actual number of affected systems is higher.

Now try to connect the dots here Stephen. This is from the AP:

The United States suffered far less than other nations, and experts credited widespread warnings and updated antivirus programs with helping avert problems in the corporate world. Home users were hit harder.

Schrader said the countries hardest hit have widespread use of pirated software and lack recent virus software.

Turkey and South Korea each reported 300,000 computers damaged Monday, and there were more elsewhere in Asia and the Middle East. Officials said warnings there weren't heeded.

And about your remark that reported cases are larger that the installed base:

Some 250,000 -- or more than three percent of the country's total number of computers --

Stephen, your tunnel vision is really showing on this one. I've read at least a dozen web pages today on CIH. All are reporting more than 1,000,000 hits worldwide, and a few of these I don't consider clueless when it comes to computers, like InfoWorld and ZDnet. So who should we believe?

Now when it comes to opinions about Y2K, I tend to give a little more weight to people with PhD after their name, than I do someone with CET. Nothing personal Stephen, just the way I feel. <:)=

-- Sysman (, April 28, 1999.

Yes, Sysman, I know viruses, but I've already stated that I hate that word "expert" in conjunction with Y2K.

If you had visited the Crypt News site and looked at some of the back issues, you would have known that. And speaking of the Crypt -- George Smith's Virus Creation Labs is strongly recommended reading here, too. :)

It's a boring story that I may tell on my Web Site someday when I get time. I was dragged into the AV circus by friends and associates who wanted my knowledge of DOS and Windows' internals. (That's why one major AV vendor in Canada, for example, hired me to help them with their package a couple of years ago.)

Wait a week or two for the final figures to come out. They'll be several orders of magnitude lower than these initial figures. They _always_ are. (Same as Melissa. Same as Michelangelo and too many other examples to count.)

Besides, this will actually end up supporting my point -- that computers fail now and we work around them. A couple of months from now, it'll be a faint memory. Watch and see.

-- Stephen M. Poole, CET (, April 28, 1999.


That depends on when you did your last backup. If you backed up infected files, you'll still have the virus.

Go download Thunderbyte, F-Prot, AVP, or one of the other good AV programs. They'll have instructions and a utility for removing the virus.

-- Stephen M. Poole, CET (, April 28, 1999.


Sorry, I should have been more specific. Download one of these programs on a known-clean computer (say, at a friend's desk). It's better to use the DOS version of these programs, too.

-- Stephen M. Poole, CET (, April 28, 1999.


Damn, we actually agree on something! F-prot is one of the better AV programs.

Oh well, we can't agree on too much, or this wouldn't be any fun! Here's a snip from ZDNN dated today.

"The Republic of Korea was hit equally as hard -- with anywhere from a government-admitted 240,000 computers hit to the industry's estimate of 600,000."

Looks like the count is going way up, and is going to have to come down quite a bit to hit 1,000,000. Once again, time will tell. See ya! <:)=

-- Sysman (, April 28, 1999.

This was in Sysman's post of AP story:

"Schrader said the countries hardest hit have widespread use of pirated software and lack recent virus software."

I'm sure Schrader mean't to say lack of recent anti-virus software.

In addition, I'm sure he just forgot that the U.S. is the world leader in pirated software, not those 'other' countries.

-- PNG (, April 28, 1999.


Re: flash bios jumper settings at read only. From a security perspective, good point and easily doable in a home or small office setting. Here's what we found: As part of our Y2K compliance we updated to current bios releases (whether needed or not for Y2K). If a more recent Bios release was available, the desktop (approx 750) got it during Y2K testing. For our installed base (primarily IBM) we didn't have to pop a single cover to do a BIOS update.. (and we didn't pop to set to read only afterwards.) This made the techs doing the work very, VERY happy. It kept user's desktop disruption to a minimum.

However, this was the first time we did across the board Bios upgrades. In corpoarte setting it can be a tougher call - risk vs. easy of legitimate servicing.


-- john hebert (, April 28, 1999.

Good evening John,

Yes, I hear ya. I haven't been involved with a "big" company for many years, and when I was, it was only a few PCs and the rest were 3270 terminals. Your comment does have merit. Pulling the cover isn't always easy. People stick their machines in corners, stack all kinds of stuff on top, and around, and cables are often too tight to move even a few inches. But here's the way I look at it. I assume that your 750 machines are on a network. CIH is known for spreading itself from servers. If your company did get hit, and your machines' BIOS was protected, at least you could boot the machine, and restore form the last backup. This does assume that you have a backup plan. However, if you can't even boot the machine, which is the case if CIH hits the BIOS, your tech guys are going to be having a whole bunch of fun! BIOS upgrades are few and far between. IMHO it's worth the extra effort to protect yourself. <:)=

-- Sysman (, April 28, 1999.

PS - I always think of something more after I hit the button! CIH is not the only virus known to mess with a BIOS. Just about every day, a new virus shows up. What it does depends on how demented the programmer is. Being an assembly guy since the original PC, I could come up with a nasty one. I'm just not into it. Cover your ass. <:)=

-- Sysman (, April 28, 1999.

Moderation questions? read the FAQ