ITrain Homepage

Site Directory
Membership
Train-the-Trainer
Trainer Certification
Certified Training Materials
ITinfo E-zine
Responsible Training
White Papers
Trainer Resources
What's New
Speaking Engagements
Onsite Training
ITrain Gear



Popular Links
Speaking Engagements
Training Manuals
Certification
Train the Trainer
The Training Book
Technical Writing
Privacy Policy

Print this document

Google
Web ITrain.org

Serious Virus Threat

Details of common computer virus

ITinfo Sponsor

ERROR: Random File Unopenable

ERROR: Random File Unopenable

The random file, as specified in the $random_file perl variable was unopenable.

The file was not found on your file system. This means that it has either not been created or the path you have specified in $trrandom_file is incorrect.

W32.CIH Spacefiller Virus Details

by Dave Murphy
ISSN 1535-3613

Dave Murphy, ITrain founder The following details are excerpted from the Network Associates virus information database.

The W32.CIH.Spacefiller virus originated in Taiwan in early June 1998 and within one week was worldwide. The virus infects Windows 95 and 98 executable files and will quickly infect all the files of this type it can find.

When an infected file is run, the virus becomes memory resident. It will then infect other files when they are copied or opened. Infected files will be the same size as the original file because of the unique infection techniques used, so this make the virus difficult to detect. The virus will first look for empty spaces in the file, then it will break itself up into small fragments and hide in the file. However the virus has some bugs, and in some cases can crash your computer, when infected applications are run.

The virus can overwrite or delete information on the hard drive by using direct disk-writes calls, bypassing standard BIOS virus protection, while overwriting the MBR (Master Boot Record) and boot sectors. It can also overwrite certain flash BIOS chipsets on some machines from a 486 through a Pentium II, which have flash BIOS.

Some computers have a jumper on the motherboard, which acts as hardware write protection. Some machines also have a DIP switch, which allows the flashing BIOS to be disabled. There are some newer computers that cannot be protected by the switch and therefore are vulnerable to the virus. If payload executes it will leave the PC inoperable unless the BIOS is restored or replaced.

McAfee Labs now has a cleaner for this virus in VirusScan 3.2.0 engines and above. You will need the 3109 or greater datfiles (antivirus data files) in order to detect and clean this virus.

McAfee's VirusScan is our recommended anti-virus program.

McAfee's website is www.mcafee.com.

Subscribe to ITinfo.
Receive computing and Internet news & tips
by subscribing to the ITinfo information service.
Type your Internet email address in the form, and click "Subscribe."
Email Address:

Previous issues are on our website at http://itrain.org/itinfo/.

International Association of Information Technology Trainers
PMB 616
6030-M Marshalee Dr
Elkridge, MD 21075-5987

410.567.5366
1.888.290.6200
fax 801.650.0423
Membership Director: member@itrain.org

Return to ITrain Homepage

Copyright © 1998 International Association of Information Technology Trainers, All Rights Reserved

http://itrain.org/itinfo/1998/it981215a.html
updated December 15, 1998