Virus

Analysis

This detection covers several variants of the CIH virus, a PE file infector that injects its code into the cavities of host files. The virus uses a cavity filler technique to implant itself into host files, embedding itself in such a way that cleaning is not always possible. This virus targets the Windows 95/98/Me operating systems. In some variants, the virus has a date activated payload of overwriting CMOS data, causing corruption and a possible inability to boot.

Recommended Action

Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option

ID	321884
Released	Feb 23, 2005
Description Updated	Feb 23, 2005
Platform Profile	Win95 file format

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

W95/CIH_Family

Analysis

Recommended Action

Telemetry

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

Virus

W95/CIH_Family

Analysis

Recommended Action

Telemetry

Threat Intelligence
Center