Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VIRUS W95/CIH.1003a NOT MUCH TIME LEFT B4 IT'S 2 LATE

Status
Not open for further replies.
SPYDERIX

SPYDERIX

Technical User
Jan 11, 2002
1,899
CA
Hi,

I'm writing on behalf of my friend here.

He recently got the W95/CIH.1003a virus, and can't get rid of it. He has gone to the mcafee.com site, and was given this info (verbatim):
=========================================================
Removal Instructions:

Use specified engine and DAT files for detection. To remove, boot to MS-DOS mode or use a boot diskette and use the command line scanner such as:
SCAN C: /CLEAN /ALL
=========================================================

The question: How do you use this command, everytime my friend uses it he just comes up with a bad command error.
I told him to try running the command in:
C:C:\WINDOWS
C:\WINDOWS\COMMAND
But he keeps getting the same error and he only has till the 26th of this month till his computer is GONE. There are no files on the computer to locate. The virus is located in the BIOS. Can you format the BIOS and re-install it, or how do you use the above command.

Haste in your response is greatly appreciated.
Thanks


[deejay]
Nate
"If you're not living on the edge, you're taking up too much space!"
 
Sort by date Sort by votes
When I looked up command line scaning in the help files for mcafee virusscan it says exactly what you said above... It also says that scan.exe comes with virusscan. Does your friend have virusscan software? I'm not familiar with other scan software, but it could be possible that they have different commands. I know this doesn't really help, but it is some info.

Glenn
 
Upvote 0 Downvote
He has mcafee virus scan. Is it possible that he might run this command in his C:\PROGRAM FILES\MCAFEE\ folder???

I'll get him to try that.
Thanks

[deejay]
Nate
"If you're not living on the edge, you're taking up too much space!"
 
Upvote 0 Downvote
From help files... 2. says change to the dir taht contains virusscan.

1 Click Start in the Windows taskbar, point to Programs, and then choose Command Prompt on Windows NT Workstation v4.0 and Windows 2000 Professional systems or MS-DOS Prompt on Windows 95 and Windows 98 systems.

2 Change to the VirusScan Engine directory. If you installed VirusScan software with its default Setup options, you’ll find the directory in this path:

C:\Program Files\Common Files\McAfee VirusScan\VirusScan Engine\4.0.xx

Note: If you add this directory to the path statement for your system, you do not need to change to this directory to run VirusScan Command Line software.

3 Type this line at the command prompt:

scan [target: drive, path, or filename] /[options]

hope this helps

Glenn
 
Upvote 0 Downvote
Dude,
For starters, I would go here and run an antivirus scan.
This is accually the first time I've ever taken a good look at the write up for CIH, and believe me, if it gets your BIOS...you're fried. :-( Dodge Charger
 
Upvote 0 Downvote
The virus did get into his BIOS and unfortuneately none of these suggestions worked, but he has taken it to a computer shop to be repaired. So I'll post back with the solution that will fix his computer so that anyone else who might happen to get this virus will be able to solve it themselves without having to pay someone to do it.

Thanks for all the help. [deejay]
Nate
"If you're not living on the edge, you're taking up too much space!"
 
Upvote 0 Downvote
Formatting won't get rid of the virus that's in the BIOS will it, I don't think so. [deejay]
Nate
"If you're not living on the edge, you're taking up too much space!"
 
Upvote 0 Downvote
You have to move to directory where scan.exe resides. Typing command out of path yields BCFN (bad command or filename). When you boot to DOS the PATH isn't defined! smitee
 
Upvote 0 Downvote
He tried that but it didn't work. Should he have run the command in Windows DOS Prompt, instead of re-starting in DOS? [deejay]
Nate
"If you're not living on the edge, you're taking up too much space!"
 
Upvote 0 Downvote
What kind of computer does he have??
Most manufacturers put out flash bios updates for computers, if you can flash his bios, and format quickly maybe it'll be gone, and he'll be virus free. I can't be for sure. This is just a reccomendation if the shop guy can't fix it...:) Dodge Charger
 
Upvote 0 Downvote
He has a Compaq laptop with Windows 98.

Can you format your BIOS and re-install your BIOS while your're in Windows? [deejay]
Nate
"If you're not living on the edge, you're taking up too much space!"
 
Upvote 0 Downvote
No, the only way you can do anything with your BIOS, is flash it. Go to Compaq's site, and look at the downloads. Maybe they have a flash bios upgrade. Dodge Charger
 
Upvote 0 Downvote
If the virus had already overwritten the BIOS, the computer would most likely not boot at all. It was resident in memory but wouldn't affect the BIOS until it delivered its payload on the 26th.
The only way to fix that would be to replace the actual BIOS chip - you can't flash the BIOS if you can't boot to a floppy.
 
Upvote 0 Downvote
You're right. I hadn't even thought of that.
And if you had to replace the chip, wouldn't it be cheaper to just replace the whole board? Dodge Charger
 
Upvote 0 Downvote
Out of curiosity, couldn’t you pull out the timer battery like in the older computers and have the bios reset to factory defaults that are/were hardwired? (If the laptop is set with EEP bois chips? or is flashing the 'newer' techo-term?) --MiggyD

Never be afraid to try something new. Remember that amateurs built the Ark. Professionals built the Titanic.
 
Upvote 0 Downvote
I had to pull the battery in my computer one time cause it went dead, and it didn't do anything to my BIOS. Dodge Charger
 
Upvote 0 Downvote
No, not just the PS but the CMOS battery? But then again it may not be appropriate in this situation as it is a laptop in which there is no room for external battery.

So again, is "flashing" the newer term for reseting EEPROM chips?
--MiggyD

Never be afraid to try something new. Remember that amateurs built the Ark. Professionals built the Titanic.
 
Upvote 0 Downvote
Hi Guys,

Here is a link to a page that describes the virus and also links to a specific fix that will remenove the CIH virus, also known as Chernobyl.


regards Michael
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pjw001
  • Locked
  • Question
Latest Windows Update - End of Service
Replies
2
Views
951
pjw001
pjw001
pjw001
  • Locked
  • Question
Programs not loading on Windows 11 Version 22H2.
Replies
9
Views
450
pjw001
pjw001
VicM
  • Locked
  • Question
Change name not showing in user account 1
Replies
13
Views
378
guitarzan
guitarzan
Flinx
  • Locked
  • Question
Nero Burning ROM not seeing disk change 2
Replies
3
Views
271
gbaughma
gbaughma
hotfusion
  • Locked
  • Question
Win98: Adjust mouse hover select time? 4
Replies
9
Views
203
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top