Not having any anti-virus software installed on my computer, I didn't really know I had a virus until I started exploring why I was getting a strange error when every WinZIP Self-Extracting archive without question was giving me a strange error upon execution. I started poking around the Internet a bit and discovered the horrible truth: PhoneBoy's computer had contracted a virus.
A computer virus is much like it's biological cousin. It is designed to quickly spread from host to host. While humans and animals tend to be hosts for biological virii, executable programs are the "host" for computer virii. As an infected program is executed on a computer, the virus code is loaded into memory. It then will "attach" itself to subsequent programs that run. Computer virii also can make their home in Microsoft Word and Excel documents (typically referred to as a Macro Virus), boot sectors, your computer's BIOS, or any other object or place where instructions can be executed.
Like biological virii, there are some computer virii are benign in nature and are just designed to spread. Most computer virii fall into this category. Some virii, if left undetected, can cause serious damage to your computer: corrupting programs, deleting important data, or destroying your entire hard disk. It is important that viral infections, both biological and computer, be handled properly to prevent it from spreading and causing anymore damage than it already has.
The last time I did serious battle with viruses on my home turf, I owned a Macintosh. I felt stupid to admit it: I had no anti-virus tools around. But having fought this battle before, I knew what I had to do and how I needed to do it. I had to hunt down something on the net and fast. Worse, I didn't trust any of my Windows-based machines because I didn't know how far and wide my virus infection spread. I haven't heard of any virii that affect Linux and I have no vestiges of DOS or Windows on my Linux box, so I figured it was a reasonably virus-free machine to use. I downloaded the free (for personal use) version of F-PROT and uncompressed the appropriate files onto a fresh floppy. I write-protected this floppy to prevent the little buggers from infecting my virus programs.
I found my "use in case of emergency" boot floppy. After properly shutting down and powering off my suspect system (to make sure I clear out any viruses in memory), I made sure my boot floppy was write protected and used it to boot up my infected computer. Once DOS loaded up, I swapped in my write protected disk with the F-PROT programs and ran the F-PROT program. Sure enough, I found over 400 of my executable programs infected with the CIH virus. The Data Fellows Virus Information Center had this to say on the CIH virus:
CIH virus infects Windows 95 and 98 EXE files. After an infected EXE is executed, the virus will stay in memory and will infect other programs as they are accessed.Needless to say, I breathed a sigh of relief as I had caught it before it either destroyed my data or infected my BIOS so that my machine wouldn't boot. But I did do one really bad thing: I distributed a program infected with that CIH virus. Only a few people downloaded it, but I still felt bad. I also posted a clean version of this program and posted a big warning on the webpage where it is available. I figured that, unlike our President, full disclosure was the best policy.[...]
What makes the CIH case really serious is that the virus activates destructively. When it happens the virus overwrites most of the data on the computers hard drive. This can be recovered with recent backups.
However, the virus has another, unique activation routine: It will try to overwrite the Flash BIOS chip of the machine. If this succeeds, the machine will be unable to boot at all unless the chip is reprogammed. The Flash routine will work on many types of Pentium machines - for example, on machines based on the Intel 430TX chipset. On most machines, the Flash BIOS can be protected with a jumper. By default, protection is usually off.
Following similiar procedures, I booted up all my computers and ran the virus scanners against them. Only my laptop and my main desktop computers were infected with the CIH virus. One file on a work-related computer was infected, but I did not run the program on that computer, so I got lucky. One computer, the computer my better half uses, was given a clean bill of health. I guess she practices safer computing practices than I was. ;-)
The morals of the story: