Hi,

Recently I came to know that this is a virus, probably Chernobyl (CIH) which damages my HardDisk. It happened last year for the first time on 26 April and I lost my data, I was about to throw the HD away as I thought it's gone or dead, but a friend of mine re-partitioned it and it was good to have it back but without my data . Now again this year on 26 April, while I was watching DVD of Mind Your Language at around 09:00PM (5+ GMT), system freezed, I restarted it and it didn't boot and said that my hard disk configuration is not right, and check my manuals and stuff to properly configure my hard disk. I have 2 hard disks and this was a Slave one and I also had my OS XP Pro on it. I had dual boot, primary has Win2K and this one had XP Pro. My primary HD is safe, no problems with it.

Anyways, a friend told me that this happned because of the Chernobyl virus and it will happen again on 26 April in 2006. He also told me that the data can be recovered from this HD and then after making the partitions using Partition Magic the hard disk is useable again till next 26 April. Another solution that he told me is that a day before 4/26, change the date to a date after 26 April, e.g. 27 or 28 April, this way the virus won't activate and my hard disk will live for next one year. My question is, what if I forget to change the date before 26 April? Surely, I'll lose all the data again. Oh, BTW, I have recovered my data from this hard disk using EasyRecovery Professional so even if my hard disk is destroyed again I can get data back, but why should this virus be left sleeping in HD till April 26, 2006? I want to remove it from my HD for ever...Any ideas how?

BTW, I have also installed McAfee for more than 8 months and during this time I have scanned my computer for viruses for hundreds of times but McAfee never said anything about Chernobyl. Why?

Little Info: I did some google and also searched SAF for Chernobyl before posting this problem, but I didn't find any solution, or perhaps I didn't know what exactly to look for.

Thanks in advance.

There's a lot of information about the virus here.

Additionally, there is a lot of information and a removal tool here at Symantec.

Hello Dashwood95

Thanks for providing me the links to websites dealing with CIH. I downloaded the CIH Remover from Norton's site but Removal Tool said my computer can't be infected with CIH because I'm running Win2K. I read on Norton's Website that CIH only infects Win95/98. NT and 2K are not inftected with CIH. When CIH busted me I was using XP Pro which I had installed on a secondary hard disk, I had Dual Boot with Win2K and XP Pro. May be CIH is not in any software but lying somewhere in MBR or BIOS?? And when I again install XP Pro it might again spread the infection and destroy my data??

I read on Norton's website that there are many variants of CIH, some execute on 26 of every month, some on 26 June and some on 26 April. I don't know which one is in my hard disk.

Thanks again for the help, DW95.

tahirmirza, go to the top of the page, virus info, and click on free virus scan. If you have that virus, this should pick it up. Of course, so should McAfee. See what that says and post back.
kenneth

Hello Kennethr, thanks for the reply. I have scanned my computer using the Free Virus Scanner @ SAF but nothing found. No file is infected with any virus. Since, I'm Using McAfee I never have any problem with viruses. Indeed McAfee is a great anti-virus but it also never reported any file infected with CIH. Is there any way to scan BIOS for viruses? Perhaps its there?

Thanks again.

You actually had CIH in this day and age? How incredibly odd considering it is a decade old. There were quite a few variants, but antivirus software has detected them by default for a long time. The original cannot infect NT/2000/XP. Yes, you had to use a neutralizing tool before removing it with your antivirus program because it will infec t every file the av scans. If you had it in your system too long, the trigger dates would mean a BIOS flash and your system would've been finished. You can't have CIH in that system.