Skip navigation.

Another modern classic: Virus.Win9x.CIH

This was a pretty widespread and nasty virus years ago that would flash the bios of the host machine with garbage on April 26.

MD5: 862582b7072427a095aaac9c6a93f81f
SHA1: 62c1895018a7b521504f6531e1e4f56ba15cec01

AntiVir Found CIH #1
ArcaVir Found W95.CIH.1003
Avast Found Win95:CIH 1.x
AVG Antivirus Found Win32/CIH
BitDefender Found Trojan.Win95.Flashkiller
ClamAV Found CIH.2
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing

thanks man

wasnt this the virus that eneded up on the bo2k cds somehow back in the day?

good work on the md5 collision stuff too :)



These detection results are pretty disappointing.. anyone know why? Are these just too old?

Reason for detections being low

In the case of kaspersky the detection is not present because the detection causes false alarms. It's available from their website.

Nothing to worry about anyways... it's not ITW.

Ian Kenefick


That file seems corrupted :(

*Kaspersky Anti-Virus On-Demand Scanner for Linux. Version 5.5.3/RELEASE build #100, compiled Jul 27 2005, 15:36:21

Virus.Win9x.CIH.exe CORRUPTED

*SWEEP virus detection utility
Version 4.01.0 [Linux/Intel]
Virus data version 4.01, January 2006

Virus fragment 'W95/CIH-10xx' found in file /Virus.Win9x.CIH.exe

Best resgards

if the detection of others

if the detection of others AV is so low, i suppose it is because the sample is not good.

Did you try to replicate it before posting it?