Misplaced Pages

#860139

27-542: CIH or cih may refer to: CIH (computer virus) , also known as Chernobyl and Spacefiller CIH Bank , a wholly owned subsidiary of the Moroccan Caisse de dépôt et de gestion Capricorn Investment Holdings , a southern African umbrella for the Capricorn group of companies Certified Industrial Hygienist , professional credential for occupational hygienists in

54-498: A challenge against bold claims of antiviral efficiency by antivirus software developers. Chen stated that after classmates at Tatung University spread the virus, he apologized to the school and made an antivirus program available for public download. Weng Shi-hao (翁世豪), a student at Tamkang University , co-authored with the antivirus program. Prosecutors in Taiwan could not charge Chen at the time because no victims came forward with

81-818: A dropper routine for the CIH virus was circulated around the internet under the guise of a nude picture of Jennifer Lopez . A modified version of the virus called CIH.1106 was discovered in December 2002, but it is not widespread and only affects Windows 9x-based systems. CIH spreads under the Portable Executable file format under the Windows 9x-based operating systems, Windows 95, 98, and ME. CIH does not spread under Windows NT -based operating systems nor Win16-based operating systems such as Windows 3.x or below. CIH infects Portable Executable files by splitting

108-462: A lawsuit. Nevertheless, these events led to new computer crime legislation in Taiwan. The name "Chernobyl Virus" was coined sometime after the virus was already well known as CIH and refers to the complete coincidence of the payload trigger date in some variants of the virus (actually the virus creation date in 1998, to trigger exactly a year later) and the Chernobyl disaster , which happened in

135-435: A very small number of rooms, and have the " save game " feature disabled. Demos of sports games usually limit play to an accelerated half-time or complete match between a small number of teams (which at the same time led to the practice of "demo expanders" that allow the tweaking of some of those settings). Likewise, demos of racing games are ordinarily restricted to a single race with a pre-selected car. A non-playable demo

162-536: Is a recording of game-play, either recorded in a video, or played through using the game's own engine showing off the game's features. They are mainly displayed at gaming conventions , such as E3 , when the game is still in early production as a technology or game-play preview. Such demos might also be distributed through the Internet or with magazines as trailers for an upcoming game, or featured at retail stores (often among playable demos). Most games also play demos if

189-612: Is considered extremely dangerous, first involves the virus overwriting the first megabyte (1024KB) of the hard drive with zeroes, beginning at sector 0. This deletes the contents of the partition table , and may cause the machine to hang or cue the blue screen of death . The second payload tries to write to the Flash BIOS . BIOSes that can be successfully written to by the virus have critical boot-time codes replaced with junk. This routine only works on some machines. Much emphasis has been put on machines with motherboards based on

216-557: Is significant fragmentation. If the second payload executes successfully, the computer will not start at all. Reprogramming or replacement of the Flash BIOS chip is then required, as most systems that CIH can affect predate BIOS restoration features. Game demo A game demo is a trial version of a video game that is limited to a certain time period or a point in progress. A game demo comes in forms such as shareware , demo discs, downloadable software , and tech demos . In

243-539: The Intel 430TX chipset , but by far the most important variable in CIH's success in writing to a machine's BIOS is the type of Flash ROM chip in the machine. Different Flash ROM chips (or chip families) have different write-enable routines specific to those chips. CIH makes no attempt to test for the Flash ROM type in its victim machines and has only one write-enable sequence. For the first payload, any information that

270-549: The Soviet Union on April 26, 1986. The name "Spacefiller" was introduced because most viruses write their code to the end of the infected file, with infected files being detectable because their file size increases. In contrast, CIH looks for gaps in the existing program code, where it then writes its code, preventing an increase in file size; in that way, the virus avoids detection. The virus first emerged in 1998. In March 1999, several thousand IBM Aptivas shipped with

297-424: The CIH virus, just one month before the virus would trigger. In July 1999, copies of remote administration tool Back Orifice 2000 given out to DEF CON 7 attendees were discovered by the organizers to have been infected with CIH. On December 31, 1999, Yamaha shipped a software update to their CD-R400 drives that was infected with the virus. In July 1998, a demo version of the first-person shooter game SiN

SECTION 10

#1732779740861

324-581: The PC. Technically, however, it was possible to replace the BIOS chip , and methods for recovering hard disk data emerged later. Today, CIH is not as widespread as it once was, due to awareness of the threat and the fact that it only affects older Windows 9x ( 95 , 98 , ME ) operating systems. The virus made another comeback in 2001 when a variant of the LoveLetter Worm in a VBS file that contained

351-592: The United States IATA code for Changzhi Wangcun Airport The Chartered Institute of Housing , a UK-based professional society ISO 639-3 code for the Chinali language Opel cam-in-head engine , a series of vehicle engines Chromogenic immunohistochemistry Topics referred to by the same term [REDACTED] This disambiguation page lists articles associated with the title CIH . If an internal link led you here, you may wish to change

378-426: The advent of online services for consoles, demos are also becoming available as a free or premium download. Console manufacturers also often release their systems with a demo disc containing playable previews of games to be released for their console. The availability of demos varies between formats. Systems that use cartridges typically did not have demos available to them, unless they happen to be digital, due to

405-498: The adventure. Racks of games on single 5 1 ⁄ 4 " and later 3.5" floppy disks were common in many stores, often very cheaply. Since the shareware versions were essentially free, the cost only needed to cover the disk and minimal packaging. Sometimes, the demo disks were packaged within the box of another game by the same company. As the increasing size of games in the mid-1990s made them impractical to fit on floppy disks, and retail publishers and developers began to earnestly mimic

432-419: The amount of time playable in the game. However, some demos provide content not available in the full game. In other cases, a demo may differ from the equivalent section in the full game, when the demo is released as a preview before the full game is completed. Demos for platform or other action games generally only include the first few levels of the game. Demos of adventure games are often limited to

459-564: The bulk of its code into small slivers inserted into the inter-section gaps commonly seen in PE files and writing a small re-assembly routine and table of its own code segments' locations into unused space in the tail of the PE header. This earned CIH another name, "Spacefiller". The size of the virus is around 1 kilobyte , but due to its novel multiple-cavity infection method, infected files do not grow at all. It uses methods of jumping from processor ring 3 to 0 to hook system calls. The payload, which

486-463: The cost of duplication, whereas systems supporting more cheaply produced media, such as tapes , floppy disks , and later CD-ROM and DVD-ROM , do. Now, the Internet is the main source for demos, as nearly all game developers and platforms focus on online distribution. Game demos come in two variations: playable and non-playable (also called a "rolling demo"). Playable demos generally have exactly

513-406: The early 1990s, shareware distribution was a popular method for publishing games for smaller developers, including then-fledgling companies such as Apogee Software (now 3D Realms ), Epic MegaGames (now Epic Games ), and id Software . It gave consumers the chance to try a trial portion of the game, usually restricted to the game's complete first section or "episode", before purchasing the rest of

540-521: The early 1990s, shareware could easily be upgraded to the full version by adding the "other episodes" or full portion of the game; this would leave the existing shareware files intact. Demos are different in that they are "self-contained" programs that cannot be upgraded to the full version. An example is the Descent shareware versus the Descent II demo; players were able to retain their saved games on

567-466: The entire drive and the first copy of the FAT can be restored from the second copy. This means a complete recovery with no loss of user data can be performed automatically by a tool like Fix CIH . If the first partition is not FAT32 or is smaller than 1 GB, the bulk of user data on that partition will still be intact, but without the root directory and FAT it will be difficult to find it, especially if there

SECTION 20

#1732779740861

594-511: The former but not the latter. Magazines that include the demos on a CD or DVD and likewise may be exclusive to a certain publication. Demos are also sometimes released on cover tape/disks , especially in the United Kingdom and mainland Europe , but given the increasing size of demos and widespread availability of broadband Internet, this common practice throughout the 1980s and 1990s gradually lost cover focus to full games . With

621-406: The link to point directly to the intended article. Retrieved from " https://en.wikipedia.org/w/index.php?title=CIH&oldid=945042924 " Category : Disambiguation pages Hidden categories: Short description is different from Wikidata All article disambiguation pages All disambiguation pages CIH (computer virus) Chen claimed to have written the virus as

648-402: The practice, shareware games were replaced by shorter demos that were either distributed free on CDs with gaming magazines or as free downloads over the Internet, in some cases becoming exclusive content for specific websites . Shareware was also the distribution method of choice of early modern first-person shooters (FPS). There is a technical difference between shareware and demos. Up to

675-414: The same gameplay as the upcoming full game, although game advancement is usually limited to a certain point, and occasionally some advanced features might be disabled. A non-playable demo is essentially the gaming equivalent of a teaser trailer . Generally, playable demos are stripped-down versions of the full game, restricting game-play to some levels , only allowing access to some features, or limiting

702-457: The virus has overwritten with zeros is lost. If the first partition is FAT32 , and over about one gigabyte , all that will get overwritten is the MBR , the partition table, the boot sector of the first partition and the first copy of the FAT of the first partition. The MBR and boot sectors can simply be replaced with copies of the standard versions; the partition table can be rebuilt by scanning over

729-453: Was infected by one of its mirror sites. CIH's dual payload was delivered for the first time on April 26, 1999, with most of the damage occurring in Asia . CIH filled the first 1024 KB of the host's boot drive with zeros and then attacked certain types of BIOS . Both of these payloads served to render the host computer inoperable, and for most ordinary users, the virus essentially destroyed

#860139