YOU’RE NOT VIEWING PANDA SECURITY USA. CLICK TO IMPROVE YOUR EXPERIENCE
VISIT PANDA SECURITY USA
x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with 50% off
RENEW NOW
x
48-HOUR OFFER
50%
RENEWALS
Home users only
RENEW AT A DISCOUNT
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET 50% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET 50% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET 50% OFF
x
UP TO
-60%
BUY NOW
x
UP TO
-60%
BUY NOW
Special Offer Back to School50 %OFFFREE CLEANUPProtect your devices
Active Scan. Scan your PC free

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Chernobyl

Threat LevelHigh threatDamageSevereDistributionNot widespread

Effects 

On April 26, Chernobyl activates and carries out the following actions:

  • It deletes all information from the hard disk by formatting it.
  • It deletes the content of the BIOS in computers with an Intel Pentium microprocessor (based on 430TX).
  • It infects executable files with an EXEextension used in Windows 98, Windows 95 or Windows NT computers.

Infection strategy 

The routine followed by Chernobyl in order to carry out its infection is:

  • It detects when a file with an EXE extension is used. It does this by capturing the IFS (Installable File System)
  • It infects files with an EXE extension without arousing suspicion because it does not increase the file size. In order to do this, it distributes its infection code in the unused spaces in these files.
  • EXE files in PE (Portable Executable) format contain quite a few empty spaces. This is the reason Chernobyl targets them.
  • In Windows 2000 Pro or Windows NT computers, Chernobyl goes memory resident every time an infected EXE file is run.
  • It infects all the EXE files accessed by the user or the system in Windows 98 and Windows 95 computers.

Means of transmission 

Chernobyl does not use any special means of transmission. It can spread through the means normally used by viruses: e-mail messages, computer networks, FTP file transfers, CD-ROMs, floppy disks, etc.

Further Details  

In order to give you further information about Chernobyl, below is a list of interesting facts:

  • It first appeared in Taiwan, according to the Taipei authorities at the time.
  • It was created by 24 year old Chen Ing-Halu. The initials of his name CIH are one of the other names by which Chernobyl is known.
  • The first people to be infected were groups of software pirates dedicated to transferring games files over the Internet. Through these groups, Chernobyl very rapidly proliferated worldwide.
    CIH v1.2 TT IT.
  • Chernobyl is also the name of a virus family. This means that there are other viruses, which are similar  (variants), but slightly different. Below is a list of the most common ones:

The variant Chernobyl.1010 activates on June 26 and its code contains the following string: CIH v1.3 TT IT.

The variant Chernobyl.1019 activates on the 26 of any month and its code contains the following string: CIH v1.4 TATUNG.

ARE YOU FACING ANY PC OR INTERNET RELATED PROBLEMS?
FREE SUPPORT INCLUDED. CALL US 24/7

powered by Anytech365

0203 769 3439