Virus.Win9x.CIH/Chernobyl Destroying a Physical Computer


Hello everyone, it’s Thursday, April 26th, 2012, at 12:30 a.m. Now on this date, fourteen years ago, the “CIH” virus first displayed its devastating payload, in which it rendered many computers un-bootable due to it overwriting the BIOS, the basic input/output system. Now hopefully, we will be able to see that effect here today on this standalone computer, and hopefully it will destroy it like it has many thousands of other PCs. Now the virus is also known as “Space Filler”, as unlike normal executable-infecting viruses, which will write their code to the end. “CIH” will look for gaps in the program to which it writes its code. This is handy, as it helps the virus avoid detection, as it does not increase the file size of programs that it infects. Now we will go ahead and run it; the system date is currently set to April 25th, so we won’t get the payload immediately. So you see, it pretended to be some other file, some other file that it had already infected, but now “CIH” is present and will infect any executables run on the computer. So we’ll just run a few of these, and “CIH” will infect them, and every time you run these files, “CIH” will launch as well, instead of the program
you’re running. Alright, I think we’re ready to go here. We will switch the date to the 26th, and see if we can get it to activate. Now, normally I have to re-record videos a bunch of times, but with “CIH” and its devastating payload you only get one shot at this, so let’s hope it works. Here we go… and the computer should blue-screen; yes it has. “…in VxD, this was called from ‘blah blah blah…’ It may be possible to continue normally.” Let’s try it. We have a taskbar, and no desktop. You can press buttons – and now it’s frozen. So what it’s done is if this motherboard was compatible with it, it should have overwritten the BIOS and also overwritten – I think the partition table on the hard drive. So it doesn’t destroy any data, it just makes it inaccessible through normal means. You can still use tools to recover your data. So, let’s try rebooting! We’ll see how this goes. Just give me a moment here. We’ll hit the reset switch… and this computer should not boot anymore. We are not even getting any output to the screen. We’ll try turning off… …and turning it back on. Let’s see what happens. We are not getting anything. The hard drive light is on, and no output is being sent to the screen. I think “CIH” has done what it’s supposed to do. Let’s see here, I have a MS-DOS boot disk. We will see, if we can boot from the floppy, but we’re not even getting any BIOS messages on the screen, so I think this computer is toast. Alright, we have the MS-DOS disk in the drive… …and nothing. I’ve never seen this payload on a real machine before; it is quite amazing to see it actually do what it’s intended to do – which is completely destroy a computer. I mean, back in the 90s, you didn’t have re-flashable BIOSes, you basically had to send your motherboard back to the manufacturer. Now they could probably re-flash it, but that would cost you an arm and a leg and you’d probably just end up getting a new motherboard. So, “CIH” wasn’t very widespread, uh, since it was just the file infector; it didn’t have any email-spreading routines or anything
like that. But, as you can see, this computer is completely trashed, and will not boot at all. So, yeah, that’s really about it for the “CIH” virus. Thanks for watching, and it’s good to have a nice definitive video of it doing it’s devastating payload. Thanks for watching.

100 thoughts on “Virus.Win9x.CIH/Chernobyl Destroying a Physical Computer

  1. You said it was not wide spread. It was though. You would share files, and they were infected with CIH, it would store in the last bits of programs you had open, and eventually you would share another infected file. It was being spread for at least a year maybe more before it reached its date.
    I was infected with it. I wrote in ASM back then. I was careful to look at what it stored at the end of executables after I learned how it worked. The code & size was genius for its time

  2. I have a question: were you able to recover this PC by erasing and flashing the original BIOS to the ROM of the motherboard?

  3. I recently found out that the source code for this virus was actually put up on GitHub. It was all written in Assembly, and even had a month's worth of changes to it. So, if you wanted to see how the virus works, or even clone it, you can.

    Though, the page does tell you not to mess with it unless you really know what your doing.

  4. if there were something like this now. with email spread automaticly(no need for user interaction at all.) it would be DEADLY!

  5. when i was a child i some time scared of that BLOD of win 98
    i thought that the ghost of computer will haunt me

  6. when i was a child i some time scared of that BLOD of win 98
    i thought that the ghost of computer will haunt me

  7. I remember having watched a Chernobyl Virus video of yours, where you were silently shouting…
    "Blank… desktop! (…) Control + Alt + Delete…!"
    The screen was recorded potato-ish, like you are doing right now. And you claimed it was the first time you have seen the destruction. But that video…

    You deleted it, didn't you?

  8. 2012- нет
    2013 – нет
    2014 – нет
    2015 – нет
    2016 – нет
    2017 – нет
    2018 – нет
    2019 – НАСТАЛ ТВОЙ ЧАС!

  9. Почему это у меня в рекомендациях я не знаю, но это интересно!

  10. Since this is an old video I think you wouldn't check the comments but I'll write it anyway. At the time of CIH spreading I was working as a tech support for a small computer shop where we build and fix computers. Same day, we got over 50 computers killed by CIH. We had no idea how to fix it, internet wasn't common (and informative) as it is today. The solution we've found at the time was buying an eeprom programmer, remove BIOS chips from motherboards (only the ones with BIOS chip installed on a DIP Socket) and manually write bios firmware directly into it. Worked quite well, we managed to resurrect quite a few of those computers. Later Gigabyte released their first Dual Bios mainboard so they could avoid similar BIOS related problems. CIH was a big disaster for some people, but for me it was a new way of learning how things work. (Yes, I'm kind of glad CIH happened, sorry if you had trouble with it in the past)

  11. now… what would happen if this ran successfully in a virtual machine? would the app crash? would it do nothing?

  12. viruses before: COMPUER IS TOASTED INSIDE-OUT
    viruses now: google ads

    really my tab really has too many virus it spams google messages and ads, in one second more than 10 ads appear, I rebooted my tab wiped all data, and now im starting all over again in my tab

  13. For those wondering. The name CIH is derived from the developers name 'Chang ing Haou' who was in Taiwan at the time and by that time it was not illegal under Taiwanese cyber crime laws. He also now works for Gigabyte.

  14. Перезаписать микросхему bios дело 2-3 минут. Говорить о разрушительности вируса – большое преувеличение. Лечится элементарно.

  15. Самый нашумевший вирус в истории ПК. Вывел из строя невероятное количество компьютеров. Увы сегодня он не так опасен. Последние пару лет доминирует полиморфный boitkit!

  16. I, or my Pentium 100, was one of those victims of CIH 20 years ago. Watching this video makes me…well, NOSTALGIC.

  17. Цеплял я лет 18 назад эту хрень! Заметил поздно, избавился правда быстро!

  18. I remember this one, although my old AMD K6 56 mb ram and the AMIBIOS had some Safeguard option that displayed you a prompt screen when something tried to write into the bios. So i said nopeand i had my hard drive mirrored just a day ago. i just swapped it and laughed.

  19. Давайте залайкаем этот комент и пусть англичане подумают что здесь что то крутое)

  20. Why would you do this to a real computer?! I don't care if it's an old PC, you should treat it with the upmost respect! Use a VM!

  21. Is there anything that can be done to eradicate the virus and recover the computer, or are you just forced to wipe the entire drive with something like gparted and reflash the BIOS?

  22. Me:(screams)
    Everyone:what’s wrong with this video
    Me:I WASNT ALIVE WHEN THIS WAS MADE
    computer dannoct1 is using:

    YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA YOU ARE AN IDIOT HAHAHAHAHAHAHA (restarts)

  23. 1996: hello dont mind me as i start corrupting/deleting ur files slapping ur pc onto a botnet and frying the motherboard of ur pc ok thanks
    2019: hi
    *ad*
    bye

Leave a Reply

Your email address will not be published. Required fields are marked *