Chernobyl - What can you do?

ZDNet News has had several emails asking 'what can I do?' So here's our non-definitive answer to getting started again.

What are the symptoms?

CIH is very easy to spot. An infected machine does not load windows, has no access to the hard disk, and in some cases will not even light the floppy disk light when powered up.

Is all my data lost?

Here's the good news. Almost certainly not. Without performing a low-level format on the hard disk, the data remains where it is, but the maps that navigate around the data are lost.

CIH attacks the BIOS, the maps and start-up instructions that tell the computer what to do, when to do it, and where to start looking for data.

Some rare cases of infection have managed to over-write the BIOS, causing the computer to fail even when performing a simple task like checking the floppy drive. If that is the case, you probably need to take your computer, hard drive and all, into a data recovery house.

But these cases are rare, and the chances are that when you switch your computer on, it will light a few lights, try the floppy drive, and then sit there, limply waiting for you to shout at it.

How do I get my data back?

There are three ways we've found that will get your data back in one day. Respectively they are costly, budget, and highly risky.

1. Seek the help of a data recovery service. Engineers will take the computer apart and recover the data to a separate disk. Likely to cost whatever you can negotiate -- and if you're in tears your bargaining power is low.

2. Ontrack have a do-it-yourself data recovery package and a free trial version that you can download onto a healthy computer. Use that file to make a bootable floppy, stick the floppy in the unhealthy machine and boot it. The free software will tell you if you can recover your files or not. If you want to recover the files, prices start at £30. Worth a try.

Ontrack also does remote recovery via your dead computer's modem. Initial diagnostics charge is £75 with a total cost of £500 to recover the whole data, hard drive and all. The company claims a 100% success rate.

3. Take the hard disk out of the dead computer and put it as a slave into a healthy one. Remember, this hard disk is infected with a virus that will destroy another computer as soon as look at it. DO NOT RUN ANY PROGRAMS from the unhealthy hard disk and on no account try to boot from it.

Once the unhealthy disk is in, and recognised as a secondary drive, run a disk recovery program such as Norton over the unhealthy disk and reclaim any data it finds. Fortunately CIH triggers on the 26th of each month, so you've got four weeks to do that and reformat the hard disk. If you don't understand this option, don't try it.

Is my hardware ruined?

Again, the answer is almost certainly not. If the virus has over-written the BIOS -- meaning the floppy won't read -- then you'll need a new BIOS which usually means a new motherboard. (Think of it as a well-timed upgrade.) But in most cases, despite all the press attention focusing on hardware fatalities, the loss is usually just data. Once the data is recovered, and the hard disk reformatted, you should be back to normal.

How do I not get in this mess again?

Buy some anti-virus software and use it.