CIH virus claims 500 computers at one company, 700 at another

Doom and devastation it's not. But early reports from the field show that several companies have been hit by the deadly CIH virus, which strikes on the 26th of each month.

One company had more than 80 percent, or about 500, of its computers fall victim to the virus, according to data recovery firm Ontrack Data International Inc. Anti-virus firm Trend Micro Inc. was contacted by another firm that found 700 infected PCs, 300 of which had their data corrupted by the virus.

"We've been contacted by 20 or 30 companies already," said Stuart Hanley, data recovery manager at Ontrack Data. At the time, Hanley noted the day was only half over.

The virus, known as Win95.CIH, reformats computer hard drives and, on certain machines, can erase the BIOS information that the computer needs to operate. Several variants of the virus exist, including this one that activates on the 26th of each month.

Midweek heightens impact
While last month, July 26 fell on a Sunday, this month CIH's day is midweek. That opens up millions of corporate computers to potential infection. But the virus will not activate if its computer host is turned off on the 26th.

"I was surprised when the calls started coming in," said Hanley, "but it is a weekday."

Despite its destructive capabilities and infections reported worldwide, the virus has for the most part been kept at bay.

ZDNN has received only few reports of infection so far. One company had five machines infected by the virus but found the infections before the bug triggered on Wednesday.

'We've been contacted by 20 or 30 companies already.' -- Stuart Hanley, data-recovery expert

Last month, three Internet game companies caught the virus and, in two cases, posted files containing the virus to their Web sites.

While certain cases may have been crippling, for the most part, the virus seems to be fading away. The reason: Users have informed themselves on how to de-fang the CIH threat.

Newsgroups played a big part in getting information on the virus threat to users.

Have you been bitten by the CIH virus? Add your comments below.

For example, DejaNews showed more than 1,700 postings having to do with the virus by midday on Wednesday.

Ontrack and other data-recovery firms also reiterated that the virus only deletes the first 1MB of a computer's hard drive. This usually contains the formatting information, making it extremely difficult to cobble together the files remaining on the hard drive.

Still, data-recovery services can generally piece together all the data ... for a price.