This famous virus, which was programmed to commemorate the disaster at the nuclear power plant of the same name in the former Soviet Union, will strike again on 26 April.
This virus is popularly known as Chernobyl due to the fact that is activated on 26 April, the anniversary of the disaster at the nuclear power plant. It is also known as CIH, CIHV or CIH.C. Lately, this has been one of the most dangerous viruses, damaging computers all around the world, particularly in developing countries where antivirus protections are weaker.
The Chernobyl virus was discovered in June 1998 in Taiwan. It infects executable and dotcom files in Windows 95/98/NT operating systems. It modifies or corrupts all the information contained in the BIOS (software that initialises and handles data relations and flows between system devices, including the hard-disk, series and parallel ports and keyboard. This may prevent the computer from booting when the power switch is activated.
This virus has a very high destructive capacity; in 2000 the data recovery computer company, Recovery Labs, received at its laboratories during the Chernobyl period (from 26 April to 30 May) 58.75 % of all the computer devices damaged by Chernobyl, evidencing huge losses of information. In 2001 this percentage increased rose to more than 80%.
Companies such as Symantec, Panda Software, McAfee and Trend Micro, have valid antivirus systems for combating CIH. However, if this has been activated Recovery Labs has the necessary technology and know-how to recover the information that has been lost as a result of the action of this virus.
There are variations of the Chernobyl virus that can activate the virus on the 26th day of every month.
THE MAIN FACTORS CAUSING LOSSES OF INFORMATION
Last year Recovery Labs performed an in-house technical study in which it analysed the different causes of losses of information. This study includes data from devices received at our laboratories in the course of last year.
The results are striking since almost half of the losses were related to the actual operation of the hard disks. Human error was the second reason for data loss. Strangely enough viruses were not one of the relevant causes (8%).
Another variable provided by the actual hard-disk providers was that approximately 4% of the hard disks suffered some type of fault during the first year.
These data show us that, regardless of how advanced the back-up copy system is, nobody is safe from losses of information. 80% of our customers make back-up copies on a regular basis.
In view of this panorama, Recovery Labs anticipates what is now an indispensable service for many companies and individuals, since the information stored on their hard disks is often vital.
Data loss is a situation in which important data stored on a computer system cannot be accessed.
Data losses may be caused by faults, human error, accidental or deliberate data wipe, natural disasters, fires, impacts, etc. Data losses are most frequently attributed to physical faults, and then to human error.
Different faults may occur in storage devices for different reasons, from power surges to feared viruses. We describe below some of the most common problems that are dealt with at our laboratories.
These occur when there is a fault in a power source or an overload on the electrical grid, causing an increase in voltage that burns the electronic circuits of a device.
The components that consume most electricity are generally those that are damaged first, with damage visible to the naked eye. In these cases the voice coils of the devices tend to be affected; these are usually located on the heads and motors, which are both vital parts of any hard-disk.
In these cases some users believe that simply changing the electronic components with similar components will resolve the problem, but this only works sometimes. It is important to bear in mind that a voice coil affected by a power surge or voltage peak may remain in a permanent state of short circuit, and may even damage the new component. Damage may also be caused to the surface of the disk due to the absence of proper conditions for it to start reading again.
Hard disks have moving parts, which can be damaged just like those of any other device.
The most common mechanical problems are caused by the continual expansion and contraction of the disks due to the continual heating and cooling of the devices. A common example is when hard-disks are removed from one piece of equipment, then installed on a new device and then do not work any longer. This is due to the fact that the disk has been under considerable stress for a certain period and gives way when this stress is removed. As a result, the head arm is placed in an incorrect position when they try to read the disk.
Another common fault relates to communication problems affecting hard disk voice coils. The threads on these coils are covered in varnish, which isolates one thread from another, and these may be damaged due to changes in temperature, prompting the device to lose effectiveness in terms of rotations when horizontal movement fails.
Communication problems affecting voice coils lead to a reduction in the number of rotations and this is a much more complex problem to resolve.
The coils that are least affected by communication problems are the readers and writers, which are located on the tip of the head arm. However, these are the parts most sensitive to impacts or to incorrect shutdowns and are also the source of many problems.
Another very common problem that often affects the heads is the degradation of the actual magnetic medium. This is covered by a very thin lubricant that gradually loses its effectiveness and breaks up into dust particles, which eventually block the resonance holes of the heads, preventing these from reading correctly.
The most famous fault affecting the heads is technically referred to as "head crash". This fault consists in the accumulation on the heads of excess particles in the area that is in contact with the magnetic medium. These particles end up eroding this, whereby all the magnetic enamel that contained the data disappears, leaving just the aluminium of the plates. This damage is often caused by wear and tear of the disks, moisture accumulation or tobacco smoke.
Logical faults. These faults are very common and may be caused by errors on the part of the user, viruses, jamming, or internal sabotage.
In some cases, when a device fails to respond and has to be rebooted, cache memory or ram is usually downloaded onto the disk. If the equipment has been jammed for a while, the disk heads are placed at the start of the disk downloading the data, rewriting the partition tables and booting area, making it impossible to boot the system by the normal procedure.
A very similar system to this one is used by viruses to put systems out of action by attacking vital areas of the disk, usually the partition table and boot sector.
In other cases, users make the mistake of formatting or partitioning the wrong unit. This is a very common occurrence when installing second units in the system, and the confusion increases when there are various partitions.
Another very common fault is the accidental wiping of files or documents. This type of loss may also be caused by a premeditated action.