Disasters

Disasters

Win-CIH Strikes Again !
This year(26th April 2001) Win-CIH Virus attacks again. Stellar received more then 200 calls from the affected users both corporate and endusers, and more and more calls are coming in for data recovery.

Stellar Phoenix can recover data upto 100% in this case you can download the demo version to see what u can do with the software ........

December 13th Virus Attack. (W97M/Thus.A)

Virus and symptoms
There has been a virus attack from a virus called W97M/Thus.A on the 13th December So Far we are in receipt of more than 500 distress calls from end users for data recovery .We have analysed and recovered data from crashed hard disk in hundreds. More and more hard disks and calls are coming in for data recovery.

STELLAR PHOENIX 7.0. can recovery data up to 100% from the hard disk crashed due to this virus in case of Stellar Shield 1.0 not pre-installed.Any hard disk which is facing crash because of this virus and has STELLAR SHIELD 1.0 pre-installed , the recovery of the file can be undertaken using stelrep.exe and through recover mode.

Symptoms: Users infected with the Thursday virus will see no obvious indications that a document has been infected. However, because the virus infects Word 97's normal.dot, the size of that file will increase from its normal 27K. In addition, the virus turns off Word 97's Macro Warning feature. If a "clean" document known to contain macros does not produce the regular warning, this may be an indication that the system is infected.

Pathology: W97M/Thus.A is a Word 97 Macro virus which infects the normal.dot template within Microsoft Word 97. The virus consists of a module called "This Document," which turns the Word 97 Macro Warning feature off, then infects any Word documents opened or created on that machine from that point forward. The virus is primarily designed to spread, except on the "trigger date" of December 13th, at which point opening any infected document can cause the deletion of all files on drive c: (including sub directories). This virus has been reported to AVERT researchers by several banks and financial organizations in Europe and the United States.

Win-CIH Virus Causes Major Data Loss

On April 26, 1999, the Win-CIH Virus (also known as Chernobyl after the Russian nuclear accident) hit the world. A lot of disk crashes were reported all over the world due to the virus. Approximately 100,000 PC's containing sensitive and mission critical data were affected in India. The affected sectors were MNC's, Banks, Financial Institutions, Defence, Exporters, Stock Brokers, Manufacturing Houses, Consultancy Firms and Software Companies. Estimated tangible value of the affected data loss was Rs. 2500 lakhs.

This loss could be as high as 20 lakhs to some corporations for a period of 3 days. Apart from data loss there had been major time and operational losses due to inaccessible information. The Win-CIH virus infects only Windows 95 and Windows 98 systems. It triggers on the 26th of every month and overwrites or deletes all information on the hard drive in systems it infects. It also has the ability to overwrite Flash BIOS (basic instruction set of computers) chipsets on 486, Pentium and Pentium II systems provided they are write enabled. As soon as the virus was detected, all the major Anti-Virus Companies released updates for their packages that could prevent your system from this virus.

These updates are available on the web sites of the Companies as well as in the market. We at Stellar were rocked by telephone calls on and after April 26th. We offered 24 hours help line to address the clients suffering from this problem. We recovered data from 3500 machines with success rate touching 100% in most of the cases. We received hard disks for data recovery not only from India, but also from the neighboring countries.

ExploreZip Worm Wreaks Havoc

After the chaos caused by the Win-CIH virus on April 26th, another virus known as ExploreZip hit the Internet. This virus was first detected on June 6th, 1999 in Israel. The initial damage caused by this virus was unimaginable. We, at Stellar, received innumerous calls for help after the attack of this virus. Once again, as in the case of the Win-CIH virus, Stellar Information Systems Ltd. was able to provide up to 100% data recovery to its customers.

ExploreZip is one of the most dangerous worm on the Internet as it spreads quickly through e-mail. It is commonly called a worm instead of a virus because it cannot replicate itself. It travels with the speed of the infamous Melissa virus and carries a heavy payload like the Win-CIH virus that makes it quite destructive. When this virus gets into a system, it goes through the inbox of the user. It sends a reply to the unread messages that says "Dear (Recipient), I received your e-mail and shall send you a reply ASAP. Till then take a look at the attached zipped docs. Bye." and attaches a copy of itself to the mail in the form of a zipped file. If the user opens the zipped file, the virus immediately transfers itself to the system with the filename "Explore.exe" and starts the same procedure on that system. This virus also affects the MS-Office files on the users' systems by reducing their size to 0 bytes thereby corrupting them.

Unlike Win-CIH, this virus is not a time-bound virus. It could attack your system any moment and even as you are working on the system, it might be destroying your precious data in the background. The best way to check for the presence of this virus in your system is to look for the Explore.exe file. If it is present, delete all the lines in the Win.ini file that contain a reference to this file.