A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | Encyclopedia Home
C letter viruses. Scroll down the page to view or choose from the names below:
California/Wobbler | CDEF | CIH | Code 1 | Code 252 | Creative
California/Wobbler
CDEF
CIH
Code 1
Code 252
You have a virus.
Despite the message's warning, no files are erased.
Creative
If you are unable to find a description for a particular virus, please contact me or post a message in the forum. If you are unable to find a description for a particular virus, please contact me or post a message in the forum.
Aliases: Wobbler
Type: Hoax
Description: This is a hoax. See the Hoax Encyclopedia for details on the California/Wobbler hoax and others.
Aliases:
Type:
Systems Affected: System 6 Macintosh computers
Payload: No
ITW: Yes
Origin: New York
Description: Infects invisible Desktop files used by Finder.
What to look for: CDEF resources in a Finder Desktop file
How to prevent it: See Macintosh viruses for a list of resources concerning Mac malicious code.
Aliases: Chernobyl, Spacefiller, W95/CIH
Type: EXE infector
Systems Affected: Windows 95 and 98
Payload: Overwrites data on the local hard drive; overwrites Flash BIOS making the system unbootable.
ITW: Yes
Origin: Taiwan
Description: CIH has caused widespread infection since its discovery in June 1998. Several reputable vendors have inadvertently shipped software or systems infected with the CIH virus. Pirated software (particularly in Asia) continues to be a prime source of infection. With CIH's widespread infection, and the fact that it has been in the top ten list of infectors since it's inital release, F-Secure case created a Global CIH Virus Information Center to provide detailed information about the threat.
What to look for: F-Secure has a free tool to detect whether the CIH virus is present on your system.
How to prevent it: Use up-to-date antivirus software and scan any new files introduced to your system before allowing them to execute. See Free Protection for evaluation or free antivirus software resources. Check out the Tips for Safety for other means of prevention.
Aliases:
Type:
Systems Affected: System 6 and System 7 Macintosh computers
Payload: Renames the hard drive to "Trent Saburo" if an infected Mac is restarted on October 31 of any year.
ITW:
Origin:
Description: Infects applications and the System file.
What to look for:
How to prevent it: See Macintosh viruses for a list of resources concerning Mac malicious code.
Aliases:
Type:
Systems Affected:
Payload: A message is displayed on systems started up between June 6 and December 31 of any year. The message reads as follows:
Ha Ha Ha Ha Ha Ha Ha
Now erasing all disks...
Ha Ha Ha Ha Ha Ha Ha
P.S. Have a nice day
Ha Ha Ha Ha Ha Ha Ha
(Click to continue...)
ITW:
Origin: California
Description: Depending on whether System 6 or 7 is used, and whether MultiFinder is used, the virus infects only the System file, the System file and MultiFinder, or application files. For specific information on exactly how individual systems are infected, consult Macrvirus.net.
What to look for:
How to prevent it: See Macintosh viruses for a list of resources concerning Mac malicious code.
Aliases: Troj_Shockwave, Pro-Linux
Type: Email worm and Trojan
Systems Affected: Windows 32-bit systems
Payload: Renames .JPG and .ZIP files, then moves them to the root of the local drive (C:\).
ITW: Yes
Origin:
Description: Spread via email as an attched file named CREATIVE.exe. The body of the email reads:
“Check out this new flash movie that I downloaded just now ... It’s Great
Creative then drops a text file, MESSAGEFORU.TXT, which reads as follows:
Bye”
“Hi, guess you have got the message. I have kept a list of files that I have infected under this. If you are smart enough just reverse back the process. i could have done far better damage, i could have even completely wiped your harddisk. Remember this is a warning & get it sound and clear... - The Penguin.”
Creative then mass mails itself to all the recipients in the infected user's address book, after which it sends an email to the presumed author, with the subject: "Job complete". The message body of that email reads, "Got yet another idiot.”
What to look for: Search for MESSAGEFORU.TXT or CREATIVE.EXE
How to prevent it: Do not open attachments received unexpectedly even if from known senders. Most email worms take advantage of the infected user's address book, and thus email worms are most likely to be received from a known source.
