Very interesting. Back in 1999, when CIH infected our family computer, now I understand why our anti-virus kept finding so many infected files, and multiple scans didn't work. My dad had no choice but to boot into DOS and executed all the tools on command line to eradicate the infection. Just want to confirm if it is possible instead to boot to DOS to run the tools instead of running it on Windows. Thanks Danooct1, you have outdone yourself once again with an extremely informative and entertaining video.

Very nice video. Your style of narration is also easy and pleasant to listen to. Good job!

3:38 *says you need to change the date far away from 26 april* *changes date to 20 april* lmao

I love this high production value post commentary you've sort of done. Great work Dan! Hope to see more of this genre in the future.

Interesting sidenote: HDDs formatted with newer utilities (those supporting Advanced Format) are mostly impervious to CIH. These new utilities put the 1st partition at sector 2048 instead of 63 to ensure alignment, so all that needs to be done after a CIH attack is a simple MBR rebuild (since the first 1MB is left clear, except for the MBR).

No fucking way, I had this when I was younger, My BIOS wasn't deleted and the machine continued to boot into windows, but that green bar at the top would appear when I visited certain websites, tried to watch video, listen to music, files would stop working etc.. The computer would then hang until I pressed the reset button and start again. I tested the hardware thinking it might have been a graphics error but no such luck, It would still happen in safe mode etc, eventually got a hold of my 98 disc and reinstalled completely and the problem was fixed, so couldn't have been hardware.. Is it possible there where variations of this virus or does it just affect different systems in different ways? EDIT: At 2:35 the screen has a green a bar at the top with distorted purple pixels, this is exactly the way my screen would go the second I ran pretty much anything.

Allthough no one will be struck by CIH unintentionally these days it is still a great prove of concept, knowing how destructive it was back then.This reminds me of picking up an old video game from your childhood and finally beat the endboss which you never managed to when you were young. Even though none of your friends will take about the game anymore and value your success it is still an important achievement for your ego.If you can beat CIH Dan you will probably do so with many viruses to come. That is why I am subscribed to your channel :)

Why did your videos suddenly become more professional? Your voice is clearer, you talk more fluently,calmly and in a warm tone, and the footage is more high-quality than usual... Me likes it.

No dislikes, well deserved. You're awesome Dan I love watching these videos and it's shown me a lot about viruses. Keep it up

Now do the process of reflashing the BIOS with only the technology at the time. ;)

Great work! I love how you sound so happy throughout the video. That just makes it even more fun to watch :D

You finally made the vid. I have been waiting for 4 years now.

I just came across your videos yesterday. This is really interesting stuff! I've always wanted to see a virus in action, but not on my own computer, of course. I've always wondered about the viruses that cause physical damage to the computers, so I'll be looking for those. It's also really interesting that these viruses still break out of the virtual operating systems to cause real damage. Old, obsolete viruses still able to infect new computers--really cool.

Hey! I only just found your channel a few days ago and you make some really interesting videos that are super fun to watch! I was just wondering what field you specialised in? or what course you studied in order to have such a good understanding of all this. Love the channel dude!!

Did you change the date to 4/20 on purpose?

Cool video! By the way, did you know that you were featured in a Quebec documentary about zero day flaws that was broadcasted a week ago?

These days, we have Windows 10 to download updates that don't work, and cause it to reboot 3 times before it gives up, uninstalls its own update, and takes you back to where you were originally. It's equally irritating.

Fascinating tool. Since I don't want to run a DOS simulator on this program, I read the instructions from your video (thx for including all of them by the way) and this is just pure clever. I don't know how it would be possible to reconstruct the whole MRB with FAT16 systems, but if Steve Gibson says its possible, then its possible somehow. However, using the copy to reconstruct whole disk is just amazing. Just people in this bussines knows how a file system works and he delivered a solution to this problem. Also it shows you how slow computer storage was back in the day. This isn't even really old but 7 minutes for a GB is massive considering this tool runs on machine code, standalone on the CPU.

these videos are so entertaining. having heard about many of them but now I can see them in action.

When saw the title in my sub box got so excited :D

I've suggested this before, but I'd like to see the effects of a virus and how to remove it in a single video. I don't mind having it split into two videos, but the fact that you sometimes don't do removals for some viruses (don't think you've said in the video that you can't remove it after it's infected the system) and I really wonder how some of those viruses can actually be removed.

Great video, Dan! I don't think I've ever been more enticed during one of your vids!

At first I was sceptic but the way you did this video and explained everything was brilliant. very nice content, hope to see more of this

OMG...My first computer in 2004 came with Windows ME and I only now I realize how lucky I was to have it until 2012!

damn, this is probably your most well made video yet.

CIH needs to change date to 26 April 1986. This date of Explosion the Chernobyl NPP.

I do wanna know what happens to the machines that have been wrecked by CIH -- As in black-screened, no access to the BIOS? Most Virus wrecked machines do let you get to the BIOS screen before moving to the BSOD -- OS's failing to boot because the virus wrecked a system file.

Dan ive been waiting for another cih vid for a while. Thank you!!!!

Seeing all these videos, it would appear best defense for a lot of those malwares was to simply disable/freeze your system time. Awesome channel though. It brings me back some cool memories.

Good ol' Steve Gibson. I instantly recognized the name lol. He's got some pretty good podcasts

Having been in network security for 4 years and understanding quite a lot about not just the skill but the psychology of hackers, I can already assure you many hackers hate you severely for exposing how a vast majority of these older hacks (and the newer ones too) were used, clearing up a lot of the panic/fear the used to exist around malware. It's glorious to finally be able to be so publicly smug towards those jobless, lazy bastards who won't get a real job. Then again, keeps guys like me in business so I guess I should be thanking them

Im waiting for this soooo many months,i knew its fixable!Great vid Dan

Great video Dan! Loved the editing/voiceover style.

To repair the BIOS corruption you could hotswap the bios on a good motherboard and flash it again or get one external programmer to flash the bios again.

That was a very interesting video! As far as I knew, the only way to repair a computer destroyed by CIH was to find another clean PC with the same chipset and hot-swap BIOS chips. I didn't knew there were "immune" chipsets, that are repairable. Can you do a BIOS-swap video too? It would be a very interesting thing to watch!

My computer was corrupted by cih, bios and hdd both. It was a real pain!

have you thought of trying this in Qemu? I think it would successful in Qemu, because its closer to acting like a real Pc.

Despite the obvious fact that ClamAV doesn't have live scan (although I've already seen extensions that can help ClamAV perform live scans), do you think it's efficient enough? I currently use no antivirus on my Windows system, and I don't feel like any of them are any more effective nowadays than minding what you access.

Hey dancot I love your vids they are the best I was always into technology and how viruses work. thank you and keep making great videos

Dan - I know you get a million messages, and I've asked before - but have you actualy done a hotswap BIOS?

So what if you're unlucky and have a BIOS that gets overwrote by CIH? Since all the boot drives are rendered unbootable, there's no way of using DOS as a saving grace, huh?

Okay, but is there a kill_covid-19 command that I can just write into the console of life?

"Rendering the computer unbootable. SOME OF YOU-" that threw me into wednesday

7 people has destroyed BIOS...

Danooct1, thank you for your great content. By the way, do you have access to the database virusshare?

hey, at 1:59 why isnt the virus called CIH.exe like on the other vid, same OS right?

Hey Dan! Your videos have really inspired me to try to mess around with some programming and try to make some simple malware programs. So i am just wondering what programming language you would recommend for someone starting up writing malware?

Nice video man, love these. It's like a trip to the 90s. You ever gonna do some old linux malware videos or something?

Question: I'm a computer geek, but want to know what it means when a virus "Writes its code to the end"?

I heard about CIH. I wish to see the most destructive worm/trojan/ or virus ever known!

4:12 thank you for choosing the norton antivirus virus scanner to check your computer system for viruses

Makes me wonder what the most recent chipset/CPU that the bios overwrite payload will work on.

you also need to empty the recycle bin just to be safe

I know most people wouldn't like to try this, but what would happen if you ran CIH on bootcamp on a Mac w/ dualboot. Will it still boot to OSX?

Nice, so did you repair that old pc that was nuked in the original video? With a programmer the BIOS can easily be reflashed

Have you ever thought about playing Lose/Lose? That game is kind of like a virus in itself. I would love to see a video on it.

Excellent work! Glad to see such an awesome nerdy video!

How to use it one last time, 1: make sure ur using 95 or 3.1 if not, Too Bad! 2: when u get any bsod do what it says to reopen windows

Someone on github rewrote CIH to work on the NT kernel. It's still entirely in assembly language, and it's insane.

Too bad there's no fix for the dead BIOS. It would have been nice if the bricked machine would have had a removable eprom chip. That way you could get an eprom burner and flash the old BIOS ROM back to the chip and resurrect the machine.

@danoct1 is CIH short for something??

I'm surprised you're able to find all of this old virus cleanup software

Can you do a video on the whistler virus? I used to have it and it drove me crazy for a month. Took me forever to find out how to fix it.

I built and ran this virus on my PII build. Only got one BSOD but it gave me a blank screen with a cursor and a solid hard drive light. Next reboot it never posted, but I made sure to backup the BIOS chip before hand and now I can at least get into BIOS. Next step is to restart the deleted hard drive segments and wipe it.

2:32 that must be the bluest bsod i ever seen

Is it hard to put a simple "BIOS Write Enable" switch on the computer? I think it's stupid, that the BIOS isn't read only

How did this (the virus) work? Wasn't this before NAND storage?

I wish we got to see more of these virus removal videos

Is Danooct1 gonna be the new Rogueamp1/2 now??

I have a pc with windows 2000 and an amd athlon 1.1 GHZ proccessor. Would CIH overwrite the bios there?

I asked this to the internet already, but what happens if you put CIH on a modern PC?

I have a SE440-BX-2. Can It be infected with CIH?

3:42 4/20

Awesome video man, keep up the great work!

How did you get it to boot again?

Which anti virus software are you using? Just curious

can you post CIH Removal files here? PS: Do you think this would work on an emulator that emulates physical BIOS? (something like PCem ( citadel.ringoflightning.net/pcem101_experimental.7z )?

why this video is so satisfying?

Your video editing isn't too bad. It's pretty good! :D

I liked the way you edited this video.

if the creator of that virus had made the virus trigger on all of the dates on the calender then it would be even harder to remove this virus

What computer do you use

How do you find specific viruses to test?

What Happened To AmpDan1? Did You Create A Channel Like AmpDan2 DanAmp1

Porque el título del vídeo está en español si hablas ingles ? Saludos

antivirus scanner: wait so these files are all infected with CIH? CIH: always has been

do any of these viruses actually work on a modern computer? or is this just mental masturbation

Does anyone know if there are any download links to these tools?

so i backfired a CIH and Unit94 using Lua 5.5.3 and instead of them hacking my pc, they got sended tons of virus , 47v/s and theyre dead

Amazing Video As Always

Wow, original video was made in 2012 ? I feel so old :D

maybe is first video about removal of this virus?

If you install Windows 98 on an Alienware (which I doubt anyone would do) and run CIH, will the BIOS deletion payload occur?

that excitement is indeed justified dw

GRC is awesome to have made that Fix-CIH freeware!

you have no idea how much I would love to help you find viruses and record with you.

MEMZ does the same, but it doesn't overwrite the BIOS, but rather the MBR

Why did the screen glitch out

4-20-95... was that on purpose?

Nice, great video. Can you do more email worm showcases or something like that.