Yahoo News Service

Monday April 26 3:06 PM ET

Chernobyl Computer Virus Hits Only A Few - But Very Hard

By Dick Satran

SAN FRANCISCO (Reuters) - The Chernobyl virus hit computers around the world Monday, wiping out data on hard drives and even causing some PCs to fail when starting up, computer experts said.

Although the virus hit only a tiny fraction of the machines affected by the recent Melissa virus, the new bug's bite was much more deadly for an unfortunate few.

"I've talked to people who, literally, were crying on the telephone -- a woman whose poetry book was almost done and was completely lost, a man whose doctoral dissertation was lost. They were devastated," said Mikko Hermanni Hypponen, of computer security firm Data Fellows Ltd. in Helsinki.

The worst damage appeared to be taking place in Asia and parts of Europe, where antivirus protection is less prevalent, and with pirated software, which is often filled with bugs.

Data Fellows Ltd. reported damage in Hong Kong, Singapore, India, Finland, New Zealand, Britain, Sweden, Japan and Malta, with hundreds of machines already being hit even before the United States opened for business. The bulk of the computers affected were in Asia, Data Fellows said.

The Carnegie Mellon University's Computer Emergency Response Team said it knew of only a few dozen computers hit by the virus. "It really hasn't been that bad," said a CERT case worker.

But the Chernobyl virus's limited impact did little to console those who were infected. DataFellows' Hypponen said that the cost of repairs could run into the millions of dollars. "Unlike Melissa, this is causing real problems and serious loss of data for some people," he said.

CERT said that data "may be unrecoverable" if the virus hits, and software needs to be reinstalled from the ground up to make computers work again, a task beyond the expertise of most home computer users.

"I just turned on the doggone thing and the screen was almost totally black -- it said 'os load in progress' and then it said 'insert bootable media in appropriate drive,' said one person hit by the virus, Christina Asksomitas of Palm Beach Country, Florida. "We tried to reboot it but nothing works."

Computer makers did not immediately return calls to say how many users were asking for help and it was unclear whether warranties would cover the problems. CERT said a data recovery service might be able to retrieve lost data. It posted information on vendors and other frequently asked questions atat

Computer experts said users could avoid the virus by not booting up their computers Monday, or resetting the date, since the virus is activated when computer utility systems hit the 26th date each month.

The Chernobyl virus is a variation of the CIH virus, first reported in the middle of last year, and believed to have been written in Taiwan. The CIH virus is also known as the ``space filler virus,'' because it uses a special technique that secretly fills file space on computers and thwarts many of the antivirus softwares in place before its arrival. It is spread over the Internet and in infected Microsoft ``executable'' files for Windows 95 and Windows 98.

While the virus has been hitting on the 26th day of each month since last year, this month's version was expected to be the most prevalent and dangerous. The April CIH virus is called the Chernobyl virus because it's timed to go off on the anniversary of the Soviet nuclear accident, one of technology's worst disasters.

Most up-to-date antivirus software will spot the bug, if it's there, and many corporate computers have recently upgraded their protection because of the Melissa scare.

The Melissa virus was one of the most fast-spreading ever reported. Sent via Internet e-mail last month, it initiated an automated ``macro'' program that sent scores of e-mails from target users' computers listing porn sites on the Web. The virus overwhelmed and even shut down some e-mail systems, and caused some embarrassment, but there were few reports of lost data or serious damage.

Copyright 1999 Reuters Limited. All rights reserved. Republication or redistribution of Reuters content is expressly prohibited without the prior written consent of Reuters. Reuters shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.