Hi! Sophos antivirus found few times CIH (Cernobil) virus on my Windows 2000 or XP system. Are there some files in Windows that are like CIH? Because no other av didn't detect that virus, just Sophos. And there is no removal instructions. Is this hard virus?
Hi, You said that no other AV did detect it. So I assume you have run either other AV's on your system to check those file(s) or some on-line AV-scanners. The site for Sophos about CIH is here: http://www.sophos.com/virusinfo/analyses/w95cih.html Steve Gibson has also written some pages about it: http://grc.com/cih.htm PS: Thanks to Paul: those links are at the free tools page of Wilders.org: http://www.wilders.org/free_tools.htm I guess the best thing you could do, now you are sure that no other AV gives an alert, is to contact Sophos: http://www.sophos.com/support/queries/ I hope this helps.
It is fun that I get this virus few times, and just on my 2000/XP system. I realy don't belive sophos.
W95/CIH-10xx detected in c:\winnt\system32\active~1\imscan.dll I don't belive this is a virus. There is a file in Windows 2000/XP that sophos thinks it is a virus.
Then please submit it to Sophos, so they can have a closer look at it. In case it is a false alarm (that can happen to all scanners), they could try to fix it.
By the folder name, that looks like an online scanner DLL which has a signature IN IT for detecting CIH. And then along comes another scanner and sees that signature lo and behold.. And Panda AV is well known for causing these alarms.. their signature files must not be encrypted. Still, submit IMScan.dll to me if you dont mind, submit@diamondcs.com.au and I will let you know