Virus Alert

Monday, 28 September 1998
Updated Thursday, 9 September 1999

Persons who have been affected by Back Orifice are at significant risk for virus infection!

Today I received an email from Bill Machrone, a Columnist for ZDNet's PC Week Magazine. Bill had heard from a reader that many Back Orifice files had been found infected with the CIH Virus, a particularly nasty virus that can do a great deal of damage. Bill knew from our correspondence (he has followed the BO issue closely and written about it several times in his recent columns) that I had been experimenting with BO and receiving files from affected users; he very kindly wished to save me from serious damage!

I scanned my system immediately, and found no infection. But I quickly found that some of the BO files that had been sent to me by readers of this site WERE INFECTED with the CIH virus! I am now in process of contacting the persons who sent me those files. Their systems are definitely infected.

If you have had BO on your system, you MUST do a virus scan! The CIH virus in particular is getting into a LOT of computers on a global scale. If you have BO on your system, an intruder may choose to place an infected file on your hard drive and run it. This would set you up for very serious data loss and potentially a complete system crash requiring replacement of your motherboard or its onboard memory chip!

Other viruses are a risk also.

Getting BO onto a system usually requires a lack of caution on the user's part. People who are in the habit of running files that are sent to them by strangers, or who easily trust programs they find on non-commercial sites, are more likely than most to contract a virus. It should be no surprise that viruses are being found on systems with Back Orifice.

There are many good virus applications available. USE ONE OF THEM! If yours is out of date, get it updated!

I did a quick search found this up-to-date virus scanner available for public download from Network Associates (McAfee):


This file includes their most recent .DAT file for virus scanning and a DOS version of SCAN.EXE.

How to use it: Download this file, and unzip its contents onto a clean, empty system-formatted diskette, preferably new out of the box. Reboot with the floppy in drive a: and when the DOS prompt appears, type:

scan /adl /all /clean <enter>

It will take a while, but it's well worth it if only for the peace of mind.

For more options, type:

scan /? <enter>

NOTICE: The following disclaimer appears on the Network Associates page where this file is linked (

"AVERT provides emergency .DAT files. Before posting these files to this site, AVERT tests them automatically for their detection and removal capabilities in order to reduce the possibility of false alarms and other issues. AVERT carefully plan this testing to provide optimal reliability in a minimal period of time. Please keep in mind, however, that all files and products available on are still undergoing beta testing, and have not passed final Quality Assurance. Please check back for the latest DATs produced by AVERT."


The CIH Virus

CIH: It's that time again
ZDNN, 09-25-98
CIH due to strike Saturday, massive infection unlikely
ZDNN, 09-25-98

CIH Windows Virus Strikes Again on 26th
PC Week, 08-28-98
CIH virus claims 500 computers at one company, 700 at another
ZDNN, 08-26-98
Beware C Day
ZDTV, 08-26-98
CIH Countdown
ZDTV, 08-24-98
Users Dodge CIH Virus Attack
TechWeb 07-28-98

Virus Information and Utilities

Links soon!

PCHelp Home
BO Home