The CIH Virus: What It Is and How to Remove It

A past threat worth remembering

A conceptual illustration of the CIH virus destroying a laptop.

Theresa Chiechi / Lifewire 

The CIH virus was a big threat to Windows 95 and Windows 98 PCs back in the late 1990s and early 2000s. While not an issue today, it's a cautionary reminder of how dangerous malware can be. 

The CIH virus isn't able to infect modern PCs or Macs, but how it infected PCs has gone on to inspire other newer threats. It's worth learning about the past threat. 

What Is the CIH Virus?

The CIH virus, also known as Spacefiller or Chernobyl, was a substantial threat to computer systems in the early 2000s. A form of malware, the virus was able to corrupt your computer's BIOS as well as overwrite your hard drive and destroy all your data. 

It's not a threat any more, but there are some key lessons you can learn here from how it infiltrated people's computers back in the day. 

How Does CIH Work?

The CIH virus was designed to cause maximum damage. Activating on April 26, the anniversary of the Chernobyl nuclear accident, it would corrupt the user's BIOS as well as overwrite the computer's hard drive with garbage so that you lost all your files. It infected 32-bit Windows systems including Windows 95, 98 and ME. 

A dangerous threat, it was imperative that users determined they had it before it activated. 

How Do I Know I Have the CIH Virus?

Nowadays, it's impossible to be infected with the CIH virus as your system is running a more up to date operating system. You don't have to worry about catching it any more. 

However, at the time, it was near impossible to detect if you had it until it had already infected and destroyed much of your computer's contents. It didn't even seemingly increase in size like some viruses, as it 'filled' the gaps between existing files, hence its alternate name of Spacefiller.

It was an early cautionary tale on the importance of running regular antivirus software scans, as well as being careful about your browsing habits.

How Did I Get the CIH Virus?

At the time, the CIH virus was spread predominantly through pirated software. Four key underground pirate software groups were infected with the virus and all their cracked software also included the virus. Other methods included cracked/pirated copies of Windows 98.

CIH wasn't solely restricted to suspicious sources such as pirated software or games. Even reputable sources such as Yamaha were infected, with software updates to their CD-ROM drive including a form of the virus. A demo version of the game SiN was also affected.

How Do I Get Rid of the CIH Virus?

The most effective way to get rid of the CIH virus was to use antivirus software, and while CIH is no longer a threat, it's a good reminder of the importance of such software. 

Antivirus software can take several hours to complete a full scan, depending on the speed of your computer, but it also offers you the best methods in which to remove the malicious files. 

Currently, it's also worth installing a malware removal tool which helps detect potential malware threats and delete it before it causes any problems.

Like antivirus software, malware scanning can take many hours depending on the size of your computer's hard drive, as well as its speed. 

In the case of CIH, it was possible to restore from a backup (providing the virus hadn't already damaged your BIOS) and that still remains the case with many other forms of viruses. Nowadays, you can also use System Restore to return to an earlier point on your computer before you picked up some viruses. Be sure to pick a time period where you know you definitely didn't already have the virus on your computer. 

To be certain that you're free of a threat, it may also be sensible to reformat and reinstall your computer, although it's not a quick solution. 

It can take a long time to do and requires a certain amount of knowledge when it comes to setting your computer up. Don't rush into the decision and try all other methods first. 

How Can I Avoid Getting the CIH Virus Again?

You can't catch the CIH virus any more as it only affected Windows 95, 98, and ME based PCs. That's not to say that there aren't other similar threats out there to be aware of. 

There are a few key ways in which you can lower your chances of being infected with viruses like CIH. Here's a brief look at some of the most essential tips. 

  • Update your antivirus software and malware protection. Keep your antivirus software and malware protection up to date. New virus definitions are released regularly and these keep your PC informed on what to look for with new virus and malware based threats. 
  • Be wary of new programs. It's important to know the source of the programs and apps you've downloaded. Less reputable sites bundle in extra add-ons that may also include malware and adware. 
  • Stick to well known websites. Some viruses can infect your computer through the suspicious websites you might browse. Clicking on the 'wrong' link can lead to you downloading them. Be careful on websites such as torrenting sites. 
  • Don't click on banner ads. When a pop-up banner appears when browsing a website, don't click on it. Often, it's safest to go to a different website than stay on a site that inundates you with pop-up adverts.