| This article is being maintained as archived information. The described virus has not been reported for years. |
Frequently, the problem with corrupted self-extractors (and corrupted .zip files, as well) is that an error has been introduced into the file during download (e.g., by phone line noise). Normally, downloading the file again resolves the problem. If, however, repeated attempts to download the file do not result in a good copy, your computer may be infected by a virus.
In mid-1998, a new virus named CIH was released (it first showed up in Taiwan in June, 1998). Other names for this virus include "W95.CIH", "Chernobyl", and "Spacefiller". This virus has been reported in a large number of executable files, including self-extracting Zip files created using WinZip Self-Extractor.
This is not a problem in the WinZip or WinZip Self-Extractor applications distributed by WinZip Computing. Rather, the problem is that the self-extractor you're trying to run may have been infected with this virus. All executable files are susceptible to virus infection, and since self-extractors are executable files, they are susceptible to virus infection, as well.
An executable file can become infected with a virus such as CIH in at least three ways:
- Your computer is itself actively infected, and when you copied the executable to your computer (e.g., via download or from a floppy disk), or otherwise processed it, the executable became infected with the virus.
- The person who created the executable (i.e., the self-extractor) did so on a computer where the virus was active, so that the original copy of the self-extractor was infected.
- The executable passed through an infected computer on its journey from the original source computer to your computer.
The symptoms of virus infection can vary. Sometimes, there is no visible symptom at all until the virus destroys enough data on your computer that the computer no longer functions properly. With self-extractors created using WinZip Self-Extractor, the "corrupt header" message occurs in many cases when these self-extractors are run on computers infected with CIH. (This may serve as a kind of "early warning" that your computer is infected. You should not, however, assume that the absence of such a message means that your computer is clean.)
If you suspect your computer is infected with the CIH virus (or with any other virus), we recommend that you run a reliable virus scanner with the latest virus updates. It is also a good precaution to virus scan all executable files, including self-extracting Zip files, you receive from any source that you do not trust absolutely.
As far as we know, the current versions of Norton AntiVirus, AVP, and the registered version (but not the evaluation version) of F-Secure (formerly F-PROT) currently can recognize the CIH virus.
More information about this virus is available at the web sites of the various anti-virus software makers, including
Symantec Antivirus Research Center
McAfee
F-Secure
Proland Software
If you are unsure if your virus scanner can detect CIH, or if you have any other questions about this virus or how to deal with a virus infection, you may want to check with the vendor for your virus scanner.
Note: Even if you use a virus scanner or other tool to disinfect an infected self-extracting Zip file, it is likely that the file still will not self-extract. This is because both the infection and the disinfection invalidate the internal control information that WinZip Self-Extractor stores in self-extracting Zip files. For this reason, you probably will need to obtain a new copy of the file.
Was this article helpful?
Tell us how we can improve it.