Recovering Dead Motherboards Killed by the CIH Virus

Introduction

CIH virus, also known as Chernobyl or Spacefiller, is one of the fiercest computer viruses that have been created so far. When PC is infected by this virus, it just erases ROM (BIOS) memory contents in its activation date (April 26th), if this memory is of the Flash ROM type (which is true to all PCs nowadays).

As the BIOS is erased by virus, your PC won’t boot up any more, and probably your motherboard will be diagnosed as “dead”. A lot of PC technicians that don’t know that this virus exist, simply replace the motherboard from the attacked PC. But there is solution: just reprogram the BIOS chip and your motherboard will be alive again.

So, if you are a PC technician, don’t throw away dead motherboards before trying the procedure described in this tutorial. Maybe the motherboard is not really defective, but has just its BIOS erased.

The BIOS can be reprogrammed using a modern EPROM programmer – most technicians don’t have this tool – or using a working motherboard as a BIOS programmer. We will teach you how this can be done.

First, you will need both the BIOS upgrade software and the BIOS contents file. These two pieces can be downloaded at the motherboard manufacturer website. In our tutorial about BIOS upgrade we explain more about these two files. If you are unfamiliar with the BIOS upgrade process, please read this other tutorial first. Write this two files in a bootable floppy (formatted with Format a: /s).

Next you will need a motherboard identical from the one “killed” by the virus. Actually, the motherboard doesn’t need to be exactly the same, but has to be compatible with the BIOS chip from your defective motherboard. Since we can’t tell you beforehand if the motherboard you will use to reprogram the BIOS is or is not compatible with the BIOS chips from the “killed” motherboard, we suggest you to use an identical motherboard.

The procedure to reprogram the erased BIOS chip is the following:

1. Turn on the good motherboard and boot it with the floppy (of course you will need to install CPU, memory, VGA etc to this motherboard for it to work).
2. At the DOS prompt, remove the good chip and replace it with the erased chip (more on this below). Yes, with the computer turned on.
3. Run the programming software and reprogram the bad chip.
4. Turn off the computer, remove the reprogrammed chip and install back the original (good) chip.
5. Install the reprogrammed chip on the “killed” motherboard and test it.
6. The defective motherboard should be working now.
7. Use data recovery and antivirus software on the hard disk from the attacked PC, since it will be infected.

As you can see, the step number 2 is extremely delicate. If you feel uncertain of doing it, we recommend you don’t try it. Better take your machine to technical support than blow it up by clumsiness.

Now let’s see how the BIOS chip can be removed/replaced.