NOTE: THIS ECA EXPIRES 04/30/00.

PURPOSE:
The purpose of this ECA is to remove a potentially destructive virus that may have infected a limited number of IBM Aptiva 2158 Systems. The "CIH" virus (where
CIH is a file extension or part of the filename such as W95.CIH or PE_CIH) infectsMicrosoft Windows95 and Windows98 executables and is triggered on the 26th of April, any year. The "CIH" extension is not visible by viewing individual files, rather the virus attaches itself to executables with the file size and file name remaining the same. The result is that the system will no longer be able to access the hardfile(s).

This is a Labor-Only ECA that applies to the Aptiva 2158 only.

FEATURES:

Machine Type	Machines Affected and/or Feature/Device Description
2158	Models 240, 301 and 520 ONLY

PHYSICAL CHECK:
Systems that are potentially affected were manufactured between March 5, 1999 and March 17, 1999. To determine if a particular computer might be affected, consult the IBM sticker with the Underwriters Laboratory logo on the back of the Aptiva system unit. The potentially affected computers have one of the following codes after "MFG DATE": AM909, AM910, AM911.

Systems that have been updated by IBM or an Authorized Dealer or Reseller can be identified by the presence of a Blue, Green or Orange Dot, or a Red Check label near the feature label on the shipping carton.

PREREQUISITES: NONE

COMPANION: NONE

CONCURRENT: NONE

DETAIL:
A limited number of IBM Aptiva 2158 Systems were manufactured and shipped with a potentially destructive virus called the "CIH" virus. This virus, when triggered can render the systems hardfiles useless.

To determine if the system is infected, run the Norton Antivirus application preloaded on the systems hardfile. If the system does not return an error message or virus warning, the system is NOT infected, however, IBM strongly recommends the use of the LiveUpdate feature to download the latest Norton Antivirus definition files.

If the following message is displayed, the system is probably infected by the CIH virus: "The file NAV32W.EXE has been altered. Please restart your computer using your NAV Rescue Disk and scan for viruses. If no virus is found, try reinstalling Norton Antivirus from your original disks."

The CIH virus can be removed from the system by performing either one of the following options:

OPTION #1 - Removal of the CIH Virus and affected files
An Antivirus Update CD has been made available by IBM which will scan for and remove the CIH virus. The Antivirus Update CD will also repair infected files and update the Norton Antivirus definition files.

IBM Authorized Servicers may obtain a copy of the Antivirus Update CD by calling 1-800-IBM-PROD. End users may obtain a copy by calling 1-800-600-8235.

To run the Antivirus Update CD, perform the following steps:
1. With the computer powered-on, insert the Antivirus Update CD into the CD-ROM drive.
2. Shut down Microsoft Windows, and turn the system unit OFF.
3. Wait at least 10 seconds, then turn the system power ON
4. Follow the instructions on the screen. The program scans the hardfile(s) for the CIH virus, and performs any necessary repairs. When the program is completed, remove the CD from the CD-ROM drive and press Ctrl+Alt+Delete to restart the system.

OPTION #2 - Update Connector
The CIH virus can be removed by going to the Update Connector and downloading a solution which "cleans" the hardfile(s) of the CIH virus. This is the recommended solution for end users.
1. From the Windows Desktop, click on Start.
2. Select Update Connector.
3. Follow the on-screen directions to run Update Connector and download the update.

OPTION #3 - Complete Reload
1. From a power-off state, turn the system on.
2. IMMEDIATELY insert the red Product Recovery & Diagnostics CD ROM into th CD/DVD drive, and close the drive door.
3. Power the system off.
4. Wait ten (10) seconds. Power the system on.
5. The IBM Product Recovery Program Main Menu will appear automatically.
6. From the Recovery Options, choose "Full Recovery". It should already be highlighted in white. Press enter to continue.
7. Each time a pop-up box appears, enter the letter "Y" when prompted, and press enter until you see the system copying multiple files.
8. Once all files have been loaded (approximately ten minutes) remove the red P Product Recovery & Diagnostics CD ROM and power off the unit.
9. A notice will appear when action is completed, entitled "Recovery is Complete". You will be prompted to press "ctrl+alt+delete" --- DO NOT COMPLETE THIS
TASK. Just remove the red Product Recovery & Diagnostics CD ROM and close the CD/DVD ROM door.
10.Power the system off.
11.Repackage the system or return the system to the customer for use.

WARNING: Any ".exe" or executable files that are sent electronically as an attachment or removable rewritable media such as diskettes from an infected system will likely contain the virus. Check all media with an anti-virus program capable of detecting the "CIH" virus.

NOTE: Warranty claims for ECA reimbursement should be submitted via Eclaim using Type Service 0E. Labor reimbursement is $20 per unit.

ORDERING/REIMBURSEMENT
Warranty claims for ECA reimbursement should be submitted via Eclaim using Type Service 0E. Labor reimbursement is $20 per unit.

Warranty claims must include:
o Complete Dealer Information
o Type Service: 0E
o Service Performed: 9
o ECA#: 007
o Model Number: 2158
o Serial Number: Required
o Comments: ECA-007
o Part #: 9999999
o Customer Name/Address

NOTE: THIS ECA EXPIRES 04/30/00.

Windows95 and Windows98 are trademarks of the Microsoft Corporation.