Drew Community

Drew Community (https://community.drew.edu//index.php)
-   Technology Discussion (https://community.drew.edu//forumdisplay.php?f=89)
-   -   CNS - Critical Security update and information (https://community.drew.edu//showthread.php?t=2099)

Paul R. Coen 01-25-2009 07:53 PM

CNS - Critical Security update and information
 
In response to a widespread internet worm (more details will be available in a second email) we are pushing out a removal tool and a Windows patch to all University-owned and issued computers. Due to the nature of the security threat, we are moving quickly and putting this in place before the start of business on Monday. Instructions for off-campus or non-Drew computers are towards the bottom of this email. Please read this carefully. Failure to follow these directions can not only pose a risk to your computer and data, but those of other network users as well. If you have any questions, please call the CNS Helpdesk at x3205 or send email to helpdesk@drew.edu


On campus, you will be prompted after login to run a Symantec tool designed to remove this specific malicious software. You must click "I Accept" for the software to run. After several minutes, you will be presented with the results of the scan. The Windows patch mentioned in that feedback will be applied when your computer shuts down. One minute after the scan completes, the shutdown will automatically occur. After the reboot, your newly-patched computer will be scanned a second time. Again, please click "I Accept" when prompted. If it reports no virus was found, please continue your work. If it reports that it found and removed the virus after this second pass, please shut down and re-start your computer one more time via the Start Menu.

Drew-issued, on-campus computers with Windows XP Service Pack 1 (some older desktops - primarily Compaq and HP models and old laptop models may have Service Pack 1) cannot be patched without a major update. They need to be updated to Windows XP Service Pack 3 before they can be patched against the vulnerability. The computer can be cleaned, but will be reinfected quickly. Call the Helpdesk at x3205 if you have Service Pack 1. You can check by right-clicking on "My Computer" on your Windows XP system and selecting "Properties". The service pack level is listed under the "System" heading.


If you are NOT on campus, or have a non-Drew-issued computer running Windows XP or Vista
, you will need to use the Windows Update feature to update your computer. If your computer is already infected, the worm prevents Windows Update from running correctly, and also blocks you from accessing Symantec's web site, among others, so you can't download the disinfection tool from their web site. You can get a copy of it at:

http://depts.drew.edu/cns/FixDownadup.exe

Once you do that and reboot, you should be able to get to Windows Update. If you are a Windows XP users using Windows Update should install Service Pack 3 and then return to Windows Update after that to check for remaining packages. This could take a considerable amount of time, depending on the speed of your internet connection. We strongly recommend you re-run FixDownadup.exe again after you have installed all critical Windows patches.

Paul R. Coen 01-25-2009 08:29 PM

Non-Drew Vista or off-campus Vista machines
 
After downloading the FixDownadup.exe file, right click on it and select "run as Administrator" for the tool to work correctly.

For on-campus Vista users with Drew-issued computers, running it from the login script runs it as administrator (assuming you are one on that particular computer, so you should be fine.

Krista White 01-26-2009 09:58 AM

Quote:

Originally Posted by Paul R. Coen
After downloading the FixDownadup.exe file, right click on it and select "run as Administrator" for the tool to work correctly.

For on-campus Vista users with Drew-issued computers, running it from the login script runs it as administrator (assuming you are one on that particular computer, so you should be fine.



I'm grateful that CNS hopped on this problem so quickly. How often does CNS use Symantec to resolve problems like this? I was a bit confused until I went through the email thoroughly because we don't have Symantec listed as our default virus scanning software.

Thanks again for your quick response to this vital issue!

Krista

Paul R. Coen 01-26-2009 10:26 AM

We don't, normally.
 
It's a free tool they're distributing. Other companies were doing that as well, but this one worked on the particular version of the worm we found on an infected machine. We've done this in the past, but it's been several years.

When there's a specific problem that needs removing, it's usually easier to throw a specific tool out there. This one is easy to script, it's just one file to distribute and it's usable by any end user on any computer (rather than Drew-issued only), etc. Also, we don't have the same version of F-Prot on all Drew-issued computers yet.

Jonathan B. Reams 01-26-2009 11:07 AM

We actually tried a number of removal utilities before settling on the Symantec one. We found that it provided the best balance of UI, not using the whole processor, speed, and detection abilities of the various tools out there. The other ones didn't actually find the virus or took a huge amount of time and made your computer incredibly slow while scanning. Overall, I'm pretty happy with the tool, it's pretty good.

Mike Richichi 01-26-2009 11:57 AM

And, please, you can do other things while it's running, you don't just need to wait for it.


All times are GMT -4. The time now is 11:32 AM.

Powered by vBulletin® Version 3.5.7
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.

Drew University is not responsible for the content of posts made on this site. All posts and comments reflect the opinion of the author.