Important Virus Alert

Monday, September 1, 2003. A major virus outbreak has affected many companies, colleges, and universities ⁽¹⁾.  Since students began arriving back on campus, the Presbyterian College network has been affected.  

Thank you to those of you who have patched your systems already.  For those who have not yet done so, we need you cooperation to get the network back to normal as soon as possible.

If you have Microsoft Windows, please read and follow these steps right away.  Macintosh and UNIX systems are not affected by the viruses in question, so if you have one of those systems, you do not need to read any further.  No action on your part is needed.

Windows users need to address one or two issues, depending on the version of Windows on their systems.

1. Patch Blaster worm hole.
2. Scan for viruses

If you are running Internet Explorer as your web browser, you may choose to open the link to run the patch immediately.  

If you use Netscape, you may have to download the patches to your local disk and run them from there.

Step 1. Patch the Blaster worm hole apply to Windows XP, NT 4.0, 2000, & 2003.

This step takes only a few minutes. 

• Determine which version of Windows you have.  This normally shows up when you turn on or restart your system.  Most recent versions are Windows XP.
    
• Windows 95, 98, or ME - skip this step and proceed to step 2.
• Windows XP, 2000, 2003, NT 4.0:  Patch the hole in your system that the Blaster worm uses to spread ⁽²⁾.  
  (If you do not know which version of Windows you have, try the XP patch first; that is by far the most common version.  The patch process will fail if you choose the wrong one, but it will not harm your system.)

Choose one:

Patch for Windows XP (Home & Office)  (most common)

Patch for Windows 2000

Patch for Windows 2003

Patch for Windows NT 4.0

Step 2. Scan for viruses.

This step may take an hour or more if you have lots of files on a large hard disk.  If you cannot do right now, please start it the next time you leave your computer.

• Download a free, special purpose tool, called "stinger". ⁽³⁾

Stinger.exe.

The scanner will display a dialog box like the one shown below.  Click "Scan Now."  This can take an hour.  Please let it run to completion.  

If the tool reports infections that could not be cleaned automatically, 
call extension 7100 and leave your name and number.

Questions?  Contact the Residential Computer Consultants at extension 7100 (864-833-7100) or e-mail resnet@presby.edu.

What's next?

To prevent this from happening again, the College is exploring extending our site license for anti-virus software to include students and evaluating tools for keeping all systems attached to our network up to date with vendor patches.  (The hole in Windows now being exploited was fixed by Microsoft in July.)  We regret the trouble, and thank you for cooperating to help us fix the problem.

Thank you,

Morris M. Galloway Jr.
VP, Finance & Administration

Last updated:  9/1/2003 9:55 AM

References

(1) News about the viruses.

• http://www.mcall.com/news/yahoo/all-a1_5virusaug27,0,422216,print.story   (Other colleges)
• http://www.washingtonpost.com/wp-dyn/articles/A50967-2003Aug26.html   (Federal agencies)
• http://story.news.yahoo.com/news?tmpl=story&u=/nm/20030829/wr_nm/tech_internet_blaster_dc_30  (Arrest in case)
• http://search.news.yahoo.com/search/news/?c=&p=Blaster (Latest news on incidents)
• http://search.news.yahoo.com/search/news/?c=&p=Sobig 

(2) Microsoft's site about blaster.

• http://www.microsoft.com/security/incident/blast.asp 

(3) Stinger tool.

• http://vil.nai.com/vil/stinger/ 

General Information about securing your system.

• http://www.cert.org/homeusers/HomeComputerSecurity/
• http://www.microsoft.com/security/protect/default.asp