Virus UpdateFebruary 7, 2005All day
Please be aware that we had some virus issues last week, and the week before. These problems have been isolated and are now classified by Symantec as a variant of Randex. We currently have a number of student machines that appear to be infected. All infected ports are being shut off and listed on the Restricted Network Access page also linked off the Hitlist - on the side panel. Please check this list first for any complaints about network issues. We are trying to contact them as we turn off their ports, but this hasn't happened all the time.
If they are on the list and the reason is infection - they will need to follow the removal process or bring their machines in for NFD (this Thursday).
Randex Removal:
- Reboot in Safe Mode (detailed directions for booting in safe mode)
- Scan with defs dated at 1/31/05 or newer
- Remove any quarantined files
- Remove the following reg keys from the registry:
- HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
Winzip Archiver=Winzip32.exe - HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices
Winzip Archiver=Winzip32.exe - HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunService
Winzip Archiver=Winzip32.ex
- HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
- Reboot.
After they have completed the removal directions they can call and we can scan their machines and re-enable their ports. Please talk to Dan or Ethan or the dutyperson to re-enable a port.
If you have questions about this - please ask.