HomeInformation Technology › Win32/Conficker B worm Information

Information Technology

Win32/Conficker B worm Information

Initial Announcement 3/30/2011:

Greetings Southeastern Faculty, Staff, and Students,

Southeastern’s IT department has identified a computer virus threat that appears to be occurring on our Durant campus student domain. This means the computers in some of the computer labs and various other places on campus where students use computers may be infected with a computer virus. The virus in question spreads primarily by the use of portable storage devices (including USB drives). The virus does not appear to  destroy document type data, but an infected PC could require several steps to repair (see link below). We have also noticed an increase of network traffic which would make other services on the Southeastern network appear to be sluggish.

Both network operations and the helpdesk are working to resolve the problem however the process is expected to be ongoing for the next several days. Many of the PC’s on the student network will be cleaned by a simple reboot, but others may need more work. So far, the virus does not appear to have spread to the faculty and staff computers so it’s important that faculty and staff do not transfer data from USB drives that are known to have been used by student computers. Also, the virus does not appear to be spreading in the residential hall network.

WHAT YOU CAN DO:

1.       At this time the Southeastern IT department is recommending that users limit the use of portable USB flash drives in all university computers. This includes PCs in the computer labs and also students delivering assignments to faculty and instructors using a portable storage device. Other means of delivery such as email and other online technologies would be preferred during the course of this incident.

2.       If you use a Southeastern computer on campus, reboot the machine before you login. On most Southeastern student computers, this will help to insure the computer is clean of the virus before you use it.

3.       If you use a computer off campus, make sure the anti-virus software is up to date and has been scanned recently.

4.       The Southeastern helpdesk is available to scan your portable storage device in the case you feel your device may have been subjected to the virus. The helpdesk is located in A104 (administration building next to the library) and open during normal business hours.

5.       Here is a link for more information regarding the virus including information on how to perform a “self scan” for a PC:

http://homepages.se.edu/information-technology/help-desk/win32conficker-b-worm-information/

We appreciate your cooperation during this event. We will send continued updates as we move forward resolving the virus problem. If you have any questions or concerns please contact the Southeastern Helpdesk.

 

Symptoms that you’ve been infected with Conficker Virus

If your computer is infected with this worm, you may not experience any symptoms, or you may experience any of the following symptoms:

  • Account lockout policies are being tripped.
  • Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender, and Error Reporting Services are disabled.
  • Domain controllers respond slowly to client requests.
  • The network is congested.
  • Various security-related Web sites cannot be accessed.
  • Various security-related tools will not run. For a list of known tools, visit the following Microsoft Web page, and then click the Analysis tab for information about Win32/Conficker.D. For more information, visit the following Microsoft Web page:
    http://www.microsoft.com/security/portal/Entry.aspx?Name=Worm%3aWin32%2fConficker.D (http://www.microsoft.com/security/portal/Entry.aspx?Name=Worm%3aWin32%2fConficker.D)

To confirm that the system is clean of the Conficker virus, perform a quick scan from the following Web page:

http://safety.live.com

For More Information Regarding Conficker Virus

For detailed information about the Conficker virus, visit the following Microsoft Web page:

Alias Information: