<< Back to the FAQs
**Please recognize that the CedarNet support
group volunteers are neither trained nor paid to help with virus
removal. We are only attempting to help identify where it is originating
so that you may help eradicate it.**
Virus attacks can be very different from one another
(as with Blaster and Sobig), in their symptoms and in their method
of infection. Since many of you have called the office with questions,
I will try to make a simple explaination of each, and link you
to more comprehensive articles. The tables on the right are real-time
lists of current and recent virus threats, courtesy of Sophos
discovered - Monday, August 11, 2003
This virus effects ONLY Windows 2000, NT and XP
systems by exploiting a security flaw in Windows.
If you have one of these operating systems, you
need to get the security patch from Microsoft's website
even if you are not infected. (If your computer does
live updates, it is probably already protected.) Basically,
the patch will block the hole where it enters. Once that
is in place you are protected from future infections by
this worm and many of its strain.
It is not an email-borne virus, it sneaks in through your
Internet connection undetected. It will likely create problems
with your Internet connectivity, generating error messages,
locking up your email or browser software, even locking
up your entire system. If you think you are infected, first
you need to run that patch
from Microsoft. Then you need to run a fix-it utility
from an Anti-Virus company like MacAfee or Symantec (makers
of Norton). Usually the company that makes your Anti-Virus
software will have the file you need posted on their websites.
If you cannot get online to download these
files, CedarNet has them. Call the office (233-5765), and
we will put them on floppy disks for you. If you bring two
blank floppies with you, to exchange for the two we give
you, there is no charge.
discovered - Monday, August 18, 2003
This one uses the same vulnerability to infiltrate your
system that the Blaster worm does. Happily this means that
if you have installed the patch above, you are already protected.
Welchia also exploits another flaw in WindowsXP and Windows
2000 which can
be patched through Microsoft.
Interestingly enough, Welchia tries to remove the Blaster
worm. It still can cause trouble to networks and slow down
connections, thus it needs to be removed.
discovered - Monday, August 18, 2003
This one gets in as an email attachment. It may not do anything
harmful to your system, but experts suspect that is was
written for a SPAM company to open a portal into your machine
which they can exploit for advertising. Experts report that
this worm is spreading at record spead, clogging up email
servers and slowing down networks.
Emails containing this virus are around 90-100k in size.
The virus itself is an attachment with various filenames
and endings. The email has a "spoofed"
(faked) email address in the From line, giving
false information about who sent you the email. CedarNet
computers are not directly infected. The Subject
line will vary. Please delete
immediately, any emails with the following subject lines!!!
- Re: Details
- Re: Approved
- Re: Re: My details
- Re: Thank you!
- Re: That movie
- Re: Wicked screensaver
- Re: Your application
- Thank you!
- Your details
As always: Please be careful about
opening email attachments that you are not expecting, and
make certain your Anti-Virus software is current, up-to-date,
and scanning regularly! If you suspect your machine
is infected, and your AntiVirus software did not handle
it automatically, visit their website to download a fix-it
CedarNet is looking
for your organization's webpage to be hosted
or linked with us.