*~Nothing much~*

Now Playing:

A Song 4 You


Blogs
Andy
 Alanna
 Armhawan
 Bor Shuen
 Eng Meng
 Huimin
 Mabelle
 Mike Kwan
 Nick
 Jason
 Jebai
 Tianyu
 Tris
 William

Sites
AppleTrailers
 CNN
 ESPN
 Friendster
 Dad's Schedule
 NYtimes
 Phonecards
 Soccernet
 Talkingcock
 Udn

School
Addall
 Campus Food
 Coursetools
 Library
 Jstor
 LSA Courses
 MIschedule
 Mgoblue
 TWSA
 Tzu Ching
 WolverineAccess

Click for Ann Arbor, Michigan Forecast

Click for Taoyuan(where the airport really is...), Taiwan Forecast

Click for Singapore Forecast


Archives


Blogger

Weblog Commenting by HaloScan.com

Tuesday, December 02, 2003
 
Look wat email i have just received... how ironic and fun i am having nowadays with my computer!!! WHEE!!!

* * * PLEASE REPLY TO ALL * * *
It has come to our attention that your machine is infected with a virus or trojan. This code is able to replicate across the network independently of your actions, and needs to be addressed immediately.

Because of this infection, I have deactivated your network connection. This preventative measure is in accordance with the Conditions of Use that you consented to while registering your machine with the ResComp Ethernet program:

http://rescomp.umich.edu/Residential.Ethernet/NetGuide/Registration/Conditions.of.Use.php

I have included the University of Michigan's VirusBusters team (www.umich.edu/~virus-busters), on this message. Contact them at virus.busters@umich.edu - you will need to work together to disinfect your system. Their anti-virus services (virus removal and prevention) are free to UM users.

Once they certify your computer is clean, we'll re-enable your network connection. Be advised - they are busy, and deal with customers on a first-come, first-served basis. Depending on their workload, there may be a delay after the first contact.

Another option is to reformat your computer and start from scratch. If you do not follow their instructions(or reformat), you will not be allowed back on the network. They cannot reactivate your connection; they can only verify that your machine is sanitized.


Note: the VirusBusters group is very busy right now. They've given the following suggestions:

===
[Last modified 30 October 2003]
DISCLAIMER: The U-M Antivirus Team supports the entire University; we are
not part of Housing. We can neither disconnect nor reconnect; our task is
to assist you and, once you are fully protected, to recommend to ResNet
that you be reconnected. We process cases in the order they are opened;
we process them all as quickly as we can. But since we are have fewer
than two staff member equivalents and we support all of U-M, please
understand that we may have hundreds of cases open at any one time.
There is no preferential treatment other than for the time the issue is
initiated: no benefit for faculty or staff over students, or vice versa.
Rest assured that we'll help you absolutely as soon as we can, and make
every effort to recommend reconnection as soon as it is safe for you and
the network.

Understood? If not, please reread the disclaimer; otherwise, let's
move on:

Please reply directly to the messages ResNet or members of the
antivirus team send you, so that we have all the information about your
situation. I'm dealing with many many of these at once. It's a good idea
to include virus.busters@umich.edu and resnet@umich.edu in your replies,
so that your case may be processed more quickly.

Also, please follow the instructions carefully and exactly. I know
that should be obvious, but you'd be surprised how many times we have to
ask for more info. The more back-and forth we have, the longer it is for
you -- and everyone who gets afflicted after you -- to get back on-line.

There are three phases: First, you use the Stinger tool to remove a
few particularly nasty viruses, if any. Then you fix some critical
Windows vulnerabilities. Finally (we hope!), you install VirusScan so
that your computer is protected, and then you send the reports of all
these phases to us for analysis. Details follow.

When your machine is clear to be reconnected, we'll alert the ResNet
folks, who do the actual connecting and disconnecting (remember: we're not
Res Hall staff; we support antivirus for the entire University). If at
that time I forget to send you procedures that go beyond the protection
that antivirus software provides, please remind me, and I'll send them to
you as quickly as I can.

Ok, now on to the detailed instructions; you may find it helpful to
print them first so that you can check things off as you do them. It
is important that you do them in the order specified:

1. Run Stinger on your machine

First, be sure to disable System Restore if you use WinXP

or WinME. If you need help with System Restore, phone 4-HELP or
has
information.

[After Stinger runs, you may re-enable System Restore, or not. I
prefer to leave it off; some of my colleagues prefer to re-enable.]

Browse to and
follow the directions there for for using Stinger. In brief:

Download Stinger to your Desktop, then double-click on the
downloaded application. Then, when the scan is finished, use
File/Save report, which will save a file named STINGER.TXT in the
same folder as Stinger itself. [I recommend booting in Safe Mode
before running Stinger, but usually that is not necessary.

** We keep a copy of the most recent Stinger at
** -- you can
** access this from the Housing network, even when you are
** "disconnected". We recommend that you get Stinger here.

Note: it's httpS, not just http.


2. Install the patches from the U-M Security CD, which you can borrow
from your front desk. If you browse from a computer connected to
the 'Net, has more info, as
does the readme document available through the CD's menu.

If you use Windows NT 4, you'll have to apply the patches
manually.
tells you what you need to know.

[Stinger is on this CD, but it is an obsolete version. Please
use the one on Neutralzone instead.]

3. Install the most recent version of VirusScan, available from
even when your
machine is disconnected form the network.

DO NOT USE Blue Discs! The virus definitions are too old,
and we'll end up sending you back to do it again. [When the U-M
Preconfigured VirusScan Installer starts, it should say that it
was created 26 August, 2003. If it doesn't, you have the wrong
version.

DO NOT USE the version from the Virus Busters web site: it isn't
configured for the Res Halls. More important, the versions on
Neutralzone are able to update their virus definitions to the
most recent version, even when you are "disconnected."

If you have Windows NT 4, 2000, XP, or 2003 Server, you must use
VirusScan 7.0. If you use Windows 9x or ME, you must use
VirusScan 4.5.1: VirusScan 7 works only on NT-class machines.

Be sure to use the proper VirusScan installer.

4. When VirusScan is finished installing and you have rebooted your
computer, please email the following to virus.busters@umich.edu --
and you may want to send a Cc: to resnet@umich.edu as well:

a. the STINGER.TXT file (or a *detailed* summary of what it said, if
you didn't save the log)

b. A relatively verbose report of what you did with the U-M
Security CD. A sentence or two describing what you did should
suffice.

c. the VirusScan "post install" log file. For VirusScan 7, that's
vs70pi.txt; for VirusScan 4.5.1, it's vs451pi.txt Use
Start/Search or Start/Find, respectively, to find this file.

Email STINGER.TXT and the post install log file directly, or put the
files on a diskette and send them from another machine. Attach the
files or copy and paste them onto your email. And don't forget to
include a brief description of what you did with the U-M Security
CD.

That will, with any luck, tell us whether you're ready to be
reconnected, or if more drastic steps are required.

-BPB


-----------------
Mr. Eldred Pickett
Network Administrator - HITO
University of Michigan

posted by David at 12/02/2003 05:41:00 PM


Comments: Post a Comment
HOME