User:Rewood/Important virus

From WolfTech
Jump to navigation Jump to search

I swear some times I jinx myself. For those of you who erased the Norton Antivirus email I sent out yesterday, you can still find the article at http://www.wolftech.ncsu.edu. Make sure you install the software on your home computers.

So, first off, don't panic. This "Important" virus was pretty much a dud. All it does is mass email and propagate itself. Information on the virus can be found either at the link below or through our website (url above) on which we display the latest virus threats. http://securityresponse.symantec.com/avcenter/venc/data/w32.impo.gen@mm.html

Many of you sniffed out the virus and didn't open it. Well done. Random attachments are never good to open. Many others did open it, only to have Norton protect you. It looks like 5 of us (not bad when you consider we have close to 1000 machines) got hit.

Why these few?

I know at least one had been turning off their computer at night. This is a NO-NO. The virus protection is updated at night and if your machine isn't on, then you're not getting the updates.

POP vs IMAP. I'll be sending out instructions regarding this later today. Basically, if you're still using an email account that is POP, the way your email client works (assuming we have a front-end client - Eudora, Outlook, Outlook Express, Netscape, etc) is to download all your mail locally to your machine and then read it. This download process will often trigger viral attachments. Norton should catch it, but we're trying to eliminate chance, not depend on it.

The timing on this was also a factor. This guy was brand new, having been release today. So those with even one or two week old definitions were vulnerable. The automatic updates occur weekly, tonight, in fact, so had it happened tomorrow, chances are you wouldn't have even noticed.

We get hit by viruses every week. Basically, this guy just got lucky. Virus protection is never fool proof, but hey, that's why you've got me. ;-)

What to do now:

(First, make sure you HAVE Norton AV => if not, get it from the downloads at http://www.wolftech.ncsu.edu)

1. Obtain the most recent virus definitions. While you would get this tonight, why push the envelope. Run LiveUpdate. LiveUpdate is the easiest way to obtain virus definitions. These virus definitions have undergone full quality assurance testing by Symantec Security Response and are posted to the LiveUpdate servers one time each week (usually Thursday) unless there is a major virus outbreak.

2. Start Norton AntiVirus (NAV).

3. Run a full system scan. (this can take a while)

4. Delete all files that are detected as W32.Impo@mm.

Retrieved from "https://tools.wolftech.ncsu.edu/support/index.php?title=User:Rewood/Important_virus&oldid=3196"