Medical Students
Biomedical Engineering
Sites in Education
Viurs Malware Alert
There have been a rash of computers getting infected by malware/viruses over the past few weeks.
The cause of the recent attacks tend to be from users being notified by a FAKE antivirus program resembling this:
FAKE Warning looks like this:
- The source of the attack has been from trusted sites all over the internet.
- From CNN, Facebook, Internet radio, weather and more there is no such thing as a “Safe” site.
- The users are led to believe that they must “update” or “install” the FAKE AV program.
- If the user clicks any of the buttons the program offers, it immediately hijacks the computer.
- It paralyzes the real AV program. It paralyzes Windows updates. It severely messes up the computer.
What to look for:
- It is important that the users know what AV program they currently have on the machine so that they can tell the difference from the FAKE AV program.
- UVA has a site license to SYMANTEC ENDPOINT PROTECTION and SYMANTEC AV Corporate Edition.
GOOD (looks like this): |
BAD (looks like this): |
(Above images appear in taskbar, lower right corner, next to the clock.)
If a user receives any messages about virus activity they should immediately do one of the following without clicking any of the buttons on their screen:
- Contact their LSP
- Call the HS/CS Help Desk (Medical side. 4-5334)
- Call the ITC Help Desk (Academic Side. 4-help)
If the user decides to deal with the potential infection themselves it is important that the NOT click on the FAKE AV message window.
They Should kill the window using Task Manager.
- Hold Ctrl +Alt and press Delete then choose Task Manager
- Go to the Applications Tab
- Select all instances of Internet Explorer (Or other Browser) and click End Task
If the machine is infected the problem can be removed by:
- SOMETIMES scanning and removing infected files with MALWAREBYTES sloves the problem
- Download FREE Malwarebytes version here.
- If MALWAREBYTES fails, the users profile should be Backed up and removed.
- Then the profule should be recreated. (Contact IT Support.)
- If New Profile still doesn’t solve problem...
- Then, the computer needs to be backed up and wiped clean. Then re-setup.
written by
David Stewart
IT Support
Deans Office / Neurology / Surgery
