First let me state up-front that neither my last message, nor this one, is intended as a complaint. I fully support everything that the MSU Computer Lab staff are trying to do to contain this outbreak, and I and my staff will do everything we can to assist.

After speaking with Rich Wiggins on the phone, he asked me to relate some of my experiences trying to isolate and patch computers for the various Microsoft vulnerabilities. Since MSU-DCL starts classes a week before the rest of MSU, I started sending emails to Faculty and Staff last Monday to warn them NOT to skip the next Windows Update message they receive, but to install anything and everything suggested. We had a number of faculty who were away for months, or may never have turned on their laptops over the summer who were ripe for infection. We managed to keep most of them from catching the first round of worm infections last week. If you have Windows Update setup to automatically download and install patches, than this obviously doesn't apply. If you have faculty who left their computers off all summer, and you have the rights to enter their offices before they return, you may want to start throwing some of your student help at updating those PCs before they get back.

Since Saturday, the 2nd day of the law school orientation, we've been helping students download and run fixBlast.exe from www.norton.com, as well as use the Shutdown /a switch to keep the infected XP workstations from shutting down long enough to actually run the fix and download the patch from Microsoft. We've handed out over 50 CDs with fixBlast.exe plus patches for XP and Win2k on them, as well as many floppies with fixBlast.exe and the Microsoft patch for XP on them. We've also handed out about a hundred copies of the PDF file that was made available at http://help.msu.edu/virus/blaster.html

Unfortunately, the instructions on this PDF aren't valid for students who's network access is already cut off (since it requires net access to download the files.) I've been advising students who have cleaned up their PCs and laptops to call the number listed on the DHCP website for reinstatement, but that turned up another issue today. Students have been running the fix and patch programs directly from the CDs we provided. The fixblast.exe program tries to write a log file to the same location where it was run by default, so for many of our students, the program doesn't generate a logfile since it can't write to the CD. Unfortunately, the consultants at MSU are asking for this logfile as proof that the PC is clean before allowing students back on the network. I've already had reports from our students that they've been denied reinstatement, even after they clean their PCs and laptops. I've passed that information on to Rich last time I spoke with him, but I just wanted to share that with everyone who is currently helping students.

I'm preparing a new CD with the fix files for Blaster, Welchia, Sircan, and Mtx infections, as well as the blaster patches for XP and Wind2K, and the IE6 SP2 and Win2K SP4 files. I will probably manually add the most recent Microsoft patches that were announced today to this disk as well. That should take care of the majority of patches needed by new and returning students who may not have updated their PCs or laptops all summer long. (My techs have been manually disconnecting faculty and staff PCs from the net, and running all the patches from clean CD copies until we are sure they are clean, then restoring their network connection.)

I have also been running regular scans within my building on our machines that are on fixed IP ranges, using a free tool downloaded from www.eEye.com (which was suggested to me by Joe Budzyn. Thanks Joe!) It's helped me catch a few machines here and there.

Any thoughts, suggestions, or techniques you've used to try and stay ahead of infections on Faculty, Staff, and/or Student computers would be greatly appreciated. Sharing information is one of the best ways we can get clean and keep machines free of infection. My thanks to everyone for their hard work and diligence in trying to stop the spread of these infections on the campus network.