Office of the Vice President for Global Communications

Friday, April 23, 2010

Campus IT staff works to remedy
antivirus software problem

On Wednesday morning, information technology staff began receiving reports of what initially sounded like a major computer virus infection in various parts of campus. Staff later learned it was a false alarm, but in some areas, Windows XP computers with Service Pack 3 and McAfee AntiVirus software already were reacting, continually rebooting themselves and becoming unusable.

The problem lay within the McAfee AntiVirus software itself, which released an automatic update to subscribers that included a file that incorrectly identified a critical system file as a virus. IT staff stopped automatic updates to campus, and McAfee released an emergency fix in the late afternoon.

“As soon as we knew there was a problem, we immediately started working to find a fix and to prevent other machines from having the problem,” says Bruce Burrell of Information and Technology Services’ antivirus team.

The Computer Showcase in the Michigan Union is offering free remediation service to any student, faculty or staff member who needs assistance during regular business hours.

“We are prioritizing staff time to keep up with the demand. It only takes 10-15 minutes, but there might be others waiting,” says Dan Fuller, technical lead at the Showcase. Users also can call 4-HELP (764-4357) or e-mail virus.busters@umich.edu for assistance.

“This was first brought to my attention by a student who was updating a loaner PC,” says Joe Gorde, IT security officer and lead network administrator at the School of Education. “The computer wouldn’t stop rebooting. As I was looking it, my phone started ringing non-stop. It seemed like an external attack at first because everyone was getting hit at once.”

IT staff across campus spent the majority of Wednesday sharing information and remediating processes, which was “both enlightening and frustrating. For a while, we didn’t know what would work,” says Gorde. “Then we realized this was hitting computers worldwide.”

The scope of the issue on the Ann Arbor campus was unclear by Thursday. One area of campus, the U-M Health System, reported a significant adverse impact. Others, such as Business and Finance, and LSA, with a mixed computing environment of Macintoshes and PCs with different operating systems, were unaffected.

At UMHS and the Medical School, approximately 8,000 out of the system’s 25,000 computers were taken offline. Ninety percent of the affected workstations had been fixed by Thursday afternoon, says Bruce Spiher of UMHS Public Relations. Neither clinical operations nor patient care were affected.

Spiher said 100 people from Medical Campus IT were deployed to work on the problem. Health system employees with laptops in need of the software fix can take them to a laptop clinic today from 7 a.m.-7 p.m. in University Hospital Room 2C228. The repair process takes about 10 minutes, Spiher says.

McAfee released a remediation process Wednesday afternoon. “By the time I went home I felt better knowing that this wasn’t a real attack,” says Gorde. “We didn’t have to worry about data compromise, and we had a fix that was going to work and be relatively easy to implement. But we knew Thursday would be busy.”

— James Iseler contributed to this article.