I live in a dorm. Can ResNet help me with the virus on my computer?

| | |

ResNet does provide appointments for some virus-related problems in the dorms. If you are having a problem with a virus and you are not sure how to remove it, call the NBCS Help Desk at 848-445-HELP for assistance. If the consultant is unable to help you solve the problem over the phone, in some cases a ResNet consultant will make an appointment to come to your dorm to work on the problem further. ResNet does not guarantee that these problems will be fixed, and if the consultant cannot solve your problem in a one-hour appointment, you may need to take your computer to Computer Repair, a paid service that provides assistance with computer problems.

What is RADS and how do I get it?

| |

RADS is a virus detection program that runs on Windows machines. Along with detecting viruses it also provides the tools with which you can remove the viruses. This program is available as a free download for all Rutgers University students, faculty, and staff.

What is the Slammer worm?

| |

The SQL Server Resolution Service (SSRS) was introduced in Microsoft SQL Server 2000 to provide referral services for multiple server instances running on the same machine. It contains a heap buffer overflow that allows unauthenticated remote attackers to execute arbitrary code by sending crafted requests to port 1434/udp. The code within such a request will be executed by the server host with the privileges of the SQL Server service account.

What systems are vunerable to the Slammer Worm?

| |

The following systems may be vunerable to the Slammer Worm:

  • Microsoft SQL Server 2000
  • Microsoft Desktop Engine (MSDE) 2000

SQL Servers patched with Service Pack 3 are not infected.

What are the symptoms that my system may be infected by the Slammer Worm?

| | |
  • Unusually high outgoing traffic from an infected system to the port 1434 UDP. This worm does not exist as a file on your system. No INI or registry keys are created by this worm. The MD5 checksum of the worm (376 bytes) is A0AA4A74B70CBCA5A03960DF1A3DC878.
  • The malformed packet is only 376 bytes long (which is the full worm!) and carries the following strings: "h.dllhel32hkernQhounthickChGetTf", "hws2", "Qhsockf" and "toQhsend".
Syndicate content

Still have a question?

Didn't find what you were looking for? Do you still have a question you need an answer to? Just click here to send us a message, and a memeber of our staff will contact you shortly.