Iowa State University

ITInformation Technology

Worm Discovered on Campus; Update Your Anti-Virus Software

This news item expired April 22, 2009. It may contain out-of-date information.
IT Services has detected an outbreak of a worm on campus, called W32.Tidserv.G by Symantec, that affects Windows systems. Other anti-virus vendors may have a different name for this worm.

W32.Tidserv.G spreads by copying itself to removable drives. It may also simulate a fake DHCP server and download potentially malicious files to the compromised computer. Although the infected computer may not show any symptoms, typically machines on the same subnet or local area network will have trouble connecting to servers, websites, etc.

The current versions of VirusScan (McAfee) and Norton (Symantec) will detect and remove this worm. As infected machines are identified, IT Services will be blocking them from the network. As a result, a red screen will appear when attempting to go to any website. If you have received the red screen indicating a block of a compromised computer, update your anti-virus software and run an on-demand scan.

Faculty and staff should contact their appropriate IT support staff for remediation. Students can call the Solution Center at 515-294-4000 for assistance.

Updates will be posted here as we know more.