The University of Sheffield
Corporate Information and Computing Services

Current Threats

This page outlines contains information about the threats currently facing the University.

It is intended as a supplement to the general policy and guidance given by CiCS.

"Security Tool" Spyware Infection

CiCS Helpdesk have seen a dramatic increase of computers showing signs of being infected with a "Security Tool" spyware infection.

Generally, this will prevent you from running any other programs on your computer, or browsing the internet.

The easiest way to remove this fake anti-virus is to perform a Windows System Restore to a time prior to the infection. This will not affect any files or documents created during the period of infection, but will restore your Windows System Files to a clean state. Instructions can be found via the link below.

Security Tool Spyware

Ramnit

The ramnit virus effectively destroys Windows XP computers. It infect exe files, dll files and html files, and cannot be removed.

If you think you have been infected by ramnit bring your computer, along with your original manufacturer's recovery discs to the Computing Centre. We will attempt to back up your data, format your hard drive, then reinstall your system and data. If you do not have your original recovery discs we may still be able to help.

Ramnit can also infect Windows Vista and Windows 7 computers but the damage is less severe and the virus can be effectively removed by staff in the Computing Centre.

CiCS is currently seeing a lot of computers infected by ramnit so please be extra vigilent on the internet. Although the virus can be caught by downloading free smileys, it is more often associated with counterfeit software or 'key cracks'.

Finally, if you think you may be infected by ramnit, do not use your computer for credit card payments until given the all clear by a member of CiCS staff.

Fake Antivirus Malware

There has been a recent spate of malware incidents affecting Windows computers. Because of the way the malware infection works, it also affects accounts on the Managed Desktop Service but with a lessened impact. The malware is often disguised as antivirus software. This malware can potentially capture personal information, take control of computers and corrupt files.

The malware is asking for personal information such as credit card details; under no circumstances should you provide this information.

Investigations indicate that the source of this infection is primarily unlicensed video streaming websites; in particular those offering sporting events and movies for which you would normally expect to pay.

Update June 2010 - The number of infections reported to the Helpdesk has fallen significantly.

Identifying the problem

The malware most commonly presents itself as antivirus software. This fake antivirus software will detect multiple threats on the computer and ask you to register the software before the threats can be removed.

When you try to register the software you will be asked for the credit card details.

The malware is very persistent, will reduce your computers functionality (for example disabling other programs) and is difficult to ignore.

Further information is available from the link on the right.

Removing the malware

If you have or suspect a malware infection on your computer or computing account please contact the CiCS Helpdesk on 0114 222 1111.