At approximately 10 am, an error message popped up on hundreds of HSPH computers warning users that they had a virus and their computer would shut down in 1 minute. Their computer was then stuck in a reboot cycle.
This was not actually a computer virus outbreak, but rather a faulty data update from our security vendor McAfee. This issue was global and not isolated to HSPH. There are reports of other universities, government agencies, and businesses experiencing similar issues (see below for news articles).
- Issues surfaced at approximately 10 am after computers at HSPH started to receive the automatic update from McAfee (DAT 5958).
- HSPH IT staff worked closely with McAfee for several hours including hosting a Webex session from McAfee to an “infected” machine at HSPH.
- McAfee released an updated data file at approximately 1 pm.
- HSPH IT staff tested both a pushed deployment fix using Novell and a manual fix for other users.
- At 2 pm, HSPH Helpdesk sent email to community with instructions for Novell users to update the data file.
- At 2:30 pm, HSPH Helpdesk staff started going floor to floor to update computers in need of manual updates.
- Computer laboratory machines and classroom machines were not impacted. Neither students working in computer laboratories nor courses were affected.
- Mac computers were not impacted.
- Not all users at HSPH were impacted.
Update procedure if on Novell network:
- REBOOT your computer
- LOGIN to Novell
- Wait for the computer to RESTART itself (approximately 1-2 minutes)
- Your computer should then be updated with the new data file and you can login.
Update procedure if you do not login into Novell:
- Contact the Helpdesk at 432-HELP, email@example.com. It will most likely require a technician visit to manually install the new datafiles.
- Botched McAfee Update Shutting Down Corporate XP Machines Worldwide — Engadget, April 21, 2010
- McAfee Antivirus Program Goes Berserk, Reboots PCs — Associated Press/New York Times, April 21, 2010
- Buggy McAfee Updates Slams Windows XP — CNET, April 21, 2010