You are here: Home > Notices and News > Caution Urged as New Virus Circulates


There is some new information about the Netsky.C virus on, which will make it very easy this morning to tell if your computer is infected. At 6:00 A.M., Thursday, February 26, 2004, any infected machine will begin beeping (built-in system speaker) and will continue until 9:00 A.M.

If your machine is making a nice beeping melody, please refer to the Netsky information page. Everything we know is up there.

Caution Urged as New Virus Circulates

The latest virus, being referred to as "Netsky-C", began making the rounds at Virginia Tech this morning. This virus comes on the heels of a worm released sometime yesterday (BIZEX) which attempts to infect via Instant Messenger. The university received a pattern for BIZEX at 7:00 p.m. on February 24th, and received the pattern for Netsky-C at approximately 12:25 p.m. this afternoon for the POP e-mail server and shortly thereafter for the Exchange server. Norton Anti-Virus updates are now available to protect against this virus, as well.

As always, it is critical that USERS SHOULD NOT OPEN ATTACHMENTS UNLESS THEY ARE EXPECTING THEM AND RECOGNIZE THE SOURCE ADDRESS! Also, if your department's system administrator doesn't already maintain anti-virus updates for your computer, be sure to make it a part of your routine (at least two or three times a week) to update your computer's anti-virus software (such as Norton).

This particular virus exhibits a range of patterns, sending various attachment types (.exe, .scr, .com, and .zip), a range of subject headings, and several versions of text. If infected, a user's computer can have registry modifications performed, and .dll files replaced or modified.

The university's Information Technology staff are identifying infected machines and temporarily blocking them from sending E-mail. Network liaisons, who are designated to support these machines, are being contacted. We have also taken the step to temporarily block attachments passing through the POP server's virus scanners. The following list matches what is already blocked on the Exchange server:

-*.bat -*.com -*.dll -*.exe -*.js -*.jse
-*.lnk -*.pif -*.reg -*.scr -*.vbe -*.vbs

We are not blocking attachment types of *.txt or *.zip. The *.txt files generally contain warning messages where other virus scanners have deleted the attachment and are simply delivering the original Email. *.zip files could contain the virus, but would require a user to manually "unzip" these, and then run the resulting executable. Since, as a workaround, we suggest users send attachments that are blocked by "zipping" them, we will not block this type unless absolutely necessary.

We welcome your comments, questions and suggestions.

Please send feedback and questions to:
Please send network related questions and concerns to:
Please send questions about student rates and policies to: