The SQL Slammer Worm - What it was and what it did
Clean
up the Add-Remove Box - Orphaned program entries
Faster Boot Tip
Training:
Sophos Antivirus - Installing updating, and using the new SUNY Oneonta
anti-virus software
1. The SQL Slammer
- What is was and what it did
top
The SQL Slammer is
a denial of service worm. It is NOT a virus in the traditional sense of
the word, in that it did not alter or damage the data on the systems affected,
and did not spread through the traditional virus routes (email, etc).
It simply flooded network systems with traffic to the extent that the
pipe capacities of these systems became overloaded.
The worm looked for
SQL Server-based computer systems. It travelled via network connections,
meaning that there was no end-user effect on the outcome of the virus....only
network administrators could do anything about it.
Once the worm was into a system, it sent out network requests for other
SQL servers to respond, so the worm could locate those servers and move
on to them. The request/response cycle was what caused the dramatic slowdown
in internet speed. Once system administrators realized what was going
on they had to shut the networks down to stop the spread of the worm,
and to perform emergency patching of the SQL server.
While few people in the res halls may be running SQL server itself, some
may be running MSDE (MS Desktop Engine) which connects the end user machine
to a SQL server based app on a remote machine. This makes the student's
machine vulnerable. Microsoft has the patch at the following website:
http://www.microsoft.com/downloads/details.aspx?FamilyID=9032f608-160a-4537-a2b6-4cb265b80766&displaylang=en
The software is also
available on our server at ftp://helpdesk.oneonta.edu/slammer/sql2ksp3.exe
Don't just install this on any machine. If someone is experiencing a significant
slowdown, and they have SQL-server based software (such as MSDE), you
may patch it with this software. Let me know when you think you'll
be doing this.
2. Clean up the
Add-Remove Box - Orphaned Program Entries
top
Orphaned program entries are references to programs that
you have already removed. The reference to the program has not been taken
out to the list of applications to be removed in the Add-Remove Programs
dialog. This is one way to get rid of those entries. Note:
This involves a registry hack. Back up the registry before you perform
this procedure.
Go to Start > Run
and type 'regedit'.
Back up the current registry by exporting it to the root of c:\ (or what
ever hard drive the current OS is booting from).
Navigate to the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Uninstall
The programs listed are in the form of subkeys in the left-hand pane under
the 'Uninstall' subkey. Delete the entry in question, exit the registry,
and restart the computer.
3. Faster Boot Tip
top
If you're performing a troubleshoot, and the computer has a lot of startup-applications
(which can make the multiple restart process long and tedious), you can
shorten the process by holding down the 'shift' key while booting. That
will tell the system to skip all startup items. Please note that this
is only for that session, not a permanent fix.
4. Training: Sophos Antivirus
- Installing updating, and using the new SUNY Oneonta anti-virus software
top
top
|
