skip to primary navigationskip to content

Latest virus alerts

Ransom-WannaCrypt (May 2017)

A new ransomware that spreads like a worm by leveraging vulnerabilities that have been previously fixed. While security updates are automatically applied in most computers, some users and enterprises may delay deployment of patches. Unfortunately, the ransomware, known as WannaCrypt appears to have affected computers that have not applied the patch for these vulnerabilities. 

Please install MS17-010 if you have not already done so.

An extra dat file is available here:

and directly from McAfee here:

Further details:


Cryptolocker (10th October 2013)

There have been multiple incidents of Cryptolocker ransom ware detected in institutions where files have been encrypted on network shares. Infected systems will also display a message asking for $300 or 300 Euros to decrypt your files. Infected systems will try and scan any network share or mapped drive it can access, as well as encrypting locally found files. If it can it will try and encrypt a very large range of Windows file types. Success of encryption will depend on the rights of the logged in user to the shares in question. High or Very High Heuristics need to be set in McAfee to detect components of this malware. If not, it will not detect some or all of it.

We have an Extra.dat (see link below) which will pick up other components which were not being picked up at all in initial infections. Users of the managed ePO service have had this deployed already.

Currently there is no way to decrypt the files, if you are affected you will have to go to backups to recover documents.

The following files have been found been on an infected system;

retln.exe (Requires attached extra.dat)

Some more info;

W32/autorun.worm.aaeb-h (29th November 2012)

McAfee has received multiple reports of customers who are severely affected by variants of W32/autorun.worm.aaeb-h.
W32/Autorun.worm.aaeb-h has the ability to infect removable media devices and mounted network shares. It can also copy itself into .zip and .rar archive files.
The infection starts either with manual execution of an infected file or by navigating to a folder that contains infected files. This threat has the ability to download other malware or updates to itself as directed by a Command-and-Control (C&C) server.

For more information on McAfee product coverage and mitigation for this threat, see Threat Advisory: W32/Autorun.worm.aaeb:

Newly Discovered World-Wide Threats

McAfee's webpage of newly discovered threats can be found at A more general summary of such threats (which aims to cover the differing names they are known by) can be found at


You may sometimes receive warnings forwarded to you by someone you know which describe frightening new e-mail based viruses (e.g. Jdbgmgr.exe hoax). These are almost always hoaxes. These hoaxes can generally be identified by a request to forward the information to everyone you know. No genuine anti-virus information will make this suggestion! More information can be found at:

Unknown Viruses

If you find that there is no known virus which exhibits the symptoms that you are seeing, and you have a copy of a file that you believe contains the virus code, you can find information on how to submit a virus sample to McAfee here: How To Submit A Virus Sample.

Getting help

UIS Service Desk
General support queries

  Phone padded  (01223 7) 62999

UAS Service Desk
Administrative staff queries

  Phone padded  (01223 3) 32999

Other IT service desks