Computer network managers around Buffalo struggled Wednesday to eradicate the W32/Nimda virus -- which some called the worst they've seen -- after it knocked out popular local Web sites.
Compared with previous viruses "this is more challenging by quite some order of magnitude," said Voldemar A. Innus, chief information officer for the University at Buffalo.
UB was trying to eradicate the malicious code from about 100 "server" computers throughout its two campuses Wednesday, he said. Disinfecting thousands of individual PCs will take longer.
Nimda targets Microsoft server computers that power networks, as well as home computers that run Microsoft Internet browsers and e-mail programs. A PC can become infected by Nimda simply by visiting an infected Web site.
Also hit was the Western New York Regional Information Network, a highly traveled directory site. It shut down two servers, including its main public Web site, operations director Olivia Arditi said.
And Buffalo.com, a Web portal operated by The Buffalo News, unplugged itself to avoid catching the virus and spreading it to users, officials said. The site was offline for most of Wednesday after being switched off Tuesday afternoon.
"This is very different than anything we've seen before," said Dorothy Gallagher-Cohen, Buffalo News vice president of new media and integrated marketing. The Web portal's servers are separate from The Buffalo News internal network, which was infected Tuesday night, delaying Wednesday morning editions and causing problems with editing functions all day.
The code is especially dangerous because it can spread through e-mail, over Web sites and through files passed over internal networks. Although it doesn't explicitly destroy data on a computer, it clogs systems with its replication efforts and can corrupt existing files, experts said.
"I'm calling it the neutron bomb . . . I've never seen anything as bad as this," said Jeff McCaskey, president of the Aurora Consulting Group, a software development company in East Aurora. After tediously eradicating the virus from a server, the machine can become reinfected from another computer on the network, he said.
Nimda split local computer administrators into two camps. While networks using Microsoft operating systems struggled, those that run Unix technology were unaffected.
At Synacor, a Web-mail company in Buffalo formerly called Chek.com, a Unix platform kept the company and its 8 million end users Nimda-free, according to Chief Technology Officer Mark Musone. Such virus attacks actually aid the company's business by convincing firms to outsource their e-mail services, he said.
At The Buffalo News, technicians had to isolate publishing systems from other computer networks to publish Wednesday's editions, Managing Editor Ed Cuddihy said. "We've got a couple dozen servers on our network here and you can't just shut them down," he said.
Computer users at Amherst Central School District said they experienced network problems on Wednesday, but the district isn't sure the problems are virus-related, assistant superintendent Paul Wietig said. Internet access, although important, isn't critical for the district's daily teaching activities, he said.
Individual users will know if their computer is hit by a huge volume of dummy files appearing on their hard drive, experts said. Perhaps more troubling is that Nimda opens the contents of the primary hard drive to other users of the network.
Experts recommend that PC users running Microsoft operating systems from Windows 95 or later should take these steps to protect their system:
Delete e-mails with attachments, unread.
Disable Java script in Internet browser programs. Java allows Web-based programs to run on a connected PC, but can be disabled in a user options menu.
Download anti-virus software and removal instructions from vendors including Symantec (www.symantec.com), McAfee (http://vil.nai.com) and Trend Micro (www.antivirus.com).
On its Web site, Microsoft provides "patches" that inoculate its programs against the virus, field marketing manager Michael L. Allen said. "Customers need to be diligent in making sure they install those patches," he said.
A software update to close security holes was distributed Aug. 15 that blocks the Nimda bug, according to Microsoft.