[unisog] Cleaning up after klez

Paul Schmehl pauls at utdallas.edu
Tue Apr 30 21:49:00 GMT 2002


Disconnect the infected machines at the switch, and don't 
reconnect them until they're cleaned.  (If you aren't 
switched, pull the network cables and take them with you.) 
Klez is network aware, so as long as one infected machine 
is on your network, you are at risk of reinfection.  (This 
is standard policy at UTD.)

Use Symantec's cleanup tool (the URL *will* wrap): 
http://securityresponse.symantec.com/avcenter/venc/data/w32
.klez.removal.tool.html

Require up to date AV protection on all network-connected 
Windows boxes - no exceptions.  This is also standard 
policy at UTD.

Incorporate attachment blocking at your mail gateway. 
Block all EXE, SCR, PIF, COM and BAT files, both incoming 
and outgoing.  This is also standard policy at UTD.

There can be no exceptions to these policies, as they are 
critical in your fight against virus infections.  Without 
them, you lose.

--On Tuesday, April 30, 2002 11:06 AM -0700 John 
Stauffacher <stauffacher at chapman.edu> wrote:

> All,
>
> Anybody out there have any real good ways of stopping the
> W32.klez virus/worm. Our university seems to have been
> infected and I am searching for solutions to both block
> and sequester the already infected machines. Any help
> would be appreciated.
>
> ++
> John Stauffacher
> Network Administrator
> Chapman University
> stauffacher at chapman.edu
> 714-628-7249



Paul Schmehl (pauls at utdallas.edu)
Supervisor of Support Services
The University of Texas at Dallas
AVIEN Founding Member



More information about the unisog mailing list