[unisog] Cleaning up after klez
pauls at utdallas.edu
Tue Apr 30 21:49:00 GMT 2002
Disconnect the infected machines at the switch, and don't
reconnect them until they're cleaned. (If you aren't
switched, pull the network cables and take them with you.)
Klez is network aware, so as long as one infected machine
is on your network, you are at risk of reinfection. (This
is standard policy at UTD.)
Use Symantec's cleanup tool (the URL *will* wrap):
Require up to date AV protection on all network-connected
Windows boxes - no exceptions. This is also standard
policy at UTD.
Incorporate attachment blocking at your mail gateway.
Block all EXE, SCR, PIF, COM and BAT files, both incoming
and outgoing. This is also standard policy at UTD.
There can be no exceptions to these policies, as they are
critical in your fight against virus infections. Without
them, you lose.
--On Tuesday, April 30, 2002 11:06 AM -0700 John
Stauffacher <stauffacher at chapman.edu> wrote:
> Anybody out there have any real good ways of stopping the
> W32.klez virus/worm. Our university seems to have been
> infected and I am searching for solutions to both block
> and sequester the already infected machines. Any help
> would be appreciated.
> John Stauffacher
> Network Administrator
> Chapman University
> stauffacher at chapman.edu
Paul Schmehl (pauls at utdallas.edu)
Supervisor of Support Services
The University of Texas at Dallas
AVIEN Founding Member
More information about the unisog