Re: Mandating format/reinstall...

["Bruhn, Mark S." <mbruhn () INDIANA EDU>]

Well, "questions" was a misnomer.  Below is the message we're using for
korgo, as an example.  The person must respond indicating that all of
these things have been done, or they aren't unblocked.  
M.


-- 
Mark S. Bruhn, CISSP, CISM

Chief IT Security and Policy Officer
Associate Director, Center for Applied Cybersecurity Research
(http://cacr.iu.edu)

Office of the Vice President for Information Technology and CIO
Indiana University
812-855-0326

Incidents involving IU IT resources: it-incident () iu edu
Complaints/kudos about OVPIT/UITS services: itombuds () iu edu


***Your access to the IU network is being blocked to protect the
network.***

Network reports indicate that the computer listed in the subject line is
infected with a virus or worm (in this case, Korgo.V). This virus
provides hackers full access to your computer. In these cases it is
necessary to completely rebuild the computer to clean all traces of the
virus from your computer and to protect you from future compromises.
When you are finished and wish to have your access to the IU network
re-enabled, please reply back to us and outline what actions you took.
You must take all actions listed in order for us to re-enable your
access. Please ensure you take ALL of the following steps:

Please note: If you live in on-campus housing (residence halls or Greek 
housing), steps 3-5 should be completed using the Get Connected CD.

        1. Backup your personal files. If you don't do this step, you
will lose all of your data when you perform step #2.
[http://kb.iu.edu/data/akvi.html]

        2. Perform a clean install of Windows XP. Make sure you use a
different password for the Administrator account when setting up
Windows. [http://kb.iu.edu/data/aksz.html]

        3. If you have installed Windows XP as the operating system,
follow the instructions outlined here [http://kb.iu.edu/data/albz.html]
to enable your firewall.

        4. Apply the current patches to the operating system (these are
available on the IUWare Security CD).  [http://kb.iu.edu/data/amkr.html]

        5. Install anti-virus software (also available on the IUWare
Security CD). [http://kb.iu.edu/data/agzf.html]

        6. Change your IU network ID password.
[http://kb.iu.edu/data/aclx.html] Also, if you didn't select a different
administrator password during windows setup, you should change it before
you connect to the network. [http://kb.indiana.edu/data/anro.html]

If you have any questions about these instructions, need help obtaining
the IU Security CD or new operating system software, or would like
assistance with the process, please consult with your departmental
computer support staff. If you do not have a departmental computer
person to assist, please call the UITS Support Center at 855-6789 (IUB)
or 274-4357 (IUPUI).  Email: ithelp () iu edu

DO NOT CALL OR EMAIL US TO OBTAIN SUPPORT; WE ARE NOT A SUPPORT UNIT.
Please contact the Support Center for assistance. 

Thank you for your immediate attention to this important matter.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.