Iowa State University

ITInformation Technology

Blocked Systems

Blocked Systems

The steps you need to take to regain Internet access depend on the reason for the block and your operating system.

Warning: Before beginning any changes of the type described below, you should be aware that there is always an inherent risk when changing software on any computer. In the worst case, you could lose all the files on your computer. Therefore, ITS strongly recommends you have current backups of your important data before proceeding. ITS Computer Data Recovery provides data backup for a fee.

Macintosh and Linux Systems

  • If your system is blocked for a copyright violation, you havebeen notified via email about the steps you must take afterremoving the copyrighted material.
  • For blocked systems other than for copyright violations,contact the Solution Center for specific instructions by phoneat 515-294-4000, email at , or in person at 192 Parks Library.

Windows Systems

  • If your system is blocked for a copyright violation, you havebeen notified via email about the steps you must take afterremoving the copyrighted material.
  • If your system has been compromised, we recommend that you backup important personal files, reformat the hard drive, andreinstall the operating system and software. More information can be found on the Compromised Systems page.
  • If your system has been blocked from the Internet for a virusinfection, follow the instructions below to regain access. You must follow all of the steps in the given order to haveInternet access restored to your computer.

Virus Removal

Some viruses can be removed without reformatting by a competent technician.

  • If you are a student and the infected computer is your personal machine, the Solution Center will attempt to remove the virus for you for free.
  • If the machine is an ITS-supported workstation (i.e., it has a black “IT Services” or “Info Tech Services” tag and bar code on it) contact the Solution Center.
  • If the computer belongs to your department and is not an ITS-supported workstation, contact your departmental IT staff for assistance.
  • If you are a faculty or staff member, the Solution Center will attempt to remove the virus from your computer for a $25 charge.

Backup, Reformat and Restore

The only way to be certain that your computer is infection-free is to back up your data, reformat the hard drive using an application like KillDisk that completely removes the information from the boot sector and unused areas of the drive, and reinstall the operating system and application software. This is a tedious process and may result in lost data unless the person doing it is very careful. Nevertheless, it is the procedure that is most certain to result in a clean machine.

If you have no other alternative, or choose not to use one, begin the following thirteen-step procedure. Bear in mind that attempting to remove viruses may make your machine unbootable, lose files or even make your entire hard disk inaccessible. No antimalware software can detect and remove all malicious software; even after the completion of these steps, your machine may still be infected. Pay close attention to the first step, backup, as it is very important. You take these steps at your own risk.

1. Backup

If at all possible, attach an external hard disk or USB drive to your computer and copy important data from the computer to a backup. If you don’t already have a backup solution, the backup utility built in to Windows is a reasonable choice. Information on its use is available at the following locations:

If automated backup procedures don’t work, you may still be able to copy files and folders to the device manually. If the malicious software has messed Windows up so badly that even that fails and you don’t have a recent backup, you can still use an Ubuntu LiveCD to make a backup without using Windows:

2. Scan from the AVG Rescue CD and record any viruses you find.

Sometimes malicious software prevents antivirus software from running, or prevents them from seeing the malware. Rootkits are a form of malware that cannot be detected or removed from the operating system they infect. Examples of this genre include Alureon, Sinowal/Torpig and HaxDoor. To remove these you must start your computer from a CD or USB drive containing an independent operating system. The AVG Rescue CD is a free tool from AVG. You can download it, copy it to either a CD or USB disk and use that device to start your computer.

The AVG Rescue CD needs to update its virus definitions before scanning. Since your computer will be disconnected from the network, you’ll need to download that update to a disk and install it manually after you’ve started the Rescue CD.

  • On an uninfected PC, go to AVG Antivirus Update and download the file named Iavi.
  • Copy the file you downloaded to a USB drive.
  • Insert the USB Rescue CD into the infected PC and shut it down.
  • Insert the USB drive into the infected PC.
  • Using the appropriate steps for your computer, start the infected PC from the AVG Rescue CD.
  • As the machine starts up, you'll be asked you want to start update. Using the arrow keys and the Enter key, choose Yes.
  • In the Update Type menu, use the arrow keys and Enter key to choose Offline.
  • The drives on your computer (including the USB drive) should appear in the Volume Selection list. From the size of your USB drive, select it by moving the highlight to that drive and pressing Space. Then press Enter.
  • Read the help for selecting a directory, then press Enter.
  • Locate the directory containing the BIN file you downloaded, then press Enter.
  • Press Enter again.
  • When finished, you'll return to the Update Type Menu. Highlight Return and press Enter.

You can now choose Scan to scan the machine.

Once you’ve updated the virus definitions you can scan the system. See the links below for more instructions and examples.

Be sure to record the viruses AVG finds; you will be asked to submit this list with your unblock request. When the scan is finished, restart the computer in Windows again.

3. Run Microsoft Safety Scanner and record any viruses you find.

Microsoft Safety Scanner is available online; download it on an uninfected machine and copy it to a CD or USB drive, then run it on the infected computer. Be sure to record the viruses Safety Scanner finds (you will be asked to submit this list with your unblock request). If Safety Scanner asks you to restart your machine, do so.

4. Check for rootkits with TDSSKiller

TDSSKiller is a utility from Kaspersky Labs that has the ability to detect and remove some rootkits, even if they’re unknown. Download the utility on an uninfected machine and copy it to a CD or USB drive, then follow the directions on the page below to run it on the infected computer.

5. Install the latest critical patches.

Some software flaws allow a machine to be attacked as soon as it is attached to the network. The following patches are critical to prevent your machine from being re-infected as soon as it is unblocked. Download these patches on an uninfected machine, copy them to an optical disk or USB drive, and install them in the order listed:

Windows 7

Windows 7 64-bit

Windows Vista

Windows Vista 64-bit

Windows XP

Windows XP 64-bit

Windows 2000 Service Pack 4

6. Set passwords on all administrative accounts.

Weak and non-existent passwords are the source of many of thelatest viruses. Setting a goodpassword is critical to prevent worms from reinfecting your computer after cleaning.

7. Install and/or update anti-virus software.

There are a wide variety of free and commercial antivirus packages available for Microsoft Windows. Because your computer is blocked you will need to download the latest virus definition updates manually and copy them to the infected computer.

For use on privately-owned computers ITS recommends the use of Microsoft Security Essentials.

Machines owned by Iowa State University should use Microsoft Forefront Endpoint Protection 2010.

8. Scan your computer for viruses.

Run a full virus scan on your computer. Record all the viruses youare able to remove (you will be asked to submit this list with yourunblock request). If you are unable to remove all viruses found,restart the computer and run the scan again.

If you are still unable to remove all the viruses, start the computer in safe mode and run the scan again from safe mode.

If you are unable to remove all of the viruses in Safe Mode, or even to start the machine in Safe Mode, your machine is seriously compromised. You may want to reconsider the “reformat and reinstall” approach, or contact the Solution Center for advice.

9. Submit your request to be unblocked.

If your computer is blocked from Internet access, request an unblock to regain access after thecomputer is cleaned. To do so, send an email to (solution (at) iastate (dot) edu)
that includes:

  • The blocked computer's IP or Internet address. This can be found for the affected computer bygoing to
  • The list of the viruses you cleaned from your machine (collected in steps 3 through 6 above).
  • Leave the computer on so it can be verified as clean.

10. Install critical Windows operating system updates.

Once you’re back on the Internet, it’s time to make sure you don’t get blocked again. To install all critical Windows updates, do one of the following:

Windows XP and 2000

Windows Vista and 7

  • Click Start.
  • Select Control Panel.
  • Select Control Panel Home.
  • Select Check for Updates and follow the directions.

11. Maintain operating system updates.

Set up your computer to be regularly updated using the relevant instructions below:

12. Maintain anti-virus updates.

Set up your antivirus package to get the latest virus updates daily. If you are using Microsoft Security Essentials, your antivirus will be updated automatically. If you are using Microsoft Forefront Endpoint Protection, it will be updated along with other Windows updates (see step 11 for setting up automatic updates).

13. Maintain third-party software updates.

Much of the malicious software that infects computers nowadays exploits flaws in third-party Internet software: web browsers, media players, runtime engines, etc. It’s not enough to keep your operating system up to date; any application that can connect to the Internet must be kept current as well. This can be a tedious process.

A way to make this process easier is to use a package manager, which scans your computer for outdated software and offers links to the necessary updates. We recommend one of the Software Inspectors from Secunia:

  • Secunia Personal Software Inspector is available free for individual-owned machines. It can check for updates in the background and even install some updates automatically.
  • University-owned machines should use Secunia Corporate Software Inspector. Check with your departmental IT staff and have them contact for more details.
  • Finally, a quick check of your system for the one hundred most important applications can be done without installing any software by periodically using the Secunia Online Software Inspector.