A compromised computer is one that has either been infected with a virus (usually one that accesses the network/internet) or has been broken into and taken over by someone outside of that particular office. Usually (but not always), these computers are discovered attempting to access other computers (performing scans) over the network and are immediately blocked from accessing the network or the internet. Often times, the user of the compromised computer will not notice any symptoms that the computer is infected until it is blocked. Other times they may notice a slow down in computer performance or internet connection speeds. They also may notice unwanted advertisement popups appearing.

 

Compromised computers commonly attempt to connect to (scan) other computers on the network and spread whatever they are currently infected with. When this is detected, the compromised computer is immediately blocked to protect the other computers currently connect to the network & the internet. Often times, this will happen suddenly and the user of the compromised computer will notice a loss of internet connection.

 

It has been recommended that we no longer attempt to clean compromised computers. Instead, they will be formatted and re-installed immediately. This is due to the fact a large number spyware contain components that are able to continuously evade spyware & virus scans resulting in a re-infected computer nearly immediately.

1st & 2nd Time
The first two times a computer is discovered compromised, it will be formatted (erased) and the operating system completely re-installed. This is to prevent a possible third occurance from any hidden files that may not have been found by the virus/spyware scans on the prevous cleaning. When a compromised computer is discovered, the user will be contacted and asked to bring the computer in for cleaning. Computer Services will then discuss how computers can get compromised & methods to avoid being compromised in the future.

3d Time and Beyond
After the second instance of compromise, the computer will automatically be formatted each time the situation arises. A discussion may also take place in which the technician will outline the responsibilities of a computer user in regards to responsible computing and the routine maintenance (virus & spyware scans) they are expected to perform. If the condition continues to repeat, discussions may need to be held with either the computer user's supervisor and/or the NDSU IT Security Officer.

 

A computer blocked due to being compromised will not be unblocked until the technician has verified that it is clean to the best of their knowledge. Please note that technicians do NOT have the ability to turn connections back on, that responsibility falls to a specialized network team. Once a technician has cleaned a computer, all they can do is submit a request to have the computer unblocked. This process can take up to 24 hours once the request is made. Technicians will NOT submit an unblock request early.