[Dshield] how to take down a 'bot-net' ?

Keith Bergen keith at keithbergen.com
Sun Jan 18 17:47:58 GMT 2004

I am an Operator on an IRC network, and we have a similar protection scheme.
Usually, these "mirc bot" or bot-net's have open ports. We scan the IP
address to see if any known ports open, and Kline the IP if they are.

Your best bet is to:
1) run an initial antivirus sweep. One of the good ones is called the
Stinger. It is a 1-time antivirus program that should clean your computer.
Stinger is available from Network Associates at
http://vil.nai.com/vil/stinger/. An alternative is this handy online
antivirus scanner from Trend Micro:
2) Update your computer with the latest patches. I'm assuming you are
running windows. Go to http://www.windowsupdate.com and get and apply all
critical updates.
3) Get a permanent antivirus program that has auto-update features, and keep
it up-to-date.

You can read more about this from this web page that I put up. It is
specific to another virus, but will give you the links.

Hope this helps you.


-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
Of Meo
Sent: Sunday, January 18, 2004 1:36 AM
To: list at dshield.org
Subject: [Dshield] how to take down a 'bot-net' ?

My name is Hillary an I live in Malaysia. I'm desperatly need help about my
Ip address. Recently my friend had download a "mirc bot", the problem is
after that i cant remove it from my system, so to make it fast i had
duplicate "ghost" my pc with the other one... 
 the problem now is, if i run the mirc, i cant connect with the webchat.org
server.... and lastly, they told me that my IP is keep flooding... n some of
my friend say, there are bot attached and had take control my IP address...
 I really need help on this problem.... please...    
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:

More information about the list mailing list