[Dshield] how to take down a 'bot-net' ?
keith at keithbergen.com
Sun Jan 18 17:47:58 GMT 2004
I am an Operator on an IRC network, and we have a similar protection scheme.
Usually, these "mirc bot" or bot-net's have open ports. We scan the IP
address to see if any known ports open, and Kline the IP if they are.
Your best bet is to:
1) run an initial antivirus sweep. One of the good ones is called the
Stinger. It is a 1-time antivirus program that should clean your computer.
Stinger is available from Network Associates at
http://vil.nai.com/vil/stinger/. An alternative is this handy online
antivirus scanner from Trend Micro:
2) Update your computer with the latest patches. I'm assuming you are
running windows. Go to http://www.windowsupdate.com and get and apply all
3) Get a permanent antivirus program that has auto-update features, and keep
You can read more about this from this web page that I put up. It is
specific to another virus, but will give you the links.
Hope this helps you.
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
Sent: Sunday, January 18, 2004 1:36 AM
To: list at dshield.org
Subject: [Dshield] how to take down a 'bot-net' ?
My name is Hillary an I live in Malaysia. I'm desperatly need help about my
Ip address. Recently my friend had download a "mirc bot", the problem is
after that i cant remove it from my system, so to make it fast i had
duplicate "ghost" my pc with the other one...
the problem now is, if i run the mirc, i cant connect with the webchat.org
server.... and lastly, they told me that my IP is keep flooding... n some of
my friend say, there are bot attached and had take control my IP address...
I really need help on this problem.... please...
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
More information about the list