PDA

View Full Version : Software How to check if you are infected by a bot.



sez
10-03-2009, 03:51 PM
What Is a Bot (or Zombie)?

A 'bot' is a type of malware which allows an attacker to gain complete control over the affected computer. Computers that are infected with a 'bot' are generally referred to as 'zombies'. There are literally tens of thousands of computers on the Internet which are infected with some type of 'bot' and don't even realize it. Attackers are able to access lists of 'zombie' PC's and activate them to help execute DoS (denial-of-service) attacks against Web sites, host phishing attack Web sites or send out thousands of spamemail messages. Should anyone trace the attack back to its source, they will find an unwitting victim rather than the true attacker.



How to check if you are infected by a botnet and how to remove it:
Go to start and then configuration

http://img136.imageshack.us/img136/1553/step1f.jpg

Double click Windows Firewall

http://img185.imageshack.us/img185/922/step2k.jpg
Open exceptions and follow the steps in the picture
http://img19.imageshack.us/img19/8761/step3at.jpg

Download CCleaner from the official website:
http://www.ccleaner.com/

Open up CCleaner and go to tools > startup and disable & remove all unknown startup programs
http://img230.imageshack.us/img230/5050/step4i.jpg

If you can't delete the bot follow this sub-chapter:

First download Unlocker 1.8.7 from the official website:

http://ccollomb.free.fr/unlocker/

Here are some pictures for how it works
http://img176.imageshack.us/img176/7931/unlocker1871.jpg
http://img401.imageshack.us/img401/8243/unlocker1872.jpg
http://img193.imageshack.us/img193/8933/unlocker1873.jpg

How to defend yourself from botnets:
First download Sandboxie from the official website:
http://www.sandboxie.com/

[B]What is a sandboxie?[B]
http://en.wikipedia.org/wiki/Sandboxie

Always before you run/open an application that you don't trust, right click and click "Run Sandboxed"
If your downloaded application crashes,the application has a Sandboxie bypasser hence its not safe for use.

A sandboxie bypasser is some sort of code that automatically shuts down the application when run through sandboxie. It is mostly used by trojans, worms, rats etc.
http://img300.imageshack.us/img300/1450/step5.jpg

This step is optional but when you want to know whether the downloaded application has some sort of virus you may as well scan it on:
http://scanner.novirusthanks.org/

PS: Sandboxie has been used extensively to also run trial version software indefinitely.See the how to:
http://www.scribd.com/doc/14926655/Using-Sandboxie-to-Bypass-Trial-Version-Limitations-in-Software

Originally shared on:
http://liquid-security.net/forums/viewtopic.php?f=5&p=9383

darkstate01
10-03-2009, 08:35 PM
I've used sanboxie for about 6 months and its a way of testing new programs without actually installing the program on your PC,If you don't like or want the program you just delete the contents of the sanbox and its gone,no going to add/remove and uninstalling as you would normally.
And for you naughty people who use key gens etc you can run them in the sanbox and not get infected with root kits etc when you have done with the keygen just delete the sanbox and you are done...no infection.