nearly half a million pc's still infected with szribi botnet, are you one of them ? : A secure democratic Net is a fundamental right

« after DNS flux to protect botnets, here comes domainflux | HomePage | 40 IT related ebooks on scribd.com »

11/27/2008

nearly half a million pc's still infected with szribi botnet, are you one of them ?

advice One of the more straightforward methods to determine a Srizbi infection is to check proxy and/or firewall logs. You can pinpoint specific computer(s) that are Srizbi-infected by checking for any computers that have made outbound HTTP connection requests from your network to our Srizbi monitoring IP addresses 75.127.68.122 or 64.22.92.154 since November 12, 2008

How to clean

Srizbi installs a rootkit that hides its changes to system files and registries. Therefore, cleaning it off your system is not a straightforward process. In environments where periodic system snapshots are taken, it will be easier to perform a system restore from a known clean snapshot.

For the environments where clean restoration is not possible, we have provided some self-serve steps at the link below.

NOTE: Before reverting to a prior snapshot or using the following steps, backup all user data in case cleanup fails.

Srizbi rootkit removal instructions