Jump to content
The Education Forum
  • Announcements

    • Evan Burton

      OPEN REGISTRATION BY EMAIL ONLY !!! PLEASE CLICK ON THIS TITLE FOR INFORMATION REQUIRED FOR REGISTRATION!:   06/03/2017

      We have 5 requirements for registration: 1.Sign up with your real name. (This will be your Username) 2.A valid email address 3.Your agreement to the Terms of Use, seen here: http://educationforum.ipbhost.com/index.php?showtopic=21403. 4. Your photo for use as an avatar  5.. A brief biography. We will post these for you, and send you your password. We cannot approve membership until we receive these. If you are interested, please send an email to: edforumbusiness@outlook.com We look forward to having you as a part of the Forum! Sincerely, The Education Forum Team
Sign in to follow this  
Andy Walker

SD Bot virus

Recommended Posts

My College network has recently suffered from a viral infection form a variant of the SD Bot Trojan. Our technical staff appear to be at their wits end about it and can now be found rocking quitely in their offices heads in hand.

It seems likely to me that the infection is well established and has damaged our network significantly. We have been without Internet access for several days.

There is always a tendency to "blame" on these occassions and I am concerned that the whole episode could be used to restrict student access to the Internet. I do not believe that this is the correct response.

If anyone has any sensible advice on how to rid a network of such an infection, or information on how such an infection could have occurred, or how similar events could be avoided in the future, please reply in this thread :(

Share this post


Link to post
Share on other sites

It appears that SDbot exists in various forms. Is this what you are looking for?

http://securityresponse.symantec.com/avcen...door.sdbot.html

http://securityresponse.symantec.com/avcen...r.sdbot.ae.html

http://www.2-spyware.com/remove-sdbot-trojan.html

http://www.pchell.com/virus/sdbot.shtml

I am surprised that it got into your system. Most antivirus software seems to be able to detect an invasion of SDbot, providing the data regarding new virus threats is downloaded.

Share this post


Link to post
Share on other sites
It appears that SDbot exists in various forms. Is this what you are looking for?

http://securityresponse.symantec.com/avcen...door.sdbot.html

http://securityresponse.symantec.com/avcen...r.sdbot.ae.html

http://www.2-spyware.com/remove-sdbot-trojan.html

http://www.pchell.com/virus/sdbot.shtml

I am surprised that it got into your system. Most antivirus software seems to be able to detect an invasion of SDbot, providing the data regarding new virus threats is downloaded.

So am I!

Things seem to be returning to normal now following the updating of anti virus software and a lot of hard work by our technical staff. Perhaps Graham you have some advice on the best anti virus package for a school network?

Share this post


Link to post
Share on other sites

Andy asks:

Perhaps Graham you have some advice on the best anti virus package for a school network?

I have a small home LAN, which I protect with Norton AV 2004 (Symantec). It's always worked well. The only time it let me down was around 4-5 years ago when FunLove sneaked in through a Microsoft "hole". Fun Love was the first Web-borne virus to hit me. The Web-borne viruses were fairly new at the time, and many network managers claimed that they didn't exist! Norton AV 2000 trapped FunLove but only after it had sneaked in through the hole and had already done some damage. I should have patched the hole, of course, but then Microsoft shouldn't have developed such a tacky, insecure system.

Many schools that I know use Sophos, which network managers seem to like:

Sophos: http://www.sophos.com

But you need more than just AV protection.

I use the ZoneAlarm Pro firewall - which seems very secure. If you think your system is secure from intruders then you can run a series of tests at the Gibson Research Corporation (GRC) site in the ShieldsUP! section. GRC will try to hack into your computer and report if they succeed: http://grc.com

It tried it, and GRC couldn't hack me while ZoneAlarm Pro was running.

I use MailWasher Pro to filter out email-borne viruses:

MailWasher Pro: http://www.firetrust.com

I also use SpyBot:

http://spybot.safer-networking.de - software for spotting and removing adware and spyware.

Finally, I always "wash" my system on boot-up, removing Web clutter left over from browsing sessions, cookies, etc:

Window Washer: http://www.webroot.com - a package for removing caches, cookies and other Web clutter from your computer.

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×