Grasshopper666
Junior Member
Here's the skinny. We were just hit by Win32.Agobot and Win32.Hostblock. 10 of our PC's were hit. We did a show IP nat trans on our Cisco 2600, got a list of PC's broadcasting/connecting on port 135, I checked our DHCP server and found the PC names and disconnected them from our network. Our network is now back to normal but we have 10 users downed. We are looking into host based intrusion detection for the future but that is another post.
What I need help with now is this: Agobot is the more destructive of the two. We are trying to find a cleaning tool to clean Agobot so we can get our users back online. Can anyone recommend a tool from a reliable source that works?
CA Win32.Agobot info
Our Computer Associates Antivirus 7.x, despite having the most current definitions, and despite its claim to clean by using the system cure option DOES NOT WORK. I Googled and I saw a few cleaning tools, one of them is even from CA. I tried it - it didn't even detect Agobot. Obviously, it doesn't work, and frankly I don't trust CA any more after this experience.
Any help would be greatly appreciated.