Frequently Asked Questions (FAQs)

1. What is "Cyber Swachhta Kendra" (Botnet Cleaning and Malware Analysis Centre) ?

The "Cyber Swachhta Kendra" is a Botnet Cleaning and Malware Analysis Centre (BCMAC), operated by the Indian Computer Emergency Response Team (CERT-In) as part of the Government of India’s Digital India initiative under the Ministry of Electronics and Information Technology (MeitY). Its goal is to create a secure cyber space by detecting botnet infections in India and to notify, enable cleaning and securing systems of end users so as to prevent further infections.

---

2. What does “Cyber Swachhta Kendra” (Botnet Cleaning and Malware Analysis Centre) do?

Cyber Swachhta Kendra / Botnet Cleaning and Malware Analysis Centre (BCMAC) works in collaboration with Industry and Internet Service Providers to trace Internet Protocol addresses infected by Bots and send message to end users regarding the same. Further, tools are being developed by partnering with Antivirus companies to enable individuals to clean their systems.

---

3. Who runs “Cyber Swachhta Kendra” (Botnet Cleaning and Malware Analysis Centre)?

Cyber Swachhta Kendra is being operated by the Indian Computer Emergency Response Team (CERT-In) under provisions of Section 70B of the Information Technology Act, 2000.

---

4. What is CERT-In?

CERT-In is an acronym for “Indian Computer Emergency Response Team” which is a national incident response centre for major computer security incidents in its constituency i.e. Indian Cyber community. For detail information kindly visit https://www.cert-in.org.in/

---

5. How can I report incidents to “Cyber Swachhta Kendra” (Botnet Cleaning and Malware Analysis Centre)?

Incidents can be reported to CERT­In Incident Response Help Desk at Email id

---

6. Who can report incidents to “Cyber Swachhta Kendra” (Botnet Cleaning and Malware Analysis Centre)?

All users, system administrators can report incidents to “Cyber Swachhta Kendra” (Botnet Cleaning and Malware Analysis Centre) at CERT-In help desk regarding the malicious behavior on their systems / networks along with sufficient logs for analyzing the incident and providing requisite support..

---

7. What information is available online from “Cyber Swachhta Kendra” (Botnet Cleaning and Malware Analysis Centre)?

It provides alerts and information regarding the Bots/Botnet/malware infections prevalent in India along with free-of-cost removal tools to dis-infect the systems.

---

8. Why do we need “Cyber Swachhta Kendra” (Botnet Cleaning and Malware Analysis Centre)?

Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) is needed to alert users about botnet infections and suggest remedial measures.

---

9. How much do the “Cyber Swachhta Kendra” (Botnet Cleaning and Malware Analysis Centre) services cost me?

Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) will provide the services free-of-cost. It is a Government of India initiative to make a clean and secure Indian cyber space.

---

Important Terms

---

10. What is Bot?

Bot is a software that is capable of compromising the victims’ machine and using it for further malicious activities. The activities could be directed by Bot’s command and control server.

---

11. What is Botnet?

Botnet is a network of Bots/ compromised machines that work in sync in order to perform a malicious activity.

---

12. What are botnet activities? How can it harm my computer / device?

The botnet can perform following activities to harm your computer / device (list is not exhaustive):

• information from your computer / device
• Spreading itself to other computers / devices in network, thereby increasing its scope of compromise(s)
• Downloading other malware
• Using your computer / device for launching cyber attacks such as spamming, Denial of Service (DoS), etc.

---

13. What is a removal tool?

A removal tool can be used by the user in order to detect and clean certain Bots/malware which are residing on the infected machine. Such tools enable users to run a scan of the machine against the antivirus signatures in an automated manner to detect the malwares on scanned machine and remove the malware.

---

Users' privacy related questions

---

14. Why I was advised to visit and reach this page?

You are advised to visit and reached this page because your computer / device is probably infected with type of virus/malware called ‘Bot’ and could become a part of a botnet. Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) has notified your Internet Service Provider (ISP) about the issue and advised them to send a message to you.

---

15. How do you know my computer is infected?

Your computer may be infected by bot and may connect to malicious servers, without your knowledge or consent. Cyber security companies, Law Enforcement agencies and Computer Emergency Response Teams, trace such activity while analyzing or investigating such malicious servers. Based on such analysis, it is suspected that your IP address may be infected with specific bot/malware.

---

16. How does my ISP know my computer is infected?

“Cyber Swachhta Kendra” (Botnet Cleaning and Malware Analysis Centre) sends an alert to the ISPs, specifying the IP addresses of infected systems which are part of botnet and are performing malicious activities. ISPs then reach out to the owner(s) of infected system(s) with the help of registered IP address.

---

17. Does “Cyber Swachhta Kendra” (Botnet Cleaning and Malware Analysis Centre) breaches my privacy by monitoring my online behavior or scanning my computer / device?

Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) does not monitor or scan or collect any personal information of individuals related to their online browsing or data stored in their computer(s) / device(s), hence keeping the privacy of individual’s intact.

---

Users’ queries related to computer infection

---

18. How did my computer get infected in the first place?

• Insecure browsing
• Drive-by-download attacks – visiting websites infected by malicious scripts
• Using pirated software
• Clicking on links mentioned in phishing/social engineering emails
• Opening malicious email attachments
• Malware infection via Removable Drives
• Using weak or default passwords
• Using out of date antivirus solution, operating systems and applications

---

19. How do I know that my computer is infected with a bot?

If the user witness any unusual behavior such as an unknown communication sent by the system, unidentified data consumption, self-installed application/software, etc. the computer / device should be scanned immediately with AntiVirus Scanners or Rescue disks provided freely or commercially by different antivirus vendors to detect malware/botnet infections.

---

20. How do I protect my computer against further attacks?

To avoid system compromises, it is advised to make use of licensed and genuine software, keep your system updated with latest security patches, install and maintain updated antimalware solutions, disable Autoplay /Autorun for removable drives etc. For other security Best practices kindly refer to “Security Best Practices” section on “Cyber Swachhta Kendra” (Botnet Cleaning and Malware Analysis Centre).

---

21. How do I clean my computer from infection?

To remove the malware, you need to scan your computer / device with the tools recommended on our website and take further steps to improve the security of your computer / device. We encourage you to visit the "Security Tools" section on our website to download free bot removal tool provided by our partnering antivirus companies (Quick Heal and eScan) for this initiative.

---

22. Can I use any removal tool or Antivirus other than recommended?

You may use genuine "Antivirus software" or "Removal tools" provided by reputed antivirus companies, update the same and scan your system to remove malware/bots.

---

23. Do I need to format my computer system?

No, initially it is not advised to format your system. For initial cleaning, scan your system with updated antivirus solution and remove all the detections found. Observe the system behavior for couple of days, if the infection persist in the system then it is advised to take complete backup of your important files and then format your system.

---

24. Do I need to install free/paid full version of an anti-virus solution?

It is always recommended to install a free or paid full version of the antivirus solution to protect from cyber threats.

---

25. My computer is warning me about the software piracy, what should I do?

Check the warning of specific software and install genuine licensed software.

---

26. My computer is re-infected with the same infection and I have received multiple notifications from my ISP, what should I do?

It is advised to follow best practices listed above including installation of full version of updated Antivirus software. If the problem persists, consult a security expert.

---

27. My computer is already installed with a full version of an anti-virus solution, still I have got a notification, what should I do?

Probably, your computer might be running an outdated version of Antivirus, or malware signature database might be outdated. Hence, it is advised to check for the latest update for the installed antivirus solution and then scan the infected computer for any possible sign of infections.