Available virus engines detect the bots by searching the known signatures of virus patterns or network behaviors. Virus behavior contained several signatures and variant is generally built by altering part of signatures, hinting them via self-modification or polymorphic techniques, so that variant can avoid detection. Antivirus software is capable of assisting users to detect and clear malwares, but can not set the victim computers fully back to initial settings. In some situations, operation system need be installed over again, if it has infected dangerously. To resolve this problem, we developed a digital antidote for bots in previous study for virus immune via backup of the archives of important system files. The feature of our works is to develop a new antidote using analysis of common signatures of bot samples by means of aggregating the attack events with the embedding monitor agents, and then sending them to virus monitoring center for further examinations. Experimental results show that the proposed approach is a useful design to reduce the bot threats as well as effectively provide the protection of information security on campus networks.