Solved

win32/qakbot

Posted on 2010-11-18
13
855 Views
Last Modified: 2013-12-06
We are running CA antivirus and keep getting the win32/qakbot trojan. CA finds it and removes it but it keeps coming back. I see there was already a post or two about this from last year but I was hoping there was something out there easier to do to prevent our servers and computers from continually getting infected. CA isn't getting back to me for 2 more hours.
I have run malwarebytes which again removes it but it keeps coming back.
0
Comment
Question by:jtano
  • 7
  • 3
  • 2
  • +1
13 Comments
 
LVL 7

Expert Comment

by:myhc
ID: 34168734
Purchase something better. Like Norton (that's a no from me) or McAfee (ah, much better)

0
 

Author Comment

by:jtano
ID: 34168797
Yes, we are in the process of purchasing kapersky but that is not going to help us at the moment.
0
 
LVL 25

Expert Comment

by:madunix
ID: 34168930
get ESET  http://www.eset.com
0
 

Author Comment

by:jtano
ID: 34170198
So this trial will keep the virus away or will it be like malware bytes find it get rid of it then it comes back again. Which is what CA does.  
0
 
LVL 22

Expert Comment

by:optoma
ID: 34172943
Try Hitmanpro on your machines. Scans quick and can be effective. Not a replacment for your resident AV. Personally, i like Eset but they all are gonna miss/let something by these days.
http://www.surfright.nl/en/hitmanpro
0
 
LVL 25

Expert Comment

by:madunix
ID: 34173046
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:jtano
ID: 34179944
The trial for ESET says it doesn't work for server 2000 and I did download the 32 bit one.
None of these seem to be keeping the virus away.  The comodo one requires sql express, which I can't put on this server. Any other ideas to get rid of this win32\qakbot that is infecting all of our computers. and servers. Thanks
0
 

Author Comment

by:jtano
ID: 34179948
It also says comodo is for 2003 and up
0
 
LVL 25

Expert Comment

by:madunix
ID: 34180022
Use one the rescue CD to boot from it in the link
http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/
for example http://www.techmixer.com/kaspersky-rescue-disk-load-kaspersky-antivirus-2009-using-dos/  Just download the iso, burn it to a cd boot from it and remove all malware / rootkits as long as they are inactive on the windows partition.

Boot-able anti virus Rescue CD method consider as the most effective way to remove the virus, trojan and malware because it track down some viruses, trojans and other malware are embedded so tightly into your operating system that when you boot Windows the normal way. Mostly virus is also loaded and cannot be detected or removed by antivirus software  running in that system. In such a case, booting antivirus rescue CD under clean environment can increase chances to track down virus easily which there no interfere from any windows OS services.
0
 
LVL 22

Expert Comment

by:optoma
ID: 34180106
Hitman gives an error on running ?
0
 

Author Comment

by:jtano
ID: 34181621
I was afraid to try hitman on these particular servers since everything kept crashing them. I wanted something that would keep it off and was an antivirus. Anyway I found a version of kapersky that would go on the servers and not crash them and found the trojan and so far has appeared to keep if off
0
 

Accepted Solution

by:
jtano earned 0 total points
ID: 34443245
Found we had to make sure everyones CA was updated and had to run a whole scan on all and used Kapersky on server 2000. Nothing was simple it took days to fix it.
0
 

Author Closing Comment

by:jtano
ID: 34463306
I was looking for something simple,,,turns out there isn't anything.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now