Solved

win32/qakbot

Posted on 2010-11-18
13
851 Views
Last Modified: 2013-12-06
We are running CA antivirus and keep getting the win32/qakbot trojan. CA finds it and removes it but it keeps coming back. I see there was already a post or two about this from last year but I was hoping there was something out there easier to do to prevent our servers and computers from continually getting infected. CA isn't getting back to me for 2 more hours.
I have run malwarebytes which again removes it but it keeps coming back.
0
Comment
Question by:jtano
  • 7
  • 3
  • 2
  • +1
13 Comments
 
LVL 7

Expert Comment

by:myhc
ID: 34168734
Purchase something better. Like Norton (that's a no from me) or McAfee (ah, much better)

0
 

Author Comment

by:jtano
ID: 34168797
Yes, we are in the process of purchasing kapersky but that is not going to help us at the moment.
0
 
LVL 25

Expert Comment

by:madunix
ID: 34168930
get ESET  http://www.eset.com
0
 

Author Comment

by:jtano
ID: 34170198
So this trial will keep the virus away or will it be like malware bytes find it get rid of it then it comes back again. Which is what CA does.  
0
 
LVL 22

Expert Comment

by:optoma
ID: 34172943
Try Hitmanpro on your machines. Scans quick and can be effective. Not a replacment for your resident AV. Personally, i like Eset but they all are gonna miss/let something by these days.
http://www.surfright.nl/en/hitmanpro
0
 
LVL 25

Expert Comment

by:madunix
ID: 34173046
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:jtano
ID: 34179944
The trial for ESET says it doesn't work for server 2000 and I did download the 32 bit one.
None of these seem to be keeping the virus away.  The comodo one requires sql express, which I can't put on this server. Any other ideas to get rid of this win32\qakbot that is infecting all of our computers. and servers. Thanks
0
 

Author Comment

by:jtano
ID: 34179948
It also says comodo is for 2003 and up
0
 
LVL 25

Expert Comment

by:madunix
ID: 34180022
Use one the rescue CD to boot from it in the link
http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/
for example http://www.techmixer.com/kaspersky-rescue-disk-load-kaspersky-antivirus-2009-using-dos/  Just download the iso, burn it to a cd boot from it and remove all malware / rootkits as long as they are inactive on the windows partition.

Boot-able anti virus Rescue CD method consider as the most effective way to remove the virus, trojan and malware because it track down some viruses, trojans and other malware are embedded so tightly into your operating system that when you boot Windows the normal way. Mostly virus is also loaded and cannot be detected or removed by antivirus software  running in that system. In such a case, booting antivirus rescue CD under clean environment can increase chances to track down virus easily which there no interfere from any windows OS services.
0
 
LVL 22

Expert Comment

by:optoma
ID: 34180106
Hitman gives an error on running ?
0
 

Author Comment

by:jtano
ID: 34181621
I was afraid to try hitman on these particular servers since everything kept crashing them. I wanted something that would keep it off and was an antivirus. Anyway I found a version of kapersky that would go on the servers and not crash them and found the trojan and so far has appeared to keep if off
0
 

Accepted Solution

by:
jtano earned 0 total points
ID: 34443245
Found we had to make sure everyones CA was updated and had to run a whole scan on all and used Kapersky on server 2000. Nothing was simple it took days to fix it.
0
 

Author Closing Comment

by:jtano
ID: 34463306
I was looking for something simple,,,turns out there isn't anything.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now