win32/qakbot

We are running CA antivirus and keep getting the win32/qakbot trojan. CA finds it and removes it but it keeps coming back. I see there was already a post or two about this from last year but I was hoping there was something out there easier to do to prevent our servers and computers from continually getting infected. CA isn't getting back to me for 2 more hours.
I have run malwarebytes which again removes it but it keeps coming back.
jtanoAsked:
Who is Participating?
 
jtanoConnect With a Mentor Author Commented:
Found we had to make sure everyones CA was updated and had to run a whole scan on all and used Kapersky on server 2000. Nothing was simple it took days to fix it.
0
 
myhcCommented:
Purchase something better. Like Norton (that's a no from me) or McAfee (ah, much better)

0
 
jtanoAuthor Commented:
Yes, we are in the process of purchasing kapersky but that is not going to help us at the moment.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
Fadi SODAH (aka madunix)Chief Information Security Officer, CISA, CISSP, CFR, ICATE, MCSE, CCNA, CCNP, CCIP, SCSC and SCECommented:
get ESET  http://www.eset.com
0
 
jtanoAuthor Commented:
So this trial will keep the virus away or will it be like malware bytes find it get rid of it then it comes back again. Which is what CA does.  
0
 
optomaCommented:
Try Hitmanpro on your machines. Scans quick and can be effective. Not a replacment for your resident AV. Personally, i like Eset but they all are gonna miss/let something by these days.
http://www.surfright.nl/en/hitmanpro
0
 
Fadi SODAH (aka madunix)Chief Information Security Officer, CISA, CISSP, CFR, ICATE, MCSE, CCNA, CCNP, CCIP, SCSC and SCECommented:
0
 
jtanoAuthor Commented:
The trial for ESET says it doesn't work for server 2000 and I did download the 32 bit one.
None of these seem to be keeping the virus away.  The comodo one requires sql express, which I can't put on this server. Any other ideas to get rid of this win32\qakbot that is infecting all of our computers. and servers. Thanks
0
 
jtanoAuthor Commented:
It also says comodo is for 2003 and up
0
 
Fadi SODAH (aka madunix)Chief Information Security Officer, CISA, CISSP, CFR, ICATE, MCSE, CCNA, CCNP, CCIP, SCSC and SCECommented:
Use one the rescue CD to boot from it in the link
http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/
for example http://www.techmixer.com/kaspersky-rescue-disk-load-kaspersky-antivirus-2009-using-dos/  Just download the iso, burn it to a cd boot from it and remove all malware / rootkits as long as they are inactive on the windows partition.

Boot-able anti virus Rescue CD method consider as the most effective way to remove the virus, trojan and malware because it track down some viruses, trojans and other malware are embedded so tightly into your operating system that when you boot Windows the normal way. Mostly virus is also loaded and cannot be detected or removed by antivirus software  running in that system. In such a case, booting antivirus rescue CD under clean environment can increase chances to track down virus easily which there no interfere from any windows OS services.
0
 
optomaCommented:
Hitman gives an error on running ?
0
 
jtanoAuthor Commented:
I was afraid to try hitman on these particular servers since everything kept crashing them. I wanted something that would keep it off and was an antivirus. Anyway I found a version of kapersky that would go on the servers and not crash them and found the trojan and so far has appeared to keep if off
0
 
jtanoAuthor Commented:
I was looking for something simple,,,turns out there isn't anything.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.