?
Solved

Trojan removal download recommendation

Posted on 2011-03-18
9
Medium Priority
?
968 Views
Last Modified: 2012-06-21
Yesterday some users on our network had their McAfee disabled and this morning I ran Malicious Software Removal tool from microsoft and found Malware on my computer named Backdoor:Win32/Qakbot.gen!B (partially removed) and TrojanDownloader:JS/Qakbot.F that was removed.  It recommended that I run my McAfee but I cannot get it to run, I think the Trojan disabled it?  Can you recommend any downloads I can try to fix our infected computers?
0
Comment
Question by:SCDL
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +2
9 Comments
 

Expert Comment

by:bwinkworth
ID: 35165766
Sometimes I'll resort to free online scanners. Bitdefender has one and so does trendmicro. After that I'll run hijackthis to see if there's any entries in the registry.

BW
0
 
LVL 25

Expert Comment

by:RobMobility
ID: 35165783
Hi,

You could load this:

http://service.mcafee.com/SpecializedServiceHome.aspx?lc=2057&sg=VR

Regards,


RobMobility.
0
 
LVL 25

Assisted Solution

by:RobMobility
RobMobility earned 150 total points
ID: 35165788
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Assisted Solution

by:Hapexamendios
Hapexamendios earned 300 total points
ID: 35167814
My favoured option here, when I'm not using our Sophos Bootable AV disk (Linux LiveCD with Sophos injected, proprietary) is to use on of these LiveCDs:

Dr. Web Anti-Virus: http://www.freedrweb.com/livecd
F-Secure Rescue CD: http://www.f-secure.com/linux-weblog/
Kaspersky Rescue CD: http://ftp.kaspersky.com/devbuilds/RescueDisk/

(I obtained the above URLs by downloading the program Unetbootin from SourceForge: http://unetbootin.sourceforge.net/. Unetbootin allows you to take ISOs and make a bootable USB drive using them. Part of its function is providing links to lots of LiveCDs, and it can be very useful - however here we need read-only media).

When your AV isn't working, chances are you have had a kernel-mode driver installed by the trojan. Detecting these is very tricky, and often impossible, from within the infected OS no matter what you do. Using Linux means you lower the chance of it masking itself (since it would then have to be able to do its hiding from Linux as well as Windows, meaning more code and more chance of problems).

Best of luck,
0
 
LVL 25

Accepted Solution

by:
madunix earned 300 total points
ID: 35170703
make sure you run:
ATF-Cleaner
HitManPro
Malwarebytes' Anti-Malware
SUPERAntiSpyware
COMODO System-Cleaner
Prevx


You can make bootable antivirus rescue CD
http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/
Bootable antivirus Rescue CD method consider as the most effective way to remove the virus, trojan and malware because it track down some viruses, trojans and other malware are embedded so tightly into your operating system that when you boot Windows the normal way. Mostly virus is also loaded and cannot be detected or removed by antivirus software  running in that system. In such a case, booting antivirus rescue CD under clean environment can increase chances to track down virus easily which there no interfere from any windows OS services.
0
 

Author Comment

by:SCDL
ID: 35206563
Thanks everyone for your advice.  Hapexamendios you were correct in that it had a kernel-mode driver installed by the trojan. Our 350 pc's and handful of servers were removed from the network Friday morning so I did not see the last 2 comments until after we were back up.  The trojan also disabled McAfee and prevented us from downloading solutions or recover to a previous time. Hapexamendios and Madunix you were both correct in suggesting using CD's to eliminate this nasty trojan which shall remain nameless to prevent notoriety.  McAfee created a program for us directly to eliminate it and after working thru the weekend we were 98% back up by Monday afternoon. Thanks RobMobility and bwinkworth for your quick replies but I would have been a goner without the cd's. Running Stinger was a step in the final solution so I would like to award points for that too, RobMobility.
0
 

Expert Comment

by:bwinkworth
ID: 35206580
Glad you got it all fixed up fella.

Regards,
BW
0
 

Author Closing Comment

by:SCDL
ID: 35206661
I did not get a chance to actually try  Hapexamendios and Madunix suggestions so they may also have worked.
0
 
LVL 2

Expert Comment

by:Hapexamendios
ID: 35206818
TThanks for the credit, SCDL - a pleasure to help, and as you say it looks like you took our advice without even knowing it! :)

I'd just like to add to this post, for anyone coming to it in the future, to remember that if you have an AV product with support, they probably have a way of making a bootable CD available for you to use upon request, and in most cases that will be the simplest way to sort this kind of issue.

Peace, all
0

Featured Post

Four New Appliances. Same Industry-leading Speeds.

But don't take it from us.  The Firebox M370 is Miercom tested and Miercom approved, outperforming its competitors for stateless and stateful traffic throughput scenarios.  Learn more about the M370, M470, M570 and M670 and find the right solution for your organization today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question