Trojan removal download recommendation

Yesterday some users on our network had their McAfee disabled and this morning I ran Malicious Software Removal tool from microsoft and found Malware on my computer named Backdoor:Win32/Qakbot.gen!B (partially removed) and TrojanDownloader:JS/Qakbot.F that was removed.  It recommended that I run my McAfee but I cannot get it to run, I think the Trojan disabled it?  Can you recommend any downloads I can try to fix our infected computers?
SCDLAsked:
Who is Participating?
 
madunixConnect With a Mentor Commented:
make sure you run:
ATF-Cleaner
HitManPro
Malwarebytes' Anti-Malware
SUPERAntiSpyware
COMODO System-Cleaner
Prevx


You can make bootable antivirus rescue CD
http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/
Bootable antivirus Rescue CD method consider as the most effective way to remove the virus, trojan and malware because it track down some viruses, trojans and other malware are embedded so tightly into your operating system that when you boot Windows the normal way. Mostly virus is also loaded and cannot be detected or removed by antivirus software  running in that system. In such a case, booting antivirus rescue CD under clean environment can increase chances to track down virus easily which there no interfere from any windows OS services.
0
 
bwinkworthCommented:
Sometimes I'll resort to free online scanners. Bitdefender has one and so does trendmicro. After that I'll run hijackthis to see if there's any entries in the registry.

BW
0
 
Rob KnightConsultantCommented:
Hi,

You could load this:

http://service.mcafee.com/SpecializedServiceHome.aspx?lc=2057&sg=VR

Regards,


RobMobility.
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
Rob KnightConnect With a Mentor ConsultantCommented:
0
 
HapexamendiosConnect With a Mentor Commented:
My favoured option here, when I'm not using our Sophos Bootable AV disk (Linux LiveCD with Sophos injected, proprietary) is to use on of these LiveCDs:

Dr. Web Anti-Virus: http://www.freedrweb.com/livecd
F-Secure Rescue CD: http://www.f-secure.com/linux-weblog/
Kaspersky Rescue CD: http://ftp.kaspersky.com/devbuilds/RescueDisk/

(I obtained the above URLs by downloading the program Unetbootin from SourceForge: http://unetbootin.sourceforge.net/. Unetbootin allows you to take ISOs and make a bootable USB drive using them. Part of its function is providing links to lots of LiveCDs, and it can be very useful - however here we need read-only media).

When your AV isn't working, chances are you have had a kernel-mode driver installed by the trojan. Detecting these is very tricky, and often impossible, from within the infected OS no matter what you do. Using Linux means you lower the chance of it masking itself (since it would then have to be able to do its hiding from Linux as well as Windows, meaning more code and more chance of problems).

Best of luck,
0
 
SCDLAuthor Commented:
Thanks everyone for your advice.  Hapexamendios you were correct in that it had a kernel-mode driver installed by the trojan. Our 350 pc's and handful of servers were removed from the network Friday morning so I did not see the last 2 comments until after we were back up.  The trojan also disabled McAfee and prevented us from downloading solutions or recover to a previous time. Hapexamendios and Madunix you were both correct in suggesting using CD's to eliminate this nasty trojan which shall remain nameless to prevent notoriety.  McAfee created a program for us directly to eliminate it and after working thru the weekend we were 98% back up by Monday afternoon. Thanks RobMobility and bwinkworth for your quick replies but I would have been a goner without the cd's. Running Stinger was a step in the final solution so I would like to award points for that too, RobMobility.
0
 
bwinkworthCommented:
Glad you got it all fixed up fella.

Regards,
BW
0
 
SCDLAuthor Commented:
I did not get a chance to actually try  Hapexamendios and Madunix suggestions so they may also have worked.
0
 
HapexamendiosCommented:
TThanks for the credit, SCDL - a pleasure to help, and as you say it looks like you took our advice without even knowing it! :)

I'd just like to add to this post, for anyone coming to it in the future, to remember that if you have an AV product with support, they probably have a way of making a bootable CD available for you to use upon request, and in most cases that will be the simplest way to sort this kind of issue.

Peace, all
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.