Solved

Trojan removal download recommendation

Posted on 2011-03-18
9
931 Views
Last Modified: 2012-06-21
Yesterday some users on our network had their McAfee disabled and this morning I ran Malicious Software Removal tool from microsoft and found Malware on my computer named Backdoor:Win32/Qakbot.gen!B (partially removed) and TrojanDownloader:JS/Qakbot.F that was removed.  It recommended that I run my McAfee but I cannot get it to run, I think the Trojan disabled it?  Can you recommend any downloads I can try to fix our infected computers?
0
Comment
Question by:SCDL
  • 2
  • 2
  • 2
  • +2
9 Comments
 

Expert Comment

by:bwinkworth
ID: 35165766
Sometimes I'll resort to free online scanners. Bitdefender has one and so does trendmicro. After that I'll run hijackthis to see if there's any entries in the registry.

BW
0
 
LVL 25

Expert Comment

by:RobMobility
ID: 35165783
Hi,

You could load this:

http://service.mcafee.com/SpecializedServiceHome.aspx?lc=2057&sg=VR

Regards,


RobMobility.
0
 
LVL 25

Assisted Solution

by:RobMobility
RobMobility earned 50 total points
ID: 35165788
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 2

Assisted Solution

by:Hapexamendios
Hapexamendios earned 100 total points
ID: 35167814
My favoured option here, when I'm not using our Sophos Bootable AV disk (Linux LiveCD with Sophos injected, proprietary) is to use on of these LiveCDs:

Dr. Web Anti-Virus: http://www.freedrweb.com/livecd
F-Secure Rescue CD: http://www.f-secure.com/linux-weblog/
Kaspersky Rescue CD: http://ftp.kaspersky.com/devbuilds/RescueDisk/

(I obtained the above URLs by downloading the program Unetbootin from SourceForge: http://unetbootin.sourceforge.net/. Unetbootin allows you to take ISOs and make a bootable USB drive using them. Part of its function is providing links to lots of LiveCDs, and it can be very useful - however here we need read-only media).

When your AV isn't working, chances are you have had a kernel-mode driver installed by the trojan. Detecting these is very tricky, and often impossible, from within the infected OS no matter what you do. Using Linux means you lower the chance of it masking itself (since it would then have to be able to do its hiding from Linux as well as Windows, meaning more code and more chance of problems).

Best of luck,
0
 
LVL 25

Accepted Solution

by:
madunix earned 100 total points
ID: 35170703
make sure you run:
ATF-Cleaner
HitManPro
Malwarebytes' Anti-Malware
SUPERAntiSpyware
COMODO System-Cleaner
Prevx


You can make bootable antivirus rescue CD
http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/
Bootable antivirus Rescue CD method consider as the most effective way to remove the virus, trojan and malware because it track down some viruses, trojans and other malware are embedded so tightly into your operating system that when you boot Windows the normal way. Mostly virus is also loaded and cannot be detected or removed by antivirus software  running in that system. In such a case, booting antivirus rescue CD under clean environment can increase chances to track down virus easily which there no interfere from any windows OS services.
0
 

Author Comment

by:SCDL
ID: 35206563
Thanks everyone for your advice.  Hapexamendios you were correct in that it had a kernel-mode driver installed by the trojan. Our 350 pc's and handful of servers were removed from the network Friday morning so I did not see the last 2 comments until after we were back up.  The trojan also disabled McAfee and prevented us from downloading solutions or recover to a previous time. Hapexamendios and Madunix you were both correct in suggesting using CD's to eliminate this nasty trojan which shall remain nameless to prevent notoriety.  McAfee created a program for us directly to eliminate it and after working thru the weekend we were 98% back up by Monday afternoon. Thanks RobMobility and bwinkworth for your quick replies but I would have been a goner without the cd's. Running Stinger was a step in the final solution so I would like to award points for that too, RobMobility.
0
 

Expert Comment

by:bwinkworth
ID: 35206580
Glad you got it all fixed up fella.

Regards,
BW
0
 

Author Closing Comment

by:SCDL
ID: 35206661
I did not get a chance to actually try  Hapexamendios and Madunix suggestions so they may also have worked.
0
 
LVL 2

Expert Comment

by:Hapexamendios
ID: 35206818
TThanks for the credit, SCDL - a pleasure to help, and as you say it looks like you took our advice without even knowing it! :)

I'd just like to add to this post, for anyone coming to it in the future, to remember that if you have an AV product with support, they probably have a way of making a bootable CD available for you to use upon request, and in most cases that will be the simplest way to sort this kind of issue.

Peace, all
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Assess risks for an e-Payment system 15 108
Can cell phone tracking be initiated by opening a text? 15 101
no display on laptop 5 79
Botnet detection help me please 21 111
Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now