[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1241
  • Last Modified:

how to stop the W32 Qakbot worm

There is a spread of W32 Qakbot worm on Computers with users who have Administrator rights to their computers.Does anyone know how to stop the spread
0
cbaldonieri
Asked:
cbaldonieri
2 Solutions
 
younghvCommented:
The single most important step you should take (other than eliminating surfing with Admin rights) is to make sure that all OS and Application patches/updates are in place.

MS have published an excellent review here:
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2fQakbot

Please review the suggested steps in my EE Article here:
http://www.experts-exchange.com/A_1958.html (MALWARE - "An Ounce of Prevention...")

0
 
David_HagermanCommented:
cbaldonieri younghv is correct make sure that all your machines are update but also follow the link below as Symantec have released a removal procedure to get rid of the W32 Qakbot worm

http://www.symantec.com/security_response/writeup.jsp?docid=2009-050707-0639-99&tabid=3

.Dave
0
 
Guy Hengel [angelIII / a3]Billing EngineerCommented:
I've requested that this question be deleted for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
younghvCommented:
I think the information provided in both Expert comments is sufficient to answer the actual question.

Qakbot is both preventable (first choice) and repairable (if needed).
0
 
cbaldonieriAuthor Commented:
The suggestions in reference to virus' were good reference to protection of virus' but not a solution to the w32 oakbot which we are still battleing.
I'm surprised there are not more added comments in reference to this virus.
Symantec showed  major activity on this virus and have been updating definitions two or three times a day.
Latest activity at our network has a generation 8 still happening but the numbers are getting smaller.
0
 
younghvCommented:
@cbaldonieri,
Welcome to EE - I see that this is your first question.

I wasn't really sure what you were asking in your original quesiton and was hoping that you would respond with more details.

In general, other Experts won't jump in to help if the 'Asker' hasn't responded to the initial Expert Comments.

Are you working with the folks at Symantec to get through this - or are you looking for additional advice from us?

Post back with some details of your situation and I'll be glad to look at them

0
 
cbaldonieriAuthor Commented:
I am new to Experts Exchange and was desperate for a solution at the time of the outbreak.
We are a School District with 5000 computer and this was a bad outbreak.
I'm not sure why the question would be deleted because the suggestions that were provided by others were helpful in general.
I guess just waiting for Symantec to catch up with definitions to stop the new variations of the virus is the only solution.
0
 
younghvCommented:
EE is different from most other Tech Forums - which is a good thing.

When there is no activity (Asker or Expert) in any question for 21 days, it is assigned to the "Cleanup Queue". The various Cleanup Volunteers work through all of these and try to decide 'how' the question should be closed.

To prevent one of your questions from getting in the queue, all you have to do is post a comment - just giving us a status update if nothing else.

If you have posted responses to the Expert suggestions, but aren't getting the solution you need, click on the "Request Attention" link in the bottom right corner of your original post and ask the Moderators to send out an "Expert Alert" - to get some more eyes on your question.

You do have several options other than waiting for Symantec to get caught - including MSRT from MS:
http://www.microsoft.com/security/pc-security/malware-removal.aspx

If you want some other recommendations, just let us know.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now