how to stop the W32 Qakbot worm

Posted on 2011-04-27
Last Modified: 2013-12-09
There is a spread of W32 Qakbot worm on Computers with users who have Administrator rights to their computers.Does anyone know how to stop the spread
Question by:cbaldonieri
    LVL 38

    Accepted Solution

    The single most important step you should take (other than eliminating surfing with Admin rights) is to make sure that all OS and Application patches/updates are in place.

    MS have published an excellent review here:

    Please review the suggested steps in my EE Article here: (MALWARE - "An Ounce of Prevention...")

    LVL 7

    Assisted Solution

    cbaldonieri younghv is correct make sure that all your machines are update but also follow the link below as Symantec have released a removal procedure to get rid of the W32 Qakbot worm

    LVL 142

    Expert Comment

    by:Guy Hengel [angelIII / a3]
    I've requested that this question be deleted for the following reason:

    This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
    LVL 38

    Expert Comment

    I think the information provided in both Expert comments is sufficient to answer the actual question.

    Qakbot is both preventable (first choice) and repairable (if needed).

    Author Comment

    The suggestions in reference to virus' were good reference to protection of virus' but not a solution to the w32 oakbot which we are still battleing.
    I'm surprised there are not more added comments in reference to this virus.
    Symantec showed  major activity on this virus and have been updating definitions two or three times a day.
    Latest activity at our network has a generation 8 still happening but the numbers are getting smaller.
    LVL 38

    Expert Comment

    Welcome to EE - I see that this is your first question.

    I wasn't really sure what you were asking in your original quesiton and was hoping that you would respond with more details.

    In general, other Experts won't jump in to help if the 'Asker' hasn't responded to the initial Expert Comments.

    Are you working with the folks at Symantec to get through this - or are you looking for additional advice from us?

    Post back with some details of your situation and I'll be glad to look at them


    Author Comment

    I am new to Experts Exchange and was desperate for a solution at the time of the outbreak.
    We are a School District with 5000 computer and this was a bad outbreak.
    I'm not sure why the question would be deleted because the suggestions that were provided by others were helpful in general.
    I guess just waiting for Symantec to catch up with definitions to stop the new variations of the virus is the only solution.
    LVL 38

    Expert Comment

    EE is different from most other Tech Forums - which is a good thing.

    When there is no activity (Asker or Expert) in any question for 21 days, it is assigned to the "Cleanup Queue". The various Cleanup Volunteers work through all of these and try to decide 'how' the question should be closed.

    To prevent one of your questions from getting in the queue, all you have to do is post a comment - just giving us a status update if nothing else.

    If you have posted responses to the Expert suggestions, but aren't getting the solution you need, click on the "Request Attention" link in the bottom right corner of your original post and ask the Moderators to send out an "Expert Alert" - to get some more eyes on your question.

    You do have several options other than waiting for Symantec to get caught - including MSRT from MS:

    If you want some other recommendations, just let us know.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    This article summarizes using a simple matrix to map the different type of phishing attempts and its targeted victims. It also run through many scam scheme scenario with "real" phished emails. There are safeguards highlighted to stay vigilance and h…
    You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
    Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
    With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now