Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hello! Where to Advise your MW removal experts?


  • Please log in to reply
3 replies to this topic

#1 PRG

PRG

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 23 May 2009 - 08:26 PM

Hi there!

You have a great forum here and well laid out links and information. Thanks for that!!

I have been researching my infection - _qbot aka Qakbot aka Backdoor Trojan - and have found that not only is little info available, but that I have seen it go unidentified in several help sessions around the internet.

So... I wanted to alert your experts to look out for it. A text find for _qbot will find it very handily in some logs, and in several posts. As long as it is there, it appears that it will be used to provide a conduit for further infections. It's been around for about 2 years, yet my AVG doesn't see it, as some others seem not to. I think the Trend Micro scan finds it and the Kapersky does not, though it is hard to be sure. Most of the sessions did not finalize.

Thanks again for the great service you provide by being here (and many of you for being everywhere). :D

Edited by PRG, 23 May 2009 - 08:29 PM.


BC AdBot (Login to Remove)

 


#2 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 24 May 2009 - 02:41 AM

Hi PRG,

Welcome to Bleeping Computer, it's good to see you here.

If your unsure how this board works, please have a look in the New User Orientation forum.

There is also some most useful information in the Tutorials. :thumbsup:

#3 PRG

PRG
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 26 May 2009 - 05:55 PM

Thanks for the welcome.

Please move this topic to the appropriate area where the helpers would be most likely to see it and become aware of this threat, should they not already be. Many AVs are not "seeing" this infection, even after over 2 years, it apparently opens the door to further infections. It seems to be fairly rare, yet perhaps targeted. It was most likely contracted last Thursday from one of a few innocuous websites which have been visited frequently over the past couple years, so I suspect a site hacking.

Please see these references regarding Qakbot / PinkSlipBot / _qbot*:
http://www.wilderssecurity.com/showthread.php?t=156461
http://www.symantec.com/connect/forums/new...no-removal-tool

http://forum.kaspersky.com/index.php?showtopic=81031
http://forums.techguy.org/malware-removal-...worms-oh-2.html
http://forum.avast.com/index.php?topic=34466.0

http://home.mcafee.com/VirusInfo/VirusProf...amp;ctst=1#none
http://www.symantec.com/security_response/...-99&tabid=3
http://www.superantispyware.com/malwarefil...TIOKGT.EXE.html

Most HJT help sessions I found by searching _qbot* using Google were incomplete/unresolved, so I found very little info that might lead one to the best removal solution. However, it appears that rebooting into safe mode is NOT helpful - from 2nd link above.

Edited by PRG, 26 May 2009 - 05:56 PM.


#4 PRG

PRG
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 26 May 2009 - 05:58 PM

p.s. thanks for the Tutorials link! That should be some fun reading, and I hadn't seen them before. :D




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users