Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MASSIVE QAKBOT Infection


  • Please log in to reply
3 replies to this topic

#1 laser2191

laser2191

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 AM

Posted 30 October 2011 - 07:01 PM

Howdy,

I am the Sys Admin for a school distract in Louisiana. Last year we were hit with Qakbot (v1-7) then the new version currently v8. This is the most up-to-date version SEP12 recognizes. I have over 2000 machines with Win XP and Win 7 and maybe like 5 with vista. I am working to remove Qakbot from my network. I have blocked FTP, and pretty much every other port possible except port 80. I have been installing SEP12, but recently, it seems we were hit with another version that SEP doesnt pick up yet. I am at my wits end trying to fight this dang virus. I have shutdown scripts installing SEP and running Fixacl and updating SEP. I am not sure what to do to remove this infection, because it seems that no machine is staying clean even with up-to-date virus definitions and scanning daily.

Do any of the BleepingComputer Experts have ANY SUGGESTIONS?

Thanks!

--Richard Robinson

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:44 AM

Posted 31 October 2011 - 04:05 PM

Hello, Please use the W32.Qakbot removal tool found here.. L@@K
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 laser2191

laser2191
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 AM

Posted 01 November 2011 - 11:53 AM

Hello, Please use the W32.Qakbot removal tool found here.. L@@K



Hello,

Thank you for the reply. However, the removal tool you references. Is the FixAcl program I metioned in my first post. Since Qakbot likes to reset permissions to disbale SEP, Symantec put out a tool that resets permissions back to a working state. It doesnt remove the infection.

Thanks,

--Richard

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:44 AM

Posted 01 November 2011 - 12:13 PM

next
Run the Symantec Power Eraser with the Symantec Endpoint Protection Support Tool
Symantec Power Eraser User Guide

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users