Posted 30 October 2011 - 07:01 PM
I am the Sys Admin for a school distract in Louisiana. Last year we were hit with Qakbot (v1-7) then the new version currently v8. This is the most up-to-date version SEP12 recognizes. I have over 2000 machines with Win XP and Win 7 and maybe like 5 with vista. I am working to remove Qakbot from my network. I have blocked FTP, and pretty much every other port possible except port 80. I have been installing SEP12, but recently, it seems we were hit with another version that SEP doesnt pick up yet. I am at my wits end trying to fight this dang virus. I have shutdown scripts installing SEP and running Fixacl and updating SEP. I am not sure what to do to remove this infection, because it seems that no machine is staying clean even with up-to-date virus definitions and scanning daily.
Do any of the BleepingComputer Experts have ANY SUGGESTIONS?