W32.Qakbot
Updated: 21 May 2010 | 5 comments
This issue has been solved. See solution.
We are having huge problems with a variant of this virus. SEP is able to detect but not properly remove. Does anyone know of a removal tool that acutally works.
Qakbot has the ability to dublicate itself with a new name everytime you delete it.
We are using the latest version of SEP MR5 for the console but different versions of clients (MR3 and MR4)
discussion Filed Under:
Comments
Did you tried
Did you tried this
http://www.symantec.com/security_response/writeup.jsp?docid=2009-050707-0639-99&tabid=3
Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS)
Yes of course this is the
Yes of course this is the first to try. However it is not right on for our problems. It works on some machines but not for all.
I think that Qakbot has changed somewhat in the way it works and there must be more hidden settings somewhere
Also with the help of this kb
Also with the help of this kb stop the threat from spreading
Title: 'How to use Application and Device Control to limit the spread of a threat.'
Document ID: 2009041514273648
> Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2009041514273648?Open&seg=ent
create a rule to block the follwoing
qbot.*
qbotinj.*
crontab.*
Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS)
If you know the file name(s),
If you know the file name(s), have you submitted those files to Symantec yet?
We created a rule to block
We created a rule to block qbot* creation of folders/files in AD and also with policy in SEP it did not help the first day but after a couple of days most of the viruses have vanished.
The files have been submitted to Symantec since we have the default settings with submissions in the antivirus policy. I am not sure if the updated signatures since then has had any impact in catching the virus.
Would you like to reply?
Login or Register to post your comment.