W32.Qakbot spreading through the network, via servers? And it keeps coming back!!
Hi there, I hope this is the correct form, we are using the following Symantec Corporate Anti-Virus:
Symantec System Center
Anyways on Friday afternoon a bunch of users had emailed me letting me know their computers were not working for various reasons. Upon inspection I found that we had a massive outbreak of the W32.Qakbot worm/trojan. Most computers had this covertly installed and it was not being picked up via Symantec, then once I would navigate them to the Windows folder the files would be auto protect deleted by symantec. However several users have had the same files come back over and over again. It looked like the file had permissions on it from one of our Domain Admins so I removed him as a domain admin and scanned all our servers. It got auto deleted off the servers but still seems to be spreading? I have no idea how this is happening. I did run a new live update to get the most recent definitions, I was using May 12th, now Im using the 25th.
Does anyone have any advice? Does symantec not protect against this pesky thing?