_qbot trojan

Has anyone seen this Trojan? It is easily cleaned but reinfects machines within a short time. I have done all updates and installed IE 8 on all of the machines. They are still getting attacked. This is worrying me because I know this _qbot is supposedly capable of stealing information and sending it out. I have not found any evidence of that yet. Has anyone seen this and been able to investigate it? I have sent files to Eset already.

If you find this on your computer look in scheduled tasks and see if it has put a task in there to reinstall itself every 5 hours. I have noticed that on a few machines.

 

@ Shoffm,

Why is your PC s are being attack again and again by this malware? Are you downloading always on your PC s .....

 

I don't have a clue what is going on. I know for a fact that this malware is using Internet Explorer. When I find an infected machine it has several instances of Internet Explorer running in the background. I suspect that when cleaning machines I am not getting all the files off the computer. Have you ever seen this particular infection before?

 

Hi there,

Once you clean the PCs of the virus infection, have you disabled System Restore? (I'm assuming you're either running Win XP or Win Vista)

Regards,

Carlos

 

I have on some of them. I need to get time to go into the domain policy and disable it there for awhile. That way I can delete all of the restore points. It might be reinstalling itself from there for all I know. Funny how there is almost no information on this infection. It isn't new as far as I know.