_qbot trojan

Discussion in 'ESET NOD32 Antivirus' started by shoffm, Jul 13, 2009.

Thread Status:
Not open for further replies.
  1. shoffm

    shoffm Registered Member

    Joined:
    Jul 2, 2009
    Posts:
    6
    Location:
    St. George Utah
    Has anyone seen this Trojan? It is easily cleaned but reinfects machines within a short time. I have done all updates and installed IE 8 on all of the machines. They are still getting attacked. This is worrying me because I know this _qbot is supposedly capable of stealing information and sending it out. I have not found any evidence of that yet. Has anyone seen this and been able to investigate it? I have sent files to Eset already.

    If you find this on your computer look in scheduled tasks and see if it has put a task in there to reinstall itself every 5 hours. I have noticed that on a few machines.
     
  2. malwarecide

    malwarecide Registered Member

    Joined:
    Jun 23, 2009
    Posts:
    4
    Location:
    pearl of the orient seas
    :) @ Shoffm,

    Why is your PC s are being attack again and again by this malware? Are you downloading always on your PC s .....:(
     
  3. shoffm

    shoffm Registered Member

    Joined:
    Jul 2, 2009
    Posts:
    6
    Location:
    St. George Utah
    I don't have a clue what is going on. I know for a fact that this malware is using Internet Explorer. When I find an infected machine it has several instances of Internet Explorer running in the background. I suspect that when cleaning machines I am not getting all the files off the computer. Have you ever seen this particular infection before?
     
  4. Zyrtec

    Zyrtec Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    534
    Location:
    USA
    Hi there,

    Once you clean the PCs of the virus infection, have you disabled System Restore? (I'm assuming you're either running Win XP or Win Vista)

    Regards,

    Carlos
     
  5. shoffm

    shoffm Registered Member

    Joined:
    Jul 2, 2009
    Posts:
    6
    Location:
    St. George Utah
    I have on some of them. I need to get time to go into the domain policy and disable it there for awhile. That way I can delete all of the restore points. It might be reinstalling itself from there for all I know. Funny how there is almost no information on this infection. It isn't new as far as I know.
     
Thread Status:
Not open for further replies.