Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Preventing QAKBOT or QBOT infections

    • Updated:
    • 16 Jun 2016
    • Product/Version:
    • Worry-Free Business Security Services 5.7
    • Worry-Free Business Security Standard/Advanced 7.0
    • Platform:
    • Windows 2003 Compute Cluster Server
    • Windows 2003 Datacenter Server
    • Windows 2003 Datacenter Server Edition 64-bit
    • Windows 2003 Enterprise Server
    • Windows 2003 Home Server
    • Windows 2003 Small Business Server
    • Windows 2003 Standard Server Edition
    • Windows 2003 Standard Server Edition 64-bit
    • Windows 2003 Storage Server
    • Windows 2003 Web Server Edition
    • Windows 2008 Datacenter Server
    • Windows 2008 Datacenter Server Edition 64-bit
    • Windows 2008 Enterprise Server
    • Windows 2008 Enterprise Server Edition 64-bit
    • Windows 2008 Essential Business Server
    • Windows 2008 Small Business Server
    • Windows 2008 Standard Server Edition
    • Windows 2008 Standard Server Edition 64-bit
    • Windows 2008 Storage Server
    • Windows 2008 Web Server Edition
    • Windows 2008 Web Server Edition 64-bit
    • Windows 7 32-bit
    • Windows 7 64-bit
    • Windows Vista 32-bit
    • Windows Vista 64-bit
    • Windows XP Home
    • Windows XP Professional
    • Windows XP Professional 64-bit
Summary

QAKBOT or QBOT is a malware that is capable of monitoring the browsing activities of the infected computer and logs all information related to finance-related websites.

It can also steal other critical information from the infected machine like:

  • Account name
  • City
  • Country
  • Internet Explorer (IE) password-protected sites
  • IE user names and passwords
  • IP address
  • MSN username and password
  • Operating system
  • Outlook username and password
  • Certificates
  • Cookies
  • Public Storage - SMTP, POP3, LDAP
  • Browsing activities
  • System information

Depending on the variant, this malware constantly downloads its components and updates from the Internet.  It can also download other malware if commanded by its server. This malware can also prevent the infected computer from accessing most of the security (antivirus/anti-malware) websites.

Details
Public

The following technologies implemented by the latest Trend Micro products are the most effective methods of preventing re-infection and future infection of the QAKBOT or QBOT malware.

VSAPI Technology

To prevent users from being infected, it is encouraged to update pattern files regularly.  Trend Micro recommends using the Smart Scan technology for better protection.

AEGIS Technology

This prevents the malware from executing even if it is undetected by the virus pattern. Below is a sample screenshot of the AEGIS feature in Worry-Free Business Security preventing a QAKBOT/QBOT malware from doing damage on a computer.

AEGIS technology prevents malware from executing

Web Reputation Service (WRS)

This stops the QAKBOT/QBOT malware from downloading other or associated malwares from the Internet.

Premium
Internal
Rating:
Category:
Configure; Remove a Malware / Virus
Solution Id:
1058159
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.