Click on screenshot to zoom
Danger level 6
Type: Adware

Qakbot Trojan

Qakbot is an extremely dangerous Trojan horse which you should remove from the computer as soon as you learn that it is present on the PC. The Qakbot Trojan enables the attacker to access and control the infected machine, resulting in a loss of credential data. Qakbot is a data stealing Trojan horse; it records your key strokes in order to get access to your account and, for example, steal your money. The Qakbot Trojan is a severe threat, so do not delay the removal.

Qakbot, also known as Trojan-Spy.Win32.Botinok.a, W32/Pinkslipbot, and Trojan.Spy.Shoe.B, may be installed on your computer by other malicious programs. Once executed, the Qakbot Trojan creates a mutex named _qbot.*, the function of which is to ensure that no additional copy of the Trojan is created on the target computer. Additionally, the Trojan creates some other files, including qbotinj.exe, qbotnti.eze, and qbot.dll, all of which are placed in the %ALLUSERPROFILE% directory.

The Qakbot infection injects malicious code in a randomly selected autostart program. By injecting itself in legimite files, such as iexplore.exe or explorer.exe, the Trojan horse prevents detection because these processes are bypassed by the firewall. This enables the infection to send the information gathered to the remote attacker without any suspicion.

To start running simultaneously with all services, the Trojan creates its randomly named registry keys in three already existing keys, which are as follows:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\

The Qakbot Trojan is capable of updating itself and receiving commands from its command and control server. The additional files include configuration files storing a list of FTP sites to which the stolen information is uploaded.

As mentioned above, the Qakbot Trojan allows remote attackers to steal login credentials; however, some other data may also be gathered by the threat. It is capable of monitoring your online behavior; more specifically, it records the URLs you visit. Moreover, it records login details FTP, IRC, and IMAP emails, your geographical location and browser version, the details of your operating system, outlook account information, DNS details, etc.

The Qakbot Trojan is a relatively old Trojan horse; it has been active since 2009 and is now attempting to find new victims.

The threat is known to be hosted on multiple domains, including hostrmeter.com, googcnt.co.in, saper.in, acadubai.org, buldrip.com, and many others.

If you suspect that your computer contains some harmful program, it is worth scanning the system. Do not way but implement a reputable scanner in order to prevent data loss. The Qakbot Trojan is a dangerous threat, and it is crucial to remove it from the computer as soon as possible.

There are multiple security programs, and we recommend using SpyHunter because this real-time security program can readily examine the system, detect and remove the Qakbot malware, and also fight off many other malicious programs.

Download Spyware Removal Tool to Remove* Qakbot Trojan
  • Quick & tested solution for Qakbot Trojan removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.