Published Jul 18, 2011 | Updated Nov 07, 2017

Backdoor:Win32/Qakbot.J

Severe |Detected with Windows Defender Antivirus

Aliases: BKDR_QAKBOT.BT (Trend Micro) Trojan-PSW.Win32.Qbot.dkg (Kaspersky) W32.Qakbot (Symantec)

Summary

Backdoor:Win32/Qakbot.J is a backdoor trojan that allows attackers unauthorized access and control of an affected computer. After a computer is infected, the trojan connects to a specific IRC server and joins a specific channel to receive commands from attackers. Commands can instruct the trojan to spread to other computers by scanning for network shares with weak passwords, exploiting Windows vulnerabilities, or possibly spreading through backdoor ports opened by other families of malicious software. The trojan may also allow attackers to perform other backdoor functions, such as launching denial of service (DoS) attacks and retrieving system information from infected computers.

Use the following free Microsoft software to detect and remove this threat:

You should also run a full scan. A full scan might find hidden malware. 

Use cloud protection 

Use cloud protection to help guard against the latest malware threats. It’s turned on by default for Microsoft Security Essentials and Windows Defender Antivirus for Windows 10. 

Go to Settings > Update & security > Windows Defender > Windows Defender Security Center > Virus & threat protection and make sure that your Cloud-based Protection settings is turned On

Get more help

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Follow us