We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Backdoor:Win32/Qakbot.gen!A
Aliases: TrojanSpy:Win32/Botinok (other) Trojan.Spy.Shoe.B (BitDefender) Win32/Qakbot!generic (CA) Trojan-Spy.Win32.Botinok.a (Kaspersky) W32/Pinkslipbot (McAfee) Mal/Qbot-B (Sophos) W32.Qakbot (Symantec) Backdoor.QBot.F (VirusBuster) Backdoor:Win32/Qbot.A (other)
Summary
Backdoor:Win32/Qakbot.gen!A is a generic detection for a trojan backdoor that connects to a remote server, allowing an attacker to access the infected system. By allowing remote access, this backdoor trojan can perform several actions including stealing information and logging user keystrokes. Some variants of this malware may attempt to spread to open shares across a network, including the default shares C$ and Admin$.
For more information on this threat, read: Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks
Use the following free Microsoft software to detect and remove this threat:
- Microsoft Defender Antivirus for Windows 10 and Windows 8.1, or Microsoft Security Essentials for Windows 7 and Windows Vista
- Microsoft Safety Scanner
You should also run a full scan. A full scan might find hidden malware.
Use cloud protection
Use cloud protection to help guard against the latest malware threats. It’s turned on by default for Microsoft Security Essentials and Microsoft Defender Antivirus for Windows 10.
Go to Settings > Update & security > Windows Defender > Windows Defender Security Center > Virus & threat protection and make sure that your Cloud-based Protection settings is turned On.
Get more help
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.
If you’re using Windows XP, see our Windows XP end of support page.
