Backdoor:Win32/Qakbot.gen!cfg is a detection for a configuration data file and component of Backdoor:Win32/Qakbot.

Backdoor:Win32/Qakbot.H is a backdoor trojan that allows attackers unauthorized access and control of an affected computer. After a computer is infected, the trojan connects to a specific IRC server and joins a specific channel to receive commands from attackers. Commands can instruct the trojan to spread to other computers by scanning for network shares with weak passwords, exploiting Windows vulnerabilities, or possibly spreading through backdoor ports opened by other families of malicious software. The trojan may also allow attackers to perform other backdoor functions, such as launching denial of service (DoS) attacks and retrieving system information from infected computers.

Backdoor:Win32/Qakbot.gen!C is a trojan backdoor that connects to a remote server, allowing an attacker to access your computer. It can steal confidential information, such as your online banking details and email user names and passwords.

To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:

• Microsoft Defender Antivirus for Windows 10 and Windows 8.1, or Microsoft Security Essentials for Windows 7 and Windows Vista
• Microsoft Safety Scanner

This threat tries to steal sensitive and confidential information from affected users to perpetrate fraud. If you believe that your personal financial information may have been compromised, please refer to the following advisory for additional advice:

• What to do if you are a victim of fraud

It may also steal your information by recording your user names and passwords. After removal of the threat you should change your passwords. Please refer to the following advisory for tips on how to create and use passwords:

• Create strong passwords

Please also refer to the following advisory for additional advice:

• What to do if you think your account details have been stolen

For more information on this threat, read: Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks

Microsoft Defender Antivirus detects and removes this threat.

This threat can give a malicious hacker access and control of your PC. It can also steal your sensitive information, such as your bank details, and your email user names and passwords.

This threat can be installed by exploit kits, such as Sweet Orange. It can also spread using infected network and removable drives, such as USB flash drives.

Backdoor:Win32/Qakbot.gen!arc3 is a generic detection for an obfuscated file that is downloaded by variants of Win32/Qakbot. This obfuscated file may either be a configuration file or an archive file containing several components of Win32/Qakbot.

Backdoor:Win32/Qakbot.C is a trojan backdoor that connects to a remote server, allowing an attacker to access the infected system. This backdoor trojan can perform several actions including steal user information and log user keystrokes.

TrojanDownloader:JS/Qakbot.D is a detection for a trojan that attempts to download a copy of the Qakbot backdoor trojan.

TrojanDownloader:JS/Qakbot.E is a JavaScript trojan that attempts to download and install Backdoor:Win32/Qakbot.gen!A. 

The Qakbot family is a multi-component family of trojans that connect to a remote server, allowing an attacker to access the infected system. For more information on the Qakbot family, see the Win32/Qakbot family description elsewhere in the encyclopedia.

TrojanDownloader:JS/Qakbot.H is a JavaScript trojan that attempts to download and execute variants of Win32/Qakbot detected as Backdoor:Win32/Qakbot.gen!A.

Backdoor:Win32/Qakbot.gen!A is a generic detection for a trojan backdoor that connects to a remote server, allowing an attacker to access the infected system. By allowing remote access, this backdoor trojan can perform several actions including stealing information and logging user keystrokes. Some variants of this malware may attempt to spread to open shares across a network, including the default shares C$ and Admin$.