Security News > 2023 > August > How the FBI nuked Qakbot malware from infected Windows PCs

The FBI announced today the disruption of the Qakbot botnet in an international law enforcement operation that not only seized infrastructure but also uninstalled the malware from infected devices.

Before we learn how the FBI uninstalled Qakbot from computers, it is essential to understand how the malware was distributed, what malicious behavior it performed, and who utilized it.

As part of today's announcement, the FBI states that they were able to dismantle the botnet by seizing the attacker's server infrastructure and creating a special removal tool that uninstalled the Qakbot malware from infected devices.

Based on an analysis of the FBI module by SecureWorks, this custom DLL file issued the QPCMD BOT SHUTDOWN command to the Qakbot malware running on infected devices, which causes the malware process to stop running.

As no notifications will be displayed on infected devices when the malware is removed, you can use these services to see if your credentials were stolen, indicating that you may have at one point been infected with the Qakbot malware.

The FBI previously received court approval to remove the Russian Snake data theft malware and the Emotet malware from infected devices, as well as web shells on Microsoft Exchange servers deployed in ProxyLogon attacks.

News URL

https://www.bleepingcomputer.com/news/security/how-the-fbi-nuked-qakbot-malware-from-infected-windows-pcs/