My brother-in-law who lives and works in Turin, Italy, has advised me that his XP machine is infected with that rootkit virus listed in the subject line. The most obvious symptom is that his google searches get redirected to other sites. ( he didn't mention what sites )
I did a little googling and have found that it's a particularly difficult one to get rid of.
The Italian service provider is a so called we do everything type and they don't want him to change or download anything without their OK? Who's machine is it, his or theirs? He did have McAfee AV and Malwarebytes and Spybot and the IT guy ran them but it didn't come up with anything, They changed over to AVG and that didn't seem to do anything either. Even though AVG does list that strain of virus in it's DB.
Disregarding their orders, I asked him to look into his HOST file and look for anything suspicious. Then send me a copy. I also suggested he download ( gasp ) and install Hitmanpro.com rootkit program that some have said deletes this particular nasty. I don't know if he has dared to do this yet but does anyone have any other ideas on how to clear this up? He is not particularly computer savvy or too willing to be adventurous but possibly I can guide him via long distance methods.
Trojan Generic26.QP
-
- PlatinumLounger
- Posts: 5685
- Joined: 24 Jan 2010, 19:16
- Location: Cape Cod, Massachusetts,USA
Trojan Generic26.QP
BOB
______________________________________
If I agreed with you we'd both be wrong.
______________________________________
If I agreed with you we'd both be wrong.
-
- Administrator
- Posts: 78600
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: Trojan Generic26.QP
He might try Microsoft Defender Offline, a new product from Microsoft. It's still in beta.
You install the software on a CD, DVD or Flash drive, then boot the PC with that. Since Windows isn't running on the PC, Windows Defender Offline can get at rootkits that are hard to get at while Windows is running.
You install the software on a CD, DVD or Flash drive, then boot the PC with that. Since Windows isn't running on the PC, Windows Defender Offline can get at rootkits that are hard to get at while Windows is running.
Best wishes,
Hans
Hans
-
- PlatinumLounger
- Posts: 5685
- Joined: 24 Jan 2010, 19:16
- Location: Cape Cod, Massachusetts,USA
Re: Trojan Generic26.QP
Thanks, Hans.HansV wrote:He might try Microsoft Defender Offline, a new product from Microsoft. It's still in beta.
You install the software on a CD, DVD or Flash drive, then boot the PC with that. Since Windows isn't running on the PC, Windows Defender Offline can get at rootkits that are hard to get at while Windows is running.
I'll send along that link to him. It does suggest that you create the bootable media on a non-infected machine. Not sure if he has that available to him. Maybe a friend.
Meanwhile, any other ideas appreciated.
BOB
______________________________________
If I agreed with you we'd both be wrong.
______________________________________
If I agreed with you we'd both be wrong.
-
- 5StarLounger
- Posts: 780
- Joined: 29 Jan 2010, 13:30
Re: Trojan Generic26.QP
II have a friend who works for Sophos and he recommended their anti rootkit to me when I got a Trojan once.
Read about it here. It is
I can't offer any guarantees or even that it works - it turns out I did not have a rootkit problem.
Silverback
Read about it here. It is
I can't offer any guarantees or even that it works - it turns out I did not have a rootkit problem.
Silverback
-
- PlatinumLounger
- Posts: 5685
- Joined: 24 Jan 2010, 19:16
- Location: Cape Cod, Massachusetts,USA
Re: Trojan Generic26.QP
Thanks, will pass it along...hopefully!silverback wrote:II have a friend who works for Sophos and he recommended their anti rootkit to me when I got a Trojan once.
Read about it here. It is
I can't offer any guarantees or even that it works - it turns out I did not have a rootkit problem.
Silverback
BOB
______________________________________
If I agreed with you we'd both be wrong.
______________________________________
If I agreed with you we'd both be wrong.
-
- PlatinumLounger
- Posts: 5685
- Joined: 24 Jan 2010, 19:16
- Location: Cape Cod, Massachusetts,USA
Re: Trojan Generic26.QP
Hope this doesn't require a trip to Italy.
BOB
______________________________________
If I agreed with you we'd both be wrong.
______________________________________
If I agreed with you we'd both be wrong.
-
- Administrator
- Posts: 78600
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: Trojan Generic26.QP
Wouldn't it be nice to visit Turin?
You do not have the required permissions to view the files attached to this post.
Best wishes,
Hans
Hans
-
- GoldLounger
- Posts: 3081
- Joined: 24 Jan 2010, 19:07
Re: Trojan Generic26.QP
Using offline scanning, as suggested by Hans, is of course good when trying to detect rootkits etc. that are hiding when the system is up and running; it can also be useful when trying to remove files since it can be difficult to get access, and it doesn't have to be a particularly nasty infection to get problems with access.
Since the service provider suggested a move to AVG, and you mention that it had found something but didn't remove it; one could take a look at their CD & USB tool:
http://forums.avg.com/ww-en/avg-forums? ... w&id=68967" onclick="window.open(this.href);return false;
On the other hand, if he doesn't have access to a clean PC...
In certain, special cases I can understand if an ISP would like to put a machine in quarantine, moving it offline, at least some years ago with all the email worms. But then it should be accompanied with support, how to clean the PC etc.
Since the service provider suggested a move to AVG, and you mention that it had found something but didn't remove it; one could take a look at their CD & USB tool:
http://forums.avg.com/ww-en/avg-forums? ... w&id=68967" onclick="window.open(this.href);return false;
On the other hand, if he doesn't have access to a clean PC...
In certain, special cases I can understand if an ISP would like to put a machine in quarantine, moving it offline, at least some years ago with all the email worms. But then it should be accompanied with support, how to clean the PC etc.
Byelingual When you speak two languages but start losing vocabulary in both of them.