Trojan Generic26.QP

[viking33]

My brother-in-law who lives and works in Turin, Italy, has advised me that his XP machine is infected with that rootkit virus listed in the subject line. The most obvious symptom is that his google searches get redirected to other sites. ( he didn't mention what sites )
I did a little googling and have found that it's a particularly difficult one to get rid of.
The Italian service provider is a so called we do everything type and they don't want him to change or download anything without their OK? Who's machine is it, his or theirs? He did have McAfee AV and Malwarebytes and Spybot and the IT guy ran them but it didn't come up with anything, They changed over to AVG and that didn't seem to do anything either. Even though AVG does list that strain of virus in it's DB.
Disregarding their orders, I asked him to look into his HOST file and look for anything suspicious. Then send me a copy. I also suggested he download ( gasp ) and install Hitmanpro.com rootkit program that some have said deletes this particular nasty. I don't know if he has dared to do this yet but does anyone have any other ideas on how to clear this up? He is not particularly computer savvy or too willing to be adventurous but possibly I can guide him via long distance methods.

[HansV]

He might try Microsoft Defender Offline, a new product from Microsoft. It's still in beta.
You install the software on a CD, DVD or Flash drive, then boot the PC with that. Since Windows isn't running on the PC, Windows Defender Offline can get at rootkits that are hard to get at while Windows is running.

[viking33]

He might try Microsoft Defender Offline, a new product from Microsoft. It's still in beta.
You install the software on a CD, DVD or Flash drive, then boot the PC with that. Since Windows isn't running on the PC, Windows Defender Offline can get at rootkits that are hard to get at while Windows is running.

Thanks, Hans.
I'll send along that link to him. It does suggest that you create the bootable media on a non-infected machine. Not sure if he has that available to him. Maybe a friend.
Meanwhile, any other ideas appreciated.

[silverback]

II have a friend who works for Sophos and he recommended their anti rootkit to me when I got a Trojan once.
Read about it here. It is

I can't offer any guarantees or even that it works - it turns out I did not have a rootkit problem.

Silverback

[viking33]

II have a friend who works for Sophos and he recommended their anti rootkit to me when I got a Trojan once.
Read about it here. It is

I can't offer any guarantees or even that it works - it turns out I did not have a rootkit problem.

Silverback

Thanks, will pass it along...hopefully!

[viking33]

Hope this doesn't require a trip to Italy.

[HansV]

Wouldn't it be nice to visit Turin?

Torino.jpg

[Argus]

Using offline scanning, as suggested by Hans, is of course good when trying to detect rootkits etc. that are hiding when the system is up and running; it can also be useful when trying to remove files since it can be difficult to get access, and it doesn't have to be a particularly nasty infection to get problems with access.

Since the service provider suggested a move to AVG, and you mention that it had found something but didn't remove it; one could take a look at their CD & USB tool:
http://forums.avg.com/ww-en/avg-forums? ... w&id=68967" onclick="window.open(this.href);return false;

On the other hand, if he doesn't have access to a clean PC...

In certain, special cases I can understand if an ISP would like to put a machine in quarantine, moving it offline, at least some years ago with all the email worms. But then it should be accompanied with support, how to clean the PC etc.