I'm hoping you guys can help me out with something I've seen lately. I've had several clients get notified by their ISP via email that a trojan was detected via their IP address. These emails suggest scanning computers in their home with special tools, and then have links to those tools.

Every time I've seen these emails, I've scanned my clients computers with my usual AV tools (which are pretty thorough and powerful) and found nothing. I've tried a couple of the tools the email recommends, as the links appear completely genuine and link to sites like Microsoft.com and Symantec.com. I've not clicked on the links directly, but I've gone to the sites and found the tools myself. None of those scans have ever found any trace of the trojan they're claiming.

Just to be safe, I'll explain that the trojan is named after the Greek god of thunder. I don't want these forums to have any association with this thing on the internet.

The ISP in question is, I believe, always Cox. The email comes from what seems like a legit Cox email address, all of the links seem to have no problems, and I can't see where the scam would be here. I'm pretty sure it's NOT a scam, because I had one client get her internet access suspended twice because Cox continued to detect the trojan on her IP address, despite repeated assurances that we had scanned all the computers with the tools they recommended!

I'm asking this because I just had another client ask me about the email she got from Cox, and I'm happy to scan her computer but I know I'm going to find nothing. Every time I've seen someone discuss this on the web, it's been the same exact story: letter from Cox, scans found nothing.

Any idea what could be happening here?