I seemed to have picked up a Trojan, which only appears to divert my
searches when using Google. It has not been detected by my software or
CWShredder. It is connected with this IP
http://67.29.139.199/jump/?Terms=Paris&affiliate=and1&subid=906&alid=&direct=0&v3=Z6670590613@0jZlJ3Ym0jZlJnJx0DahZiMw42N1ITJ2Ajb3UjMlITOudTNyUSO1IkMlEDMwYjQyUSZj5kQyUSM1UUNlI3ZuFXdwVmbyZGM0UiZ2VmbjVUNlEXZipGbyhHM0USNFVTJhJmdnZnZiNGM0UiMzMjNFVTJxZncn5md5Z3cz5GM0UCWIVUNlEmdupnYxBDNlcDN1ITJ2MVNyUiTPVjMlIlU1ITJ1AVNyUSOzUjMlkjU1ITJ4AVNyUyMRVjMlUzT1ITJ2AVNyUiTOVjMlMjT1ITJPNVNyUiUPVjMlEzM1ITJxMVNyUCUSVj
Ml40T1ITJ0MTNyUSMTVjMlIlU1ITJ3EVNyUCUPVjMlMjU1ITJSNTNyUCUPVjMlcDN1ITJSJVNyUyTQVjMlgjU1ITJxMTNyUCU0UjMlkzM1ITJTNVNyUCMRVjMlUUNlEndoRXdwVmbyZGM0UCN3kDOwUDN0QTR1USc2FndvBDNlgHatYmdl52YxdTNyUSey9mb5FjN1ITJ5MjM1AzNxdTNyUSc252c3UjMlknenVnLhJnLmZXZuN2c2UjMlU2czZTNyUCbnZHczZTNyUieiBnL0Fmd4JmYv5iaqp2c2UjMlMnN1ITJudTNyUyYndWdFVTJ5VGaGNTJjZmbuUmYnBnclZXcyVmRyUSdwVmbyZmRyUieiBnL0FmdndmYjZmcuI3ZuZXe2N3cuZkMlYk
MlE0MlM2ZnVXP0ZCdhZ3ZnJ2YmJVPlZSPkJ3cmYjM2EDMyUDNxETPl1Wa0ZCMxADMxEDOucTM1EzMwIDT9QWasZCM0EjLy4CN04iM40DcpVnJ9QnYm0DZpRnYm0TZwlHdm0DZpxWYm0DZpFmJxUjNuATPiZSME5UQ9YWY&type=&click_id=www6_77497_16250_1145201674.
Are you aware of this? I have tried Altavista and yahoo and do not
encounter the same problem.

---

Request for Question Clarification by sublime1-ga on 16 Apr 2006 12:29 PDT

ian...

The URL you gave is ultimately redirected to the following URL:
http://www.booking.com/city/fr/paris.en.html?aid=301785&label=paris-uk

There's no trojan being downloaded secretly on that page, so you 
must have picked it up somewhere else.

I'd strongly recommend that read this previous answer I gave, on
how to establish bulletproof security for your system:
http://answers.google.com/answers/threadview?id=568868

Since you're already infected, I'd recommend that you download,
install, and run HijackThis, as noted in that answer:

- HijackThis (HJT)

HijackThis is a legendary program which is of immense
value if you've already been infected, or think you 
might have been.

"HijackThis examines certain key areas of the Registry
 and Hard Drive and lists their contents. These are areas
 which are used by both legitimate programmers and hijackers."
http://www.tomcoyote.org/hjt/

HJT creates a log of what it finds which can then be 
posted for analysis by experts such as those found here
on Google Answers, or in a forum dedicated to assisting
those who are infected, such as 'TomCoyote Forums', 
'Geeks to Go Forums' and 'SpywareInfo Forums'.

Experts can tell you precisely what entries to check for
removal by HJT.

One of the latest enhancements to this program is the
addition of online HJT log analyzers, which can give 
you a leg up in analyzing them yourself:

IamNotaGeek.com log parser:
http://hjt.iamnotageek.com/

HijackThis log analyzer (a more graphic version):
http://www.hijackthis.de/en

HJT has other very useful features, including one which
marks a file for deletion on reboot. This is very useful
when Windows prevents you from deleting a file because
it's currently in use, which happens a lot with viruses.

Let me know where this takes you, and if it resolves your
infection, I'll post it as an answer. Otherwise, you could
post a HijackThis logfile here, and we can take it from 
there...

sublime1-ga

---

Clarification of Question by ian_bry-ga on 17 Apr 2006 10:35 PDT

sublime1-ga,

Your advice in bullet proof was just what I was looking for. HJT did
the trick problem appears to be resolved and I have just downloaded
ad-ware. Please post this as answer.

Thanks,

Ian

ian...

Thanks very much for acknowledging my work as your answer.
I'll repost it here for the sake of future readers.

------------------------------------------------------------

The URL you gave is ultimately redirected to the following URL:
http://www.booking.com/city/fr/paris.en.html?aid=301785&label=paris-uk

There's no trojan being downloaded secretly on that page, so you 
must have picked it up somewhere else.

I'd strongly recommend that read this previous answer I gave, on
how to establish bulletproof security for your system:
http://answers.google.com/answers/threadview?id=568868

Since you're already infected, I'd recommend that you download,
install, and run HijackThis, as noted in that answer:

- HijackThis (HJT)

HijackThis is a legendary program which is of immense
value if you've already been infected, or think you 
might have been.

"HijackThis examines certain key areas of the Registry
 and Hard Drive and lists their contents. These are areas
 which are used by both legitimate programmers and hijackers."
http://www.tomcoyote.org/hjt/

HJT creates a log of what it finds which can then be 
posted for analysis by experts such as those found here
on Google Answers, or in a forum dedicated to assisting
those who are infected, such as 'TomCoyote Forums', 
'Geeks to Go Forums' and 'SpywareInfo Forums'.

Experts can tell you precisely what entries to check for
removal by HJT.

One of the latest enhancements to this program is the
addition of online HJT log analyzers, which can give 
you a leg up in analyzing them yourself:

IamNotaGeek.com log parser:
http://hjt.iamnotageek.com/

HijackThis log analyzer (a more graphic version):
http://www.hijackthis.de/en

HJT has other very useful features, including one which
marks a file for deletion on reboot. This is very useful
when Windows prevents you from deleting a file because
it's currently in use, which happens a lot with viruses.

Best regards...

sublime1-ga

I think HijackThis will not be able to resolve this problem in Windows
Xp upto full extent, The better way is by repairing the Registry.
Because.