Category: Computers > Security
Asked by: ian_bry-ga
List Price: $10.00
16 Apr 2006 08:46 PDT
Expires: 16 May 2006 08:46 PDT
Question ID: 719442
I seemed to have picked up a Trojan, which only appears to divert my searches when using Google. It has not been detected by my software or CWShredder. It is connected with this IP http://22.214.171.124/jump/?Terms=Paris&affiliate=and1&subid=906&alid=&direct=0&v3=Z6670590613@0jZlJ3Ym0jZlJnJx0DahZiMw42N1ITJ2Ajb3UjMlITOudTNyUSO1IkMlEDMwYjQyUSZj5kQyUSM1UUNlI3ZuFXdwVmbyZGM0UiZ2VmbjVUNlEXZipGbyhHM0USNFVTJhJmdnZnZiNGM0UiMzMjNFVTJxZncn5md5Z3cz5GM0UCWIVUNlEmdupnYxBDNlcDN1ITJ2MVNyUiTPVjMlIlU1ITJ1AVNyUSOzUjMlkjU1ITJ4AVNyUyMRVjMlUzT1ITJ2AVNyUiTOVjMlMjT1ITJPNVNyUiUPVjMlEzM1ITJxMVNyUCUSVj Ml40T1ITJ0MTNyUSMTVjMlIlU1ITJ3EVNyUCUPVjMlMjU1ITJSNTNyUCUPVjMlcDN1ITJSJVNyUyTQVjMlgjU1ITJxMTNyUCU0UjMlkzM1ITJTNVNyUCMRVjMlUUNlEndoRXdwVmbyZGM0UCN3kDOwUDN0QTR1USc2FndvBDNlgHatYmdl52YxdTNyUSey9mb5FjN1ITJ5MjM1AzNxdTNyUSc252c3UjMlknenVnLhJnLmZXZuN2c2UjMlU2czZTNyUCbnZHczZTNyUieiBnL0Fmd4JmYv5iaqp2c2UjMlMnN1ITJudTNyUyYndWdFVTJ5VGaGNTJjZmbuUmYnBnclZXcyVmRyUSdwVmbyZmRyUieiBnL0FmdndmYjZmcuI3ZuZXe2N3cuZkMlYk MlE0MlM2ZnVXP0ZCdhZ3ZnJ2YmJVPlZSPkJ3cmYjM2EDMyUDNxETPl1Wa0ZCMxADMxEDOucTM1EzMwIDT9QWasZCM0EjLy4CN04iM40DcpVnJ9QnYm0DZpRnYm0TZwlHdm0DZpxWYm0DZpFmJxUjNuATPiZSME5UQ9YWY&type=&click_id=www6_77497_16250_1145201674. Are you aware of this? I have tried Altavista and yahoo and do not encounter the same problem.
Answered By: sublime1-ga on 18 Apr 2006 14:25 PDT
ian... Thanks very much for acknowledging my work as your answer. I'll repost it here for the sake of future readers. ------------------------------------------------------------ The URL you gave is ultimately redirected to the following URL: http://www.booking.com/city/fr/paris.en.html?aid=301785&label=paris-uk There's no trojan being downloaded secretly on that page, so you must have picked it up somewhere else. I'd strongly recommend that read this previous answer I gave, on how to establish bulletproof security for your system: http://answers.google.com/answers/threadview?id=568868 Since you're already infected, I'd recommend that you download, install, and run HijackThis, as noted in that answer: - HijackThis (HJT) HijackThis is a legendary program which is of immense value if you've already been infected, or think you might have been. "HijackThis examines certain key areas of the Registry and Hard Drive and lists their contents. These are areas which are used by both legitimate programmers and hijackers." http://www.tomcoyote.org/hjt/ HJT creates a log of what it finds which can then be posted for analysis by experts such as those found here on Google Answers, or in a forum dedicated to assisting those who are infected, such as 'TomCoyote Forums', 'Geeks to Go Forums' and 'SpywareInfo Forums'. Experts can tell you precisely what entries to check for removal by HJT. One of the latest enhancements to this program is the addition of online HJT log analyzers, which can give you a leg up in analyzing them yourself: IamNotaGeek.com log parser: http://hjt.iamnotageek.com/ HijackThis log analyzer (a more graphic version): http://www.hijackthis.de/en HJT has other very useful features, including one which marks a file for deletion on reboot. This is very useful when Windows prevents you from deleting a file because it's currently in use, which happens a lot with viruses. Best regards... sublime1-ga
From: hackingguru-ga on 30 May 2006 05:47 PDT
I think HijackThis will not be able to resolve this problem in Windows Xp upto full extent, The better way is by repairing the Registry. Because.
If you feel that you have found inappropriate content, please let us know by emailing us at email@example.com with the question ID listed above. Thank you.
|Search Google Answers for|