A while ago, I started noticing strange behavior in Internet Explorer. Whenever I did a search with Google, my search results would be modified to include extra links that I know Google would not return. When using View Source, as I suspected, the extra links were not in the HTML source.

I ran my AV and several spyware programs, which weren't able to detect anything wrong. So then I started to look for suspicious processes running and found one - kbdus.exe (probably random filename). I found the program in my System directory, and determined it to be the Win32/SillyDl trojan. I then did a search with another AV program that detects this trojan, eTrust, and found a copy of SillyDl.AT in my Temporary Internet Files called 77_156_i.abc.

I checked the date that this file was created and searched my computer for other files created on the same date. I found two files, both called "update", in my Temporary Internet Files. When reading these files, the contents of the first one is "none" and the other reads "dl=http://206.58.237.248/content/77_156_i.abc". Apparently, the DNS for this IP corresponds to update.requestlookup.net.

I guessing it's some kind of rogue search engine. However, I am suspicious that SillyDl is not the only trojan on my computer and it may have dropped some other trojans, backdoors or spyware into my system. I'd like to find out what. I'd also like to know exactly how this trojan got on my system. I assume it was some Windows/IE exploit, but I system should have all the recent MS patches on it.

Anyone familiar with this, or have any suggestions?