This may be something I'm totally unaware of and thus result in a stupid question, but...

I've recently tried Aqualime, and every time I enter a search it immediately finds a group of results the file name of which is the exact search term I've entered (no matter what it is!) and who's size is always 272K.

Once I downloaded the file and making sure it wasn't a trojan I launched it. It was a pr0n asf which launched pop-ups to a couple of "free" pr0n sites.

Now, the only way that could work is if some bogus client (if not Aqualime itself) somewhere on the network took the search terms in, spit out a file named after them and made it available as a result.

Is this some spy client pushing trojans and ad-links onto the network? Or am I paranoid? Has anyone else encountered this?

From what you describe it looks like its a modified verison of the Mandragoe worm.

Here (http://vil.mcafee.com/dispVirus.asp?virus_k=99024) is the mcafree virus encylopedia infomation about it.

Its spread by cloning what the user searches for so that people would download and run it. Most gnutella programs have blocked the orginal file size that it used but since then alot of varients using different file size like this are showing up. You can always tell it because it always duplicates what you searches for and it will always be avaible from a user on port 99.

The Cleaner couldn't find anything on my machine, so I guess it must be the other hosts. I'd never heard of that one before.

Yeah its other users. As long as you dont download it off of others you should be fine.

If you're ever uncertain about a search result, note the file size and then do a search for a rubbish combination of characters, like "asdfuywefb" - if that returns a file of the same size, chances are its a virus. :devil