I was rooting around in my network properties for TCP/IP [WinXP Pro SP1] and noticed under "DNS suffix for this connection" [DNS tab] some strange settings:

D91259.tjar.com

I starred-out some values, just in case.

I did not enter this setting myself.

Not trying to be paranoid. Just wondering if anyone recognizes what this might be for.

I use a cable connection.

So, that name is in no way related to your ISP or anyother domain you are familiar with?

Well with Pieter gone for a bit, weve lost one of our experts in this area, but I suspect Lop.com.
What is the t*ar.com? Perhaps we can get some information from that.
I suggest a good scan with Spybot Search and Destroy.
http://security.kolla.de/
Its a free download, Please install, update it and run it. I don't know of any instance where that setting has been changed that was not malware. Your ISP does not normally have the ability to change your settings for TCP/IP. Mine doesn't anyhow.

okay. it was lop.com

i installed something that scanned as a trojan. it has since been eliminated. but perhaps left some settings behind.

tjar.com

appreciate the input.

can u tell me what this setting does?

how about "QoS packet scheduler"? I see a check in that box, right above "TCP/IP"

how about "enable LMHOSTs look up? Should that be enabled?

okay. it was lop.com
--> I thought so.

i installed something that scanned as a trojan. it has since been eliminated. but perhaps left some settings behind.
--> Suggest you run Spybot S&D. I think that will remove all of it. I'm sorry I do not know where to find info on the specifics of lop.com. Perhaps if you do a search on this board for lop.com you will find a thread with some instructions for removing it.

tjar.com
-->whois shows:
Domain servers in listed order:
NS1.LOP.COM 66.220.17.5
NS2.LOP.COM 66.220.17.5

appreciate the input.
-->You're welcome.

can u tell me what this setting does?
--> It tells you computer where to look first for a Domain Name Server. DNS translates an address like Wilders.com to an IP address that can be used by your computer to know where to go.

how about "QoS packet scheduler"? I see a check in that box, right above "TCP/IP"
--> A search on google turns up a lot. Here's one
http://www.extremetech.com/article2/0,3973,9422,00.asp

how about "enable LMHOSTs look up? Should that be enabled?
--> and again Google shows many returns. I suggest you try that as in some cases it should be used and in some cases not used.

I like to encourage people to use search options where possible because it teaches people so much more than they would learn if I just gave my little answer to their question.
I am self taught and probably most of what I know, I learned on Google. I am always ready to try to help with those questions that require a little experience and explanation that may not be found on Google.
So, if I can be of any further assistance, please feel free to ask, but my knowledge of TCP/IP, DNS, etc is pretty limited.
Glad you caught that lop.com and posted here. I learned some things and others that read this may learn something too.

We could always check if there are any remains left. Please go to http://www.tomcoyote.org/hjt/, and download 'Hijack This!'.
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log as a .txt file, and copy and paste its contents into your next post.

Most of what it lists will be harmless, so do not fix anything yet.

you guys rock.

thx for the help.

that hijack file was impressive. it lets you click on each item and find out what it's being used for.

i feel funny posting my config publically, where anyone can see.

i feel confident i eliminated all tjar crap.

Spanky,

Pieter posted a thread on removing lop here: http://www.wilderssecurity.com/showthread.php?t=7487. Reading that should give you an idea what entries to look for. Don't forget to clean out your favorites.

Hi Spanky,
-{ Quote: " quoting: Spanky link=board=18;threadid=9058;start=0#58970 date=1052284473]how about "QoS packet scheduler"? I see a check in that box, right above "TCP/IP" " }-

You can disable QoS packet scheduler, it reduces your surfing speed for up to 20%. It is not necessary to be enabled. If you disable it you won't remark any problems -I disabled it a long time ago.

Regards,

Patrice