tdmy.com/pas

Discussion in 'SpywareBlaster & Other Forum' started by schooner, Dec 18, 2002.

Thread Status:
Not open for further replies.
  1. schooner

    schooner Guest

    whenever I start up my computer or change websites I end up with a toolbar at the bottom of my screen from tdmy.com/pas... no matter what I've tried I can't get rid of it...this locks up my system constantly

    Thanks for any help you can provide
     
    schooner, Dec 18, 2002
    #1
  2. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    4,099
    I'm assuming you've already tried SpywareBlaster. ;) If so, it sounds like this may be something new.

    In fact, it sounds like it is related to Lop.com (not to mention the website you posted goes to a lop.com page). You may be able to delete it from your system by downloading the following software.

    Instead of disabling or protecting, try cleaning your system with Spybot S & D from http://security.kolla.de
    Get the latest updates for it by going to the Online tab, and then scan your system. Items in red are spyware and can be removed by pressing the "Fix Selected Problems" button. If this detects the hijacker you have, great. If it doesn't please post again and I'll walk you through some additional steps so we can figure out what it is, where it is stored, and how to get rid of it.

    Good luck,

    -Javacool
     
    javacool, Dec 18, 2002
    #2
  3. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,361
    Location:
    The Netherlands
    SpyBot will remove most of LOP, but may not get rid of the redirection problem.

    If running SpyBot (don't forget to install the latest updates first) doesn't solve it, do this:

    Copy the bold to Notepad, and save as lop.reg
    Doubleclick. Answer yes when asked whether you want the contents of lop.reg added to the registry, and reboot when you're done.


    REGEDIT4

    [-HKEY_CLASSES_ROOT\CLSID\{07C0D34D-11D7-43F7-832B-C6BB41726F5F}]

    [-HKEY_CLASSES_ROOT\CLSID\{9B35A850-66AB-4c6d-8A66-136ECADCD904}]

    [-HKEY_CLASSES_ROOT\CLSID\{D44B5436-B3E4-4595-B0E9-106690E70A58}]

    [-HKEY_CLASSES_ROOT\Proto.handler]

    [-HKEY_CLASSES_ROOT\PROTOCOLS\Handler\ayb]

    [-HKEY_CLASSES_ROOT\Swish.BrowserHelper]

    [-HKEY_CLASSES_ROOT\Swish.BrowserHelper.1]

    [-HKEY_CLASSES_ROOT\Swish.ToolBand]

    [-HKEY_CLASSES_ROOT\Swish.ToolBand.1]

    [-HKEY_CLASSES_ROOT\TypeLib\{C65CAD7F-E382-4B90-95C6-89123D0AEE61}]

    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{D44B5436-B3E4-4595-B0E9-106690E70A58}]

    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Backup]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
    "domain"=""

    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\MSTCP]
    "domain"=""



    If even that doesn't get rid of all of it, do a Registry search for tdmy.com

    Start > Run > Regedit, then Edit > Find

    You may find one or two left in "Domain"registry values in Subkeys to this Registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces

    Note that you need to press F3 after the first 'hit' to force Regedit to search for the next one. Keep on doing that until the entire Registry has been searched.

    Once found, doubleclick that Domain=tdmy.com value in the right hand pane in order to bring up the 'edit' box, and delete tdmy.com in the Value Data box to leave it empty, and press 'OK'.

    Reboot, and test again.
     
    TonyKlein, Dec 19, 2002
    #3
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...