TCP/IP DNS suffix setting

Discussion in 'other security issues & news' started by Spanky, May 6, 2003.

Thread Status:
Not open for further replies.
  1. Spanky

    Spanky Registered Member

    Joined:
    May 2, 2003
    Posts:
    23
    I was rooting around in my network properties for TCP/IP [WinXP Pro SP1] and noticed under "DNS suffix for this connection" [DNS tab] some strange settings:

    D91259.tjar.com

    I starred-out some values, just in case.

    I did not enter this setting myself.

    Not trying to be paranoid. Just wondering if anyone recognizes what this might be for.

    I use a cable connection.
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    So, that name is in no way related to your ISP or anyother domain you are familiar with?
     
  3. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    Well with Pieter gone for a bit, weve lost one of our experts in this area, but I suspect Lop.com.
    What is the t*ar.com? Perhaps we can get some information from that.
    I suggest a good scan with Spybot Search and Destroy.
    http://security.kolla.de/
    Its a free download, Please install, update it and run it. I don't know of any instance where that setting has been changed that was not malware. Your ISP does not normally have the ability to change your settings for TCP/IP. Mine doesn't anyhow.
     
  4. Spanky

    Spanky Registered Member

    Joined:
    May 2, 2003
    Posts:
    23
    okay. it was lop.com

    i installed something that scanned as a trojan. it has since been eliminated. but perhaps left some settings behind.

    tjar.com

    appreciate the input.

    can u tell me what this setting does?

    how about "QoS packet scheduler"? I see a check in that box, right above "TCP/IP"

    how about "enable LMHOSTs look up? Should that be enabled?
     
  5. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    okay. it was lop.com
    --> I thought so.

    i installed something that scanned as a trojan. it has since been eliminated. but perhaps left some settings behind.
    --> Suggest you run Spybot S&D. I think that will remove all of it. I'm sorry I do not know where to find info on the specifics of lop.com. Perhaps if you do a search on this board for lop.com you will find a thread with some instructions for removing it.

    tjar.com
    -->whois shows:
    Domain servers in listed order:
    NS1.LOP.COM 66.220.17.5
    NS2.LOP.COM 66.220.17.5

    appreciate the input.
    -->You're welcome.

    can u tell me what this setting does?
    --> It tells you computer where to look first for a Domain Name Server. DNS translates an address like Wilders.com to an IP address that can be used by your computer to know where to go.

    how about "QoS packet scheduler"? I see a check in that box, right above "TCP/IP"
    --> A search on google turns up a lot. Here's one
    http://www.extremetech.com/article2/0,3973,9422,00.asp

    how about "enable LMHOSTs look up? Should that be enabled?
    --> and again Google shows many returns. I suggest you try that as in some cases it should be used and in some cases not used.

    I like to encourage people to use search options where possible because it teaches people so much more than they would learn if I just gave my little answer to their question.
    I am self taught and probably most of what I know, I learned on Google. I am always ready to try to help with those questions that require a little experience and explanation that may not be found on Google.
    So, if I can be of any further assistance, please feel free to ask, but my knowledge of TCP/IP, DNS, etc is pretty limited.
    Glad you caught that lop.com and posted here. I learned some things and others that read this may learn something too.
     
  6. Metallica

    Metallica Guest

    We could always check if there are any remains left. Please go to http://www.tomcoyote.org/hjt/, and download 'Hijack This!'.
    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log as a .txt file, and copy and paste its contents into your next post.

    Most of what it lists will be harmless, so do not fix anything yet.
     
  7. Spanky

    Spanky Registered Member

    Joined:
    May 2, 2003
    Posts:
    23
    you guys rock.

    thx for the help.

    that hijack file was impressive. it lets you click on each item and find out what it's being used for.

    i feel funny posting my config publically, where anyone can see.

    i feel confident i eliminated all tjar crap.
     
  8. Metallica

    Metallica Guest

  9. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi Spanky,
    You can disable QoS packet scheduler, it reduces your surfing speed for up to 20%. It is not necessary to be enabled. If you disable it you won't remark any problems -I disabled it a long time ago.

    Regards,

    Patrice
     
Loading...
Thread Status:
Not open for further replies.