InterMute > Threat
Research
TOPicks is an Internet Explorer toolbar that shows targeted
links to other sites.
At the time of writing, the current version (1.5) of TOPicks
seems not to work properly; information here is based on what
it appears to be trying to do.
Distribution
Bundled with Grokster around July 2003.
What it does
Advertising
Other than the links (which include sponsored entries), none
known.
Privacy violation
None known.
Security issues
Yes. TOPicks can silently download and execute arbitrary
unsigned code from its controlling server tpdownload.topicks.com,
as a self-updating feature.
Stability problems
None known.
Removal
There is uninstaller executable downloaded by the updating
feature; however at the time of writing this, like the rest
of the software, does not work.
Manual removal
Open a DOS command prompt windows (from Start->Programs->Accessories),
and enter the following commands:
cd "%WinDir%\System"
regsvr32 /u "\Program Files\ToPicks\Bin\HtCheck2.dll"
regsvr32 /u "\Program Files\ToPicks\Bin\IdmUp.dll"
regsvr32 /u "\Program Files\ToPicks\Bin\TPReg.dll"
regsvr32 /u "\Program Files\ToPicks\Bin\TpBar.dll"
regsvr32 /u "\Program Files\ToPicks\Bin\DataMgr.dll"
regsvr32 /u "\Program Files\ToPicks\Bin\idmcom.dll"
regsvr32 /u "\Program Files\ToPicks\Bin\htps.dll"
(These commands may need to be changed accordingly if your
Program Files folder is called something else, for example
on a non-English Windows installation.)
Next, open the registry (Start->Run, enter regedit) and
find the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run.
If you have it, delete the entry 'ToPicks starter' (pointing
to Idhost.exe). You can also delete the key HKEY_LOCAL_MACHINE\Software\Topicks
to clean up, if you want.
Restart the computer and you should be able to delete the
'ToPicks' folder inside your Program Files folder.
|
