"A new WinsockLSP has been added"

[Lloyd]

This message was displayed on boot-up. I think it is
coming from beta1.

Can anyone shed any light on this, please???

 

[Ron Kinner]

Winsock LSP are little programs that fit in the gap
between the application and the TCP/IP stack. Some
malwares add their own hook so they can see and control
where you go. MS AntiSpy | Advanced Tools | System
Explorers | Networking has an lsp section where you can
see what is there and I assume it will let you delete any
nasties.

There are two programs which also work against the malware
lsps. lspfix.exe and winsockxpfix.exe.

http://www.cexx.org/lspfix.htm

offers lspfix.exe and a good explanation. Their link to
winsockxpfix.exe is broken but you can get it at

http://www.iup.edu/house/resnet/winfix.shtm

These are sometimes the only way short of reinstalling
your system to get back on the internet after removing the
malware.

Ron Kinner MVP Servers

 

[Bill Sanderson]

This could be a malicious issue, or innocent.

Are you running a third-party VPN client, or McAfee Privacy or some Internet
security product which loads at start-time?

 

[Alan]

An LSP is a "hook" in the TCP/IP stack, usually. I've seen
some viruses and spyware actually add this hook which
requires all TCP/IP communications to pass through the
spyware program that inserted it (or at least a DLL owned
by it).

When I've run into this, I've used a utility called LSPFix
which allows you to see all of the hooks in the TCP/IP
stack. Some spyware detection tools (haven't yet run into
it with the MS AntiSpyware tool) will remove the offending
DLL (or at least notify you of its existance), but then you
have to use the LSPFix program to remove the "hook" from
the list of required files in the TCP/IP stack.

Confusing, yes...

Download LSPFix: http://www.spychecker.com/program/lspfix.html

Be careful that you only remove files that you know to be
spyware or virus components.

Hope this helps...

 

[Bill Sanderson]

One other thing to suggest--Microsoft Antispyware includes a tool:

Tools, advanced tools, system explorers, Winsock LSP's which will allow you
to see the list of LSP's

My system has about 36--some IPV6, for example. I don't have any third
party ones. The system ones are clearly described.

 

[Lloyd]

No. Not intentionally.

-----Original Message-----
This could be a malicious issue, or innocent.

Are you running a third-party VPN client, or McAfee Privacy or some Internet
security product which loads at start-time?





.

 

[Lloyd]

Thanks very much. I did this and found 19 LSP's listed.
Every one of them shows Microsoft as the publisher. 17
start with MSAFD, 2 start with RSVP.

Do I have a problem, or is this a false message?

I am reticent to use the tools suggested, but will do so
if I can be reasonably certain that there really is a
problem.

 

[Bill Sanderson]

That is comparable to what I see on my own machine.

It'd be nice to know what is triggering the alert message, though.

In Microsoft Antispyware, if you go to tools, real-time protection, view all
blocked events, can you get any detail on this event--anything you can cut
and paste here?

 

[codemastr]

Thanks very much. I did this and found 19 LSP's listed.
Every one of them shows Microsoft as the publisher. 17
start with MSAFD, 2 start with RSVP.

Do any of those NOT have a "star" icon next to them? The "star" means that
they are safe. If you see any other icons, that would indicate the problem.