Re: Spyware Issue(s)
- From: "David Farinic" <davidf@xxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 14 Sep 2004 15:19:10 +0200
True, Thanx...
You will need to reinstall firewall client after this command.
Regards DavidFFFF
P.S.: regarding that new spyware I was talking about I ran it via DS on
our ISA after I got to work and only McAfee found it... "StartPage-DU
found in 1.zip/1.bin"
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Tuesday, September 14, 2004 3:16 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Spyware Issue(s)
http://www.ISAserver.org
Be VERY careful with that command.
It'll also trash the ISA FWC registration, and may leave your system
unable to remove / reinstall the FWC.
..oh, yeh; it'll also break the FW clinet as well.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
On Tue, 14 Sep 2004 09:19:56 +0200
"David Farinic" <davidf@xxxxxxx> wrote:
http://www.ISAserver.org
If you have XP SP2 you can clean winsock wrappers on XP to its fresh in
stall state by this command:
netsh winsock reset catalog
Regards David|F
BTW yesterday I was removing spywares from friends computer and I found
1 which was not detected by www.lavasoft.com Ad-aware nor Norton
Antivirus
And it was blocking SP2 to be downloaded :)
I installed it from cd hoping new IE feature "manage add-ons" will show
me this spyware by nothing... its pitty that SP doest show all IE
addons...
I had to removed manually from registry and from HD.
More info about new netsh commands from
http://www.tech-recipes.com/windows_tips560.html:
Two new commands for netsh have been created in Windows XP Service Pack
2. These commands deal with Layered Service Providers or LSPs.
An LSP is software that is inserted into the Windows TCP/IP handler. As
you might imagine, any error in the LSP can prevent your network
connections from working properly.
netsh winsock reset catalog
This command resets the Winsock catalog to the default configuration.
While doing this, it removes any LSPs. This is excellent if some spyware
or other piece of software has placed the LSP and is now causing your
network connection not to work correctly. Obviously, any needed LSP
software will need to be reinstalled after this command so use it with
caution.
netsh winsock show catalog
This new command will list all the installed Winsock LSPs on your
computer
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Monday, September 13, 2004 9:17 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Spyware Issue(s)
http://www.ISAserver.org
Sounds like you have some Winsock LSP-style spyware.
This will definitely "bugger" your client-to-ISA connectivity.
www.lavasoft.com Ad-aware has an LSP-plugin scanner that can help you
find junk like this.
Also, you can get LSP-fix www.cexx.org/lsp-fix.htm that will help you
ferret out nasties like this.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
This mail was checked for malicious code and viruses
by GFI MailSecurity. GFI MailSecurity provides email content
checking, exploit detection, threats analysis and anti-virus for
Exchange & SMTP servers. Viruses, Trojans, dangerous
attachments and offensive content are removed automatically.
Key features include: multiple virus engines; email content and
attachment checking; an exploit shield; an HTML threats engine;
a Trojan & Executable Scanner; and more.
In addition to GFI MailSecurity, GFI also produces the
GFI MailEssentials anti-spam software, the GFI FAXmaker
fax server & GFI LANguard network security product ranges.
For more information on our products, please visit
http://www.gfi.com. This disclaimer was sent by
GFI MailEssentials for Exchange/SMTP.
Other related posts:
