I should also mention that you will obviously still have the spyware, but if you are experiencing Winsock corruption then it will at least get you back to where you can download something like AdAware and attempt to clean the machine. I've made a killing in the past couple of months doing this for people, though, and the only real solution when it gets to this point is to wipe the machine and reload it. Too much crap gets buried into the OS. Explorer.exe gets overwritten, wininet.dll gets overwritten, all kinds of fun things. Much less of a pain to reload than to try and completely clean things out. -Shawn ----- Shawn R. Quillman Robert Bosch Corporation RBNA/CSA1 38000 Hills Tech Drive Farmington Hills, MI 48331 (248) 553-1164 (P) (248) 848-6969 (F) shawn.quillman@xxxxxxxxxxxx -----Original Message----- From: Quillman Shawn (RBNA/CSA1) * Sent: Tuesday, September 14, 2004 10:13 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Spyware Issue(s) http://www.ISAserver.org Also (for XP machines) try this to get Winsock back. Has worked like a charm for me on multiple cases of friends telling me the Internet is down. (Dammit Al Gore, you shoulda designed a network that was resistant to even a nuclear disaster!) I haven't tried it on other versions of Windows, but I would guess that uninstalling and reinstalling TCP/IP would do it. http://support.microsoft.com/?kbid=811259 ----- Shawn R. Quillman Robert Bosch Corporation RBNA/CSA1 38000 Hills Tech Drive Farmington Hills, MI 48331 (248) 553-1164 (P) (248) 848-6969 (F) shawn.quillman@xxxxxxxxxxxx -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Tuesday, September 14, 2004 10:10 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Spyware Issue(s) http://www.ISAserver.org ..like I said; beware the "reset" command if you have the ISA FWC installed. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! On Tue, 14 Sep 2004 15:37:27 +0200 "David Farinic" <davidf@xxxxxxx> wrote: http://www.ISAserver.org Yeh I saw first 1 some 4-5 m ago ... problem was that removal tools usually destroyed Winsock connectivity as part of chain in wrappers around winsock was broken by them. Its good thing that MS implemented "reset" command for LSPs I had to reorder it before with my own tools on infected computers. Only what I miss is that IE still doesn't have good "undo" to preinstalled original state. DavidFFFF -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Tuesday, September 14, 2004 3:16 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Spyware Issue(s) http://www.ISAserver.org Hi Jim, Wow, that's pretty cool. The scumware vendors are inserting LSPs now? They oughtta make a law.... ;-) Tom -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Monday, September 13, 2004 2:17 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Spyware Issue(s) http://www.ISAserver.org Sounds like you have some Winsock LSP-style spyware. This will definitely "bugger" your client-to-ISA connectivity. www.lavasoft.com Ad-aware has an LSP-plugin scanner that can help you find junk like this. Also, you can get LSP-fix www.cexx.org/lsp-fix.htm that will help you ferret out nasties like this. This mail was checked for malicious code and viruses by GFI MailSecurity. GFI MailSecurity provides email content checking, exploit detection, threats analysis and anti-virus for Exchange & SMTP servers. Viruses, Trojans, dangerous attachments and offensive content are removed automatically. Key features include: multiple virus engines; email content and attachment checking; an exploit shield; an HTML threats engine; a Trojan & Executable Scanner; and more. In addition to GFI MailSecurity, GFI also produces the GFI MailEssentials anti-spam software, the GFI FAXmaker fax server & GFI LANguard network security product ranges. For more information on our products, please visit http://www.gfi.com. This disclaimer was sent by GFI MailEssentials for Exchange/SMTP. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx