Re: Spyware Issue(s)

  • From: "Quillman Shawn (RBNA/CSA1) *" <Shawn.Quillman@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 14 Sep 2004 09:19:03 -0500

I should also mention that you will obviously still have the spyware,
but if you are experiencing Winsock corruption then it will at least get
you back to where you can download something like AdAware and attempt to
clean the machine.  I've made a killing in the past couple of months
doing this for people, though, and the only real solution when it gets
to this point is to wipe the machine and reload it.  Too much crap gets
buried into the OS.  Explorer.exe gets overwritten, wininet.dll gets
overwritten, all kinds of fun things.  Much less of a pain to reload
than to try and completely clean things out.

-Shawn 


-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CSA1
38000 Hills Tech Drive
Farmington Hills, MI 48331
(248) 553-1164 (P) (248) 848-6969 (F)
shawn.quillman@xxxxxxxxxxxx

-----Original Message-----
From: Quillman Shawn (RBNA/CSA1) * 
Sent: Tuesday, September 14, 2004 10:13 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Spyware Issue(s)

http://www.ISAserver.org


Also (for XP machines) try this to get Winsock back.  Has worked like a
charm for me on multiple cases of friends telling me the Internet is
down.  (Dammit Al Gore, you shoulda designed a network that was
resistant to even a nuclear disaster!)  I haven't tried it on other
versions of Windows, but I would guess that uninstalling and
reinstalling TCP/IP would do it.

http://support.microsoft.com/?kbid=811259 


-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CSA1
38000 Hills Tech Drive
Farmington Hills, MI 48331
(248) 553-1164 (P) (248) 848-6969 (F)
shawn.quillman@xxxxxxxxxxxx

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Tuesday, September 14, 2004 10:10 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Spyware Issue(s)

http://www.ISAserver.org

..like I said; beware the "reset" command if you have the ISA FWC
installed.

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!


On Tue, 14 Sep 2004 15:37:27 +0200
 "David Farinic" <davidf@xxxxxxx> wrote:
http://www.ISAserver.org

Yeh I saw first 1 some 4-5 m ago  ... problem was that removal tools
usually destroyed Winsock connectivity as part of chain in wrappers
around winsock was broken by them.

Its good thing that MS implemented "reset" command for LSPs 
I had to reorder it before with my own tools on infected computers.
Only what I miss is that IE still doesn't have good "undo" to
preinstalled original state.
DavidFFFF

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Tuesday, September 14, 2004 3:16 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Spyware Issue(s)

http://www.ISAserver.org

Hi Jim,

Wow, that's pretty cool. The scumware vendors are inserting LSPs now? 

They oughtta  make a law.... ;-)

Tom 

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Monday, September 13, 2004 2:17 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Spyware Issue(s)

http://www.ISAserver.org

Sounds like you have some Winsock LSP-style spyware.
This will definitely "bugger" your client-to-ISA connectivity.
www.lavasoft.com Ad-aware has an LSP-plugin scanner that can help you
find junk like this.
Also, you can get LSP-fix www.cexx.org/lsp-fix.htm that will help you
ferret out nasties like this.



This mail was checked for malicious code and viruses
by GFI MailSecurity. GFI MailSecurity provides email content
checking, exploit detection, threats analysis and anti-virus for
Exchange & SMTP servers. Viruses, Trojans, dangerous
attachments and offensive content are removed automatically.
Key features include: multiple virus engines; email content and
attachment checking; an exploit shield; an HTML threats engine;
a Trojan & Executable Scanner; and more.

In addition to GFI MailSecurity, GFI also produces the
GFI MailEssentials anti-spam software, the GFI FAXmaker
fax server & GFI LANguard network security product ranges.
For more information on our products, please visit
http://www.gfi.com. This disclaimer was sent by
GFI MailEssentials for Exchange/SMTP.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 09-2004