Yeh I saw first 1 some 4-5 m ago ... problem was that removal tools usually destroyed Winsock connectivity as part of chain in wrappers around winsock was broken by them. Its good thing that MS implemented "reset" command for LSPs I had to reorder it before with my own tools on infected computers. Only what I miss is that IE still doesn't have good "undo" to preinstalled original state. DavidFFFF -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Tuesday, September 14, 2004 3:16 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Spyware Issue(s) http://www.ISAserver.org Hi Jim, Wow, that's pretty cool. The scumware vendors are inserting LSPs now? They oughtta make a law.... ;-) Tom -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Monday, September 13, 2004 2:17 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Spyware Issue(s) http://www.ISAserver.org Sounds like you have some Winsock LSP-style spyware. This will definitely "bugger" your client-to-ISA connectivity. www.lavasoft.com Ad-aware has an LSP-plugin scanner that can help you find junk like this. Also, you can get LSP-fix www.cexx.org/lsp-fix.htm that will help you ferret out nasties like this. This mail was checked for malicious code and viruses by GFI MailSecurity. GFI MailSecurity provides email content checking, exploit detection, threats analysis and anti-virus for Exchange & SMTP servers. Viruses, Trojans, dangerous attachments and offensive content are removed automatically. Key features include: multiple virus engines; email content and attachment checking; an exploit shield; an HTML threats engine; a Trojan & Executable Scanner; and more. In addition to GFI MailSecurity, GFI also produces the GFI MailEssentials anti-spam software, the GFI FAXmaker fax server & GFI LANguard network security product ranges. For more information on our products, please visit http://www.gfi.com. This disclaimer was sent by GFI MailEssentials for Exchange/SMTP.