Re: Spyware Issue(s)

  • From: "David Farinic" <davidf@xxxxxxx>
  • To: "[ Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 14 Sep 2004 15:37:27 +0200

Yeh I saw first 1 some 4-5 m ago  ... problem was that removal tools
usually destroyed Winsock connectivity as part of chain in wrappers
around winsock was broken by them.

Its good thing that MS implemented "reset" command for LSPs 
I had to reorder it before with my own tools on infected computers.
Only what I miss is that IE still doesn't have good "undo" to
preinstalled original state.

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Tuesday, September 14, 2004 3:16 PM
To: [ Discussion List]
Subject: [isalist] Re: Spyware Issue(s)

Hi Jim,

Wow, that's pretty cool. The scumware vendors are inserting LSPs now? 

They oughtta  make a law.... ;-)


-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Monday, September 13, 2004 2:17 PM
To: [ Discussion List]
Subject: [isalist] Re: Spyware Issue(s)

Sounds like you have some Winsock LSP-style spyware.
This will definitely "bugger" your client-to-ISA connectivity. Ad-aware has an LSP-plugin scanner that can help you
find junk like this.
Also, you can get LSP-fix that will help you
ferret out nasties like this.

This mail was checked for malicious code and viruses
by GFI MailSecurity. GFI MailSecurity provides email content
checking, exploit detection, threats analysis and anti-virus for
Exchange & SMTP servers. Viruses, Trojans, dangerous
attachments and offensive content are removed automatically.
Key features include: multiple virus engines; email content and
attachment checking; an exploit shield; an HTML threats engine;
a Trojan & Executable Scanner; and more.

In addition to GFI MailSecurity, GFI also produces the
GFI MailEssentials anti-spam software, the GFI FAXmaker
fax server & GFI LANguard network security product ranges.
For more information on our products, please visit This disclaimer was sent by
GFI MailEssentials for Exchange/SMTP.

Other related posts: