Our ISP is having customers with winsock issues -- or apparently so
winsockfixxp.exe tends to allow the users to browse but they soon are unable to browse again - especially after the 1st session online and then rebooting --

The problem does not esist for 90% of customers is intermittent for most of the others and is consistent for the few remaining -- until we bring them in the shop -- Is RegDefend an answer? -- will it help identify already embedded spyware?

Thanks in advance

cyberjoes

{QUOTE-> Our ISP is having customers with winsock issues -- or apparently so
winsockfixxp.exe tends to allow the users to browse but they soon are unable to browse again - especially after the 1st session online and then rebooting --

The problem does not esist for 90% of customers is intermittent for most of the others and is consistent for the few remaining -- until we bring them in the shop -- Is RegDefend an answer? -- will it help identify already embedded spyware? <-QUOTE}Hi cyberjoes,

RegDefend would be able to identify and block processes attempting to access and modify Winsock-related registry keys and subkeys:

HKLM\SYSTEM\CurrentControlSet\Services\WinSock
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2

Determining whether those processes are malware or not is left up to you.

You could also use Autoruns (http://www.sysinternals.com/ntw2k/freeware/autoruns.shtml) (with "Show Winsock Providers" enabled) to compare a functioning system to a broken system and see if and how they differ.

Nick

Further to Nick's reply, I can suggest that to help in identifying if the processes trying to access/modify the winsock registry keys are valid ones or not to do a search for them here (http://www.answersthatwork.com/Tasklist_pages/tasklist_a.htm) and here (http://www.liutilities.com/products/wintaskspro/processlibrary/).

I would also suggest getting those that are having problems to follow the steps here (http://www.wilderssecurity.com/showthread.php?t=50662) to make sure their system is clean.


Regards,
Jade.

For the majority of people you don't need any LSP providers except the ones provided by a default install. So even if you removed everything but the default you would fix the issue(s), only some people who use tools like Port Explorer, etc, would have to reinstall to regain the functionality. Though I would suggest that the sort of people with these infections wouldn't be running tools like Port Explorer in the first place.

And yes, if you used RegDefend to protect the LSP area in the registry, you would stop these infections in the future too.