winsock and DNS issues

Discussion in 'Ghost Security Suite (GSS)' started by cyberjoes, Apr 4, 2005.

Thread Status:
Not open for further replies.
  1. cyberjoes

    cyberjoes Registered Member

    Joined:
    Apr 4, 2005
    Posts:
    1
    Our ISP is having customers with winsock issues -- or apparently so
    winsockfixxp.exe tends to allow the users to browse but they soon are unable to browse again - especially after the 1st session online and then rebooting --

    The problem does not esist for 90% of customers is intermittent for most of the others and is consistent for the few remaining -- until we bring them in the shop -- Is RegDefend an answer? -- will it help identify already embedded spyware?

    Thanks in advance

    cyberjoes
     
  2. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Hi cyberjoes,

    RegDefend would be able to identify and block processes attempting to access and modify Winsock-related registry keys and subkeys:

    HKLM\SYSTEM\CurrentControlSet\Services\WinSock
    HKLM\SYSTEM\CurrentControlSet\Services\WinSock2

    Determining whether those processes are malware or not is left up to you.

    You could also use Autoruns (with "Show Winsock Providers" enabled) to compare a functioning system to a broken system and see if and how they differ.

    Nick
     
    Last edited: Apr 4, 2005
  3. Bowserman

    Bowserman Infrequent Poster

    Joined:
    Apr 15, 2003
    Posts:
    510
    Location:
    South Australia
    Further to Nick's reply, I can suggest that to help in identifying if the processes trying to access/modify the winsock registry keys are valid ones or not to do a search for them here and here.

    I would also suggest getting those that are having problems to follow the steps here to make sure their system is clean.


    Regards,
    Jade.
     
  4. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    For the majority of people you don't need any LSP providers except the ones provided by a default install. So even if you removed everything but the default you would fix the issue(s), only some people who use tools like Port Explorer, etc, would have to reinstall to regain the functionality. Though I would suggest that the sort of people with these infections wouldn't be running tools like Port Explorer in the first place.

    And yes, if you used RegDefend to protect the LSP area in the registry, you would stop these infections in the future too.
     
Thread Status:
Not open for further replies.