Difference between revisions of "Winsock"
m (→Usage: fixed var names) |
(→Examples) |
||
Line 17: | Line 17: | ||
===Examples=== | ===Examples=== | ||
Winsock:"MalwareLSPName","0" | Winsock:"MalwareLSPName","0" | ||
− | Would detect all drivers whose names begin with | + | Would detect all drivers whose names begin with MalwareLSPName. |
===Description=== | ===Description=== |
Revision as of 13:01, 9 April 2008
Winsock | |
Group | Windows API |
Main Application | Version 1.3 or later |
Required Update | n/a |
File Parameters | no |
Registry Parameters | no |
Build Parameters | yes (fourth) |
Special Parameters | no |
Can be used to remove Layered Service Providers. Special care needed. Do not use without asking official advise!
Usage
Winsock:<drivername(string)>,<anywhere(boolean)>,<filename(string)>[,advanced build parameters]
Examples
Winsock:"MalwareLSPName","0"
Would detect all drivers whose names begin with MalwareLSPName.
Description
This is a very powerful command, allowing you to remove Winsock driver entries, which is an absolute necessity before removing the associated files, since otherwise Internet access will be broken. Take special care with generic names; often, both malware and legit applications have just copied sample code without even changing the default driver name.
- The first parameter may be either a full or partial name.
- The second parameter needs to be set to 1 to allow substring matching anyway, set to 0 to have the matching begin at the first letter.
- The filename field supports Algo-Prefixes.
Scan Results
- A special entry allowing you to properly remove the problem using the Windows API.