Winsock

From SpybotWiki
Revision as of 16:51, 22 February 2008 by CCRDude (talk | contribs) (Usage: fixed var names)
Jump to: navigation, search
Winsock
Group Windows API
Main Application Version 1.3 or later
Required Update n/a
File Parameters no
Registry Parameters no
Build Parameters yes (fourth)
Special Parameters no

Can be used to remove Layered Service Providers. Special care needed. Do not use without asking official advise!

Usage

Winsock:<drivername(string)>,<anywhere(boolean)>,<filename(string)>[,advanced build parameters]

Examples

Winsock:"MalwareLSPName","0"

Would detect all drivers whose names begin with New.Net.

Description

This is a very powerful command, allowing you to remove Winsock driver entries, which is an absolute necessity before removing the associated files, since otherwise Internet access will be broken. Take special care with generic names; often, both malware and legit applications have just copied sample code without even changing the default driver name.

  1. The first parameter may be either a full or partial name.
  2. The second parameter needs to be set to 1 to allow substring matching anyway, set to 0 to have the matching begin at the first letter.
  3. The filename field supports Algo-Prefixes.

Scan Results

  • A special entry allowing you to properly remove the problem using the Windows API.

See also

Similar commands