Difference between revisions of "Winsock"

From SpybotWiki
Jump to: navigation, search
m (Usage: fixed var names)
(Examples)
Line 17: Line 17:
 
===Examples===
 
===Examples===
 
  Winsock:"MalwareLSPName","0"
 
  Winsock:"MalwareLSPName","0"
Would detect all drivers whose names begin with New.Net.
+
Would detect all drivers whose names begin with MalwareLSPName.
  
 
===Description===
 
===Description===

Revision as of 13:01, 9 April 2008

Winsock
Group Windows API
Main Application Version 1.3 or later
Required Update n/a
File Parameters no
Registry Parameters no
Build Parameters yes (fourth)
Special Parameters no

Can be used to remove Layered Service Providers. Special care needed. Do not use without asking official advise!

Usage

Winsock:<drivername(string)>,<anywhere(boolean)>,<filename(string)>[,advanced build parameters]

Examples

Winsock:"MalwareLSPName","0"

Would detect all drivers whose names begin with MalwareLSPName.

Description

This is a very powerful command, allowing you to remove Winsock driver entries, which is an absolute necessity before removing the associated files, since otherwise Internet access will be broken. Take special care with generic names; often, both malware and legit applications have just copied sample code without even changing the default driver name.

  1. The first parameter may be either a full or partial name.
  2. The second parameter needs to be set to 1 to allow substring matching anyway, set to 0 to have the matching begin at the first letter.
  3. The filename field supports Algo-Prefixes.

Scan Results

  • A special entry allowing you to properly remove the problem using the Windows API.

See also

Similar commands