Using LSP-Fix to remove O10 Entries in HijackThis

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > Spyware and Malware Removal Guides and Reading Room

How to use the self-help guides

This forum contains self-help guides on removing common malware and viruses. These guides can be advanced so please use them at your own risk.

If after following the self-help guide, or you can not find an appropriate guide, then you can receive step-by-step instructions directly from one of our experts by following the instructions in this topic: Preparation Guide For Use Before Posting A Hijackthis Log

Using LSP-Fix to remove O10 Entries in HijackThis, Self-Help Guide

Options

Grinler View Member Profile	Oct 4 2004, 11:35 AM Post #1
Bleep Bleep! Group: Admin Posts: 31,601 Joined: 24-January 04 From: USA Member No.: 3	This self-help guide will walk you through using LSP-Fix to remove unwanted LSPs Warnings: Removing LSPs can cause your computers Internet connection to no longer work. If you follow these instructions carefully, you should not have a problem. If you feel that you are not comfortable doing this on your own, then please ask for help in our forums. What are LSPs: LSPs are programs that are attached to the networking protocols on Windows XP and 2000 computers. When a unwanted LSP connects to this chain, it has the ability to manipulate any data that passes through it manipulating it to their own desires. It is important to note that not all LSPs are bad, so it is important to do research as to whether or not the LSP you are going to remove is indeed unwanted. We will provide all the tools necessary, though, so that you can determine this. Tools Needed for this fix: HijackThis LSP-Fix Related Tutorials: How to use HijackThis to remove Browser Hijackers & Spyware Using LSP-Fix to remove Spyware & Hijackers Symptoms in a HijackThis Log: O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll Instructions: Checking to see if you have an LSP installed: The first step in removing an LSP is to determine if one actually exists on your computer: Download HijackThis and extract it to c:\hijackthis. Navigate to the c:\hijackthis directory and double-click on HijackThis When the program starts, double-click on the HijackThis icon and then click on the Scan button. If you see any entries that start with O10, then you have an LSP installed on your machine. Write down the entry as it is shown for reference later. DO NOT FIX THESE ENTIES IN HIJACKTHIS. If there are no O10 entries, then you do not have an LSP installed on your machine and should not continue reading this tutorial Exit HijackThis Identifying whether or not the LSP is unwanted or not: If you did have a O10 entry in the HijackThis log, then we must determine if they are a legitimate entry or unwanted. To do this we reference an excellent compilation of known LSPs: Open your web browser and go to the following site: http://www.castlecops.com/LSPs.html Look through this list for the filename found when examining the HijackThis log. For example if the O10 entry found in the HijackThis log was: O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll You would look for the filename lspak.dll in the list on this web siteand would find that it is part of the malware Virtumundo. We therefore want to remove it. Removing the LSP: Now that we know the LSP is not wanted on our computer, we will remove it following these instructions: Download LSPFix from: LSP-Fix Download Link Once LSP-Fix is downloaded, extract the file to c:\lspfix. Close all windows on your computer. Navigate to c:\lspfix and run the lspfix.exe program. Put a checkmark in the I know what I'm doing checkbox. Now move all instances of the file that we determined was bad in the previous steps into the remove section by clicking on the button that points to the right (>>). Make sure that you ONLY move the particular file we identified previously and no other files as it can cause problems with your computer afterwards. Press the finish button. Then Reboot. The LSP should now no longer be on your computer This is a self-help guide. Use at your own risk. BleepingComputer.com can not be held responsible for problems that may occur by using this information. If you would like help with any of these fixes, you can post a HijackThis log in our HijackThis Logs and Analysis forum. If you have any questions about this self-help guide then please post those questions in our AntiVirus, Firewall and Privacy Products and Protection Methods forum and someone will help you. -------------------- Lawrence Become a BleepingComputer fan: Facebook Follow us on Twitter!

« Next Oldest · Spyware and Malware Removal Guides and Reading Room · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 22nd November 2009 - 12:52 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides