Using LSP-Fix to remove Spyware & Hijackers

  • April 16, 2004
  • 03:02 PM
  • Read 169,087 times

Table of Contents

  1. Introduction
  2. Type of Software that use an LSP
  3. How to use LSP-Fix
  4. Conclusion


LSP-Fix is a utility designed to remove and repair problems associated with a type of software called a Layered Service Provider, or LSP. LSPs are designed to integrate directly into your TCP/IP layer, the protocol you use to communicate on the Internet, in order to manipulate data that is sent across it. The LSPs are installed in such a way that each LSP in the TCP/IP handler are chained together. If one of these LSPs is removed incorrectly, that chain could become broken, possibly removing your ability to connect to the Internet or a network.

LSP-Fix was designed to fix problems such as these. With LSP-Fix you can remove LSPs that are malicious in nature or do not belong, and have them removed in such a way that the chain of LSPs are not broken and your network connectivity will continue to work properly. This software will also fix breaks in the chain that may have already occurred due to deletions of certain files or buggy installation routines

This program deserves a word of warning though. You should not be using this program unless you have been directed to do so by someone who is extremely knowledgeable in these matters. Removing the wrong LSPs from your computer by mistake can make your computer unstable and possibly unable to communicate over a network, including the Internet.

Types of Software that use an LSP

Many different types of software use LSPs and they are all applications that use a network or the Internet. Unfortunately, some of these applications do not have your interests at heart and use LSPs to redirect your traffic to where they want or to collect statistics about how you use the Internet. LSPs that are used by these types of software, called Spyware or Browser Hijackers, can be removed using LSP-Fix as well.

Below is a sample of valid applications that use LSPs:

Sygate Firewall
Mcafee Personal Firewall

Below is a sample of malicious applications that use LSPs:


Unfortunately many of the above known malicious programs are installed without your consent or even knowledge, but by using LSP-Fix and with the proper guidance you can remove these programs.

How to use LSP-Fix

Step 1: Download and run LSP-Fix

Download LSP-Fix and save it into its own directory. You can download LSP-Fix from the following location:

LSP-Fix Download Location

Once the file is downloaded navigate to where you saved the file and double-click on it to start the application. You will then be presented with a screen similar to Figure 1 below.

Figure 1. Start Screen for LSP-Fix

Now that the application is started you will see a screen with two sections labeled Keep and Remove. The Keep section is for LSPs that we will not be removing and Remove section is for the LSPs that will be removed.

There are two buttons between these two sections labeled >> and <<. The >> will move the highlighted LSP from the Keep section into the Remove section. If you would like to move a highlighted LSP from the Remove section back into the Keep section, you would use the << button. It is important to note that these buttons will not become useable unless you put a checkmark in the checkbox labeled "I know what I'm doing" designated by the red box in Figure 1 above.

If you just want to fix a broken chain, and the problem DLL has already been removed for some other reasons, you can just click the Finish button, designated by the green box in Figure 1. LSP-Fix will automatically fix the LSP chain and hopefully restore connectivity back to the network. If you are attempting to remove a specific DLL from the chain, then you should proceed to Step 2.

Step 2: Remove the LSP

In this tutorial we want to remove the webhdll.dll that is installed by a known Spyware program called Webhancer. For your individual situation the file you will be removing may be a different name.

To remove webhdll.dll we would put a checkmark in the checkbox labeled "I know what I'm doing" in order to activate the move (<< & >>) buttons, and then click once on the webhdll.dll file to select it as shown in Figure 2 below


Figure 2. Selecting the LSP we are about to move

Once you have the checkbox checked and the LSP you would like to move selected, you will press on the >> button, designated by the blue box in Figure 2 above, to move the LSP into the Remove section. Once you do this, you should see a screen like Figure 3 below.

Figure 3. LSP moved to the Remove section

Now that the LSP has been moved to the Remove section, you can finish the remove process by clicking on the Finish button designated by the blue box in the figure above. When you click on the Finish button the LSP will be removed from your computer in the correct manner so that the LSP chain does not break.

When LSP-Fix is done removing the LSP you will see a summary box similar to Figure 4 below:

Figure 4. LSP removal Summary

At this point the LSP has been removed and you can press OK to shutdown LSP-Fix.


Using LSP-Fix can enable you to remove unwanted LSPs from your computer. Regardless of how these programs were installed on your computer with the proper advice and the use of this tool, you can keep your computer operating correctly.

As always if you have any comments, questions or suggestions about this tutorial please do not hesitate to tell us in the computer help forums.

Lawrence Abrams
Bleeping Computer Windows Internet Security Series Computer Support & Tutorials for the beginning computer user.

Users who read this also read:

  • HijackThis Tutorial - How to use HijackThis to remove Browser Hijackers & Spyware Image
    HijackThis Tutorial - How to use HijackThis to remove Browser Hijackers & Spyware

    HijackThis is a utility that produces a listing of certain settings found in your computer. HijackThis will scan your registry and various other files for entries that are similar to what a Spyware or Hijacker program would leave behind. Interpreting these results can be tricky as there are many legitimate programs that are installed in your operating system in a similar manner that Hijackers get ...

  • 4 Simple Steps for removing Spyware, Hijackers, Viruses, and other Malware Image
    4 Simple Steps for removing Spyware, Hijackers, Viruses, and other Malware

    If you are experiencing problems such as viruses that wont go away, your browser gets redirected to pages that you did not ask for, popups, slowness on your computer, or just a general sense that things may not be right, it is possible you are infected with some sort of malware. To remove this infection please follow these 4 simple steps outlined below. Not all of these steps may be necessary, but ...

  • Using SpywareGuard to protect your computer from Spyware & Hijackers Image
    Using SpywareGuard to protect your computer from Spyware & Hijackers

    While you use anti-virus software to protect your computer against known viruses, trojans, and worms, you most likely do not use a piece of software to protect your computer against Spyware and Hijackers. That is where SpywareGuard comes in to play. SpywareGuard is a Freeware program by Javacool Software that will run alongside your traditional virus scan, but instead of alerting you when you are ...

  • Understanding and Using Firewalls Image
    Understanding and Using Firewalls

    The Internet is a scary place. Criminals on the Internet have the ability to hide behind their computers, or even other peoples computers, while they attempt to break into your computer to steal personal information or to use it for their own purposes. To make matters worse, there always seems to be a security hole in your software or operating system that is not fixed fast enough that could ...

  • How Malware hides and is installed as a Service Image
    How Malware hides and is installed as a Service

    A common misconception when working on removing malware from a computer is that the only place an infection will start from is in one of the entries enumerated by HijackThis. For the most part these entries are the most common, but it is not always the case. Lately there are more infections installing a part of themselves as a service. Some examples are and Home Search Assistant.



blog comments powered by Disqus
search tutorials


Remember Me
Sign in anonymously