Aaaarrrggghhh!!! Windows Winsock files corrupted when deleting spyware

[Becky]

i've spent a day trying to re-install windows, microsoft
can take their beta and stick it somewhere painful.

once i installed the antispyware, cleaned my system and
restarted, as advised, then i lost all my network
configurations. Couldn't do a system restore!

yuck

anyone else have this problem or only lucky me?

 

[Jupiter Jones [MVP]]

Becky;
This probably would not have happened is malware was not on the computer to
begin with.
Start/All Programs/Accessories/Command Prompt
Type "netsh winsock reset" ENTER
Follow prompts and reboot.

Then IMMEDIATELY run an updated virus scan.
Then run AntiSpyware again.

This is not caused by AntiSpyware.
It is caused by the Spyware that has been removed
Think of the malware as a fire.
The fire department (AntiSpyware) puts out the fire.
But the building (Windows) still has fire damage.

Why do you seem to so quickly blame Microsoft when your insecure computer
may be at fault?

 

[Michael Schøler]

[ ... snip ... ]

Why do you seem to so quickly blame Microsoft when your insecure computer
may be at fault?

I think a common misconception by most home-PC users is that spyware is
"mostly harmless". It's errornously believed that spyware does nothing but
linger in the background, gathering various information and sending this to
an unwanted/unauthorized destination.

Perhaps you should bring out a warning for certain known spyware infections,
alerting that removing this spyware application may render some
features/functionality of windows unusable, and also giving pointers on how
to restore this and/or how to get help doing so.

It is certain that the general attitude towards spyware as an "easy to
remove" thing should have much more focus than it has currently.

Just my 5 cents .-)

Best regards
Michael Schøler
Denmark

 

[Michael Jennings]

[ ... snip ... ]

Why do you seem to so quickly blame Microsoft when your insecure computer
may be at fault?

I think a common misconception by most home-PC users is that spyware is
"mostly harmless". It's erroneously believed that spyware does nothing but
linger in the background, gathering various information and sending this to
an unwanted/unauthorized destination.

Perhaps you should bring out a warning for certain known spyware infections,
alerting that removing this spyware application may render some
features/functionality of windows unusable, and also giving pointers on how
to restore this and/or how to get help doing so.

It is certain that the general attitude towards spyware as an "easy to
remove" thing should have much more focus than it has currently.

Just my 5 cents .-)

Best regards
Michael Schøler
Denmark

I don't know, but if a small monthly program (the malice remover) can
restore the TCP/IP stack, why can't this program? ID the stuff that
grabs the stack, which they should have done; then program a command
appropriate to the OS when the plug is pulled on that stuff.

That would be better than a warning about removing certain strains
of spyware - quietly repair the damage caused.

 

[Cathy]

I have the same problem, and cannot do a restore either.
Any suggestions anyone?

 

[Jerry Ham \(433588\)]

Probably because Microsoft MADE her computer insecure, then offered to fix
the damage with MS Antispy only to make the computer unusable.

Who in the heck should she blame?

 

[Jupiter Jones [MVP]]

Jerry;
"Who in the heck should she blame?"
Might as well be Microsoft.
As long as a big company is to blame, there is nothing to do so all problems
are inevitable.
No point in maintaining our computers since it is someone else's fault.
But that ignores the fact is our computer and not Microsoft's.

If the damage is already there because of spyware it is ridiculous to blame
AntiSpyware for making the computer unusable.
If the computer had been clean, this would not be an issue.
Using the example I gave before, you are blaming the fire department for the
water in your basement when you should have taken care to prevent the fire
in the first place.

It is always convenient to blame someone else for our problems and neglect
our own responsibility.

 

[Bill Sanderson]

Here's Microsoft's recipe for this issue:

http://support.microsoft.com/kb/892350

In general, I agree with Jupiter Jones. A number of programs, legit and
illegit, add themselves to the Winsock LSP stack. When they need to be
removed by informal means, this breaks the stack. This is enough of an
issue that there is a new command in Windows XP Service Pack 2 to deal with
it.

With this product, the breakage can occur because of removal of genuine
malware, or, in some cases, removal of an item which is part of the stack,
by detection as a false positive. The key to knowing which it was is in the
cleaner.log file in the directory the antispyware application is installed
in.

There are a couple of additional sidenotes to the process of cleaning up
after this breakage--i.e. beyond what's in that KB article, I think:
1) legit third-party programs you've installed that hook into the stack will
need to be reinstalled. VPN clients, some Internet Privacey applications,
don't know a full list.
2) you may see an unexpected appearance in the network connections
folder--the firewalled lock symbol may not be there for the connections,
although they say that they are firewalled various places. To resolve this,
go to the Advanced page where firewall is turned on or off for a connection,
and first turn it off, then turn it on again. This should get everything
looking the way you expect.

 

[Becky]

Thanks Bill,

i'm still without a computer, tho, can't even do a re-
install!

Any more words of wisdom?

Becky

 

[Guest]

im only quick to blame microsoft because I had spyware
blaster and had run adaware -- so I don't feel I had an
insecure system.

 

[Michael Jennings]

If you've got XP sp2, it's a pretty easy fix.

If you've got XP pre-sp2 or Win2K, it's not so easy
to restore the busted networking - see this link:
http://support.microsoft.com/kb/817571
What it tells you is to delete Winsock & Winsock2
from the registry and reinstall TCP/IP networking.
You can install new TCP/IP over old TCP/IP in XP,
but for Windows 2000 you have to remove the old
TCP/IP before you install the new TCP/IP.

Well, I hope you have XP sp2 in which case do this:

Start | All Programs | Accessories | Command Prompt
in the DOS box that appears, type the following:

netsh winsock reset

press the enter key.
Then reboot your computer.

That's what it tells you to do in Bill's link.

Thanks Bill,

i'm still without a computer, tho, can't even do a re-
install!

Any more words of wisdom?

Becky

<snip>

 

[Bill Sanderson]

I don't understand clearly the state your machine is in--tell me more?

You turn it on, what happens?

You try to start in safe mode, by pressing F8 before the logo appears--does
the computer start then?