A virus in Winsock LSP

[haydee]

Hi everyone,

I was browsing around and found an interesting website and started
reading. All of a sudden my AVG anti-virus warned of a virus which I
moved to vault right away. Again two more virus warnings and I moved them to vault and boom! I got disconnected from the Internet.
I ran HijackThis and it showed on 010 C:\windows\system32\laf1.dll
with unknown file.
It said there is an unknown file in Winsock LSP.
It says that removing references to missing files and repairing chain will restore Internet access and it sends me to a website to fix LSP.
I don't know how to remove references to missing files or repair chain.
Besides, the computer have no access to the Internet so I can't get to the website suggested.
What should I do?
I'm using other computer to post this.
Please, help me. Thanks a lot.

[DavidR]

Well I have no knowledge of AVG, after all this is the avast forum
Why are you using AVG (I hope your not using two resident AVs) ?

Some malware like newdotnet hooks into your internet connection settings and if it isn't removed correctly it can cause you to lose your internet connection. So I have no idea what AVG did or if it didn't remove the LSP hooks causing the connection to fail.

You could visit the web site with the computer your using now and download the lspfix tool and using a floppy/cd/or usb drive copy it to your other system.

For XP SP2, try Windows Start button, Run - type 'netsh winsock reset' without the quotes - this may be enough to fix the issue.
Check out this topic http://forum.avast.com/index.php?topic=21608.0, for non-XP SP2 systems http://cexx.org/lspfix.htm download the file and transfer to your system and run it there.

[haydee]

Thank you so much DavidR
I will try that tomorrow God willing.
I'll let you know the results.
Thanks again, God bless you.

[DavidR]

Your welcome.

[mouniernetwork]

Please note that Avast provides the option to automaticly repair the winsock, and thats only one benefit of Avast over AVG.

If you are still intersted please let me know as I have a program that might be able to fix it.

Al968

[igor]

Well, avast! doesn't repair winsock entries if they are already corrupted. But yes, if avast! is removing an LSP entry (because it detected the underlying file as malicious), it tries to fix the corresponding registry entries as well.

[mouniernetwork]

Well, avast! doesn't repair winsock entries if they are already corrupted. But yes, if avast! is removing an LSP entry (because it detected the underlying file as malicious), it tries to fix the corresponding registry entries as well.

Yes that's what I meant 
Avast makes a copy of  healthy winsock entries and restores them anytime the winsock entries are corrupted so in order to work Avast needs to have working winsock entries to start with.

Al968

[lurkingatu2]

if you have superantispyware free it has a winsock fix

go to preferences then repairs 

[FreewheelinFrank]

Getting infected by a drive-by download means you must have an out-of-date and vulnerable piece of software somewhere on your system.

Scan for out-of-date and insecure software using Secunia Software Inspector and update any vulnerable software: this will help to prevent future infections.

[haydee]

Well I have no knowledge of AVG, after all this is the avast forum 
Why are you using AVG (I hope your not using two resident AVs) ?

DavidR, you're gonna kill me.
I had Avast in the computer and I read something about Avast ( I don't remember the whole information) and I deleted it from that computer but no from the other two computers in the house. Well you see I downloaded AVG and even though I sent the virus to Vault it caused the damage in winsock. Avast never let any virus unattended. I regret uninstalling Avast from that computer.
Well the damage is done now. I tried what you said in "run"  typing netsh winsock rest and it appeared the cmd black box and it disappeared . I then tried to get access to the internet and nothing yet. I tried repairing the network connection and it can't repair the ISP.
Anything else I can do?
Thanks a lot

[DavidR]

Although that command should be able to run from the Run window, you could type cmd in the Run window and once you have the command window open, type what I previously suggested (netsh winsock reset) I notice that you posted 'netsh winsock rest' with a missing 'e' reset not rest.

If you first open a cmd window and type the command the cmd windows doesn't close after running the command, so if there are any errors/results then you will see them.

So if you entered that it would fail as it is an incorrect command.

If that doesn't work, the only other option is to download the file lspfix.exe and transfer and run it on the effected system, but that should do the same as the command did.

[Lisandro]

I sent the virus to Vault it caused the damage in winsock.
I tried repairing the network connection and it can't repair the ISP.

   1. Click Start. In the Start Search dialog box, type: cmd, and right-click cmd.
   2. Click Run as administrator.
   3. Type: netsh winsock reset, and then press the ENTER key.
   4. Type: Exit and press ENTER.

Or use: http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml
   5. Restart the computer

[haydee]

Thanks a lot to both of you.
I will try to do that now. I have to disconnect this computer and connect the
sick one and try to fix it. I wrote down your instructions. I'll be back.

[essexboy]

You could use LSP fix

If a malicious .DLL file is disrupting the LSP chain on your computer. We need to get rid of it.

• Please download LSPFix from here.
  
• Run the LSPFix.exe that you have just finished downloading.
• Check the I know what I'm doing box.
  
• In the Keep box you should see one or more instances of laf1.dll.
  
• Select every instance of laf1.dll and move each one to the Remove box by clicking the >> button.
  
• When you are done click Finish>>.
  

[haydee]

Hi essexboy
I already did what DavidR and Tech told me and I got it. It said that winsock catalog was reset. I then unplugged the modem, reset the connection, plugged the
cable back and I finally got the Internet back.
Should I follow your instructions anyway ?

should I go  to http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml as suggested by Tech, anyway ?

Thanks a lot.