×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

WinXP Connectivity Issues

Lost Connectivity after Registry or Malware Cleanup by bcastner
Posted: 22 Dec 03 (Edited 31 May 05)

It has become increasingly necessary to use utilities to remove malware:  IE Hijackers, unwanted Advertising popups, trojans, backdoor spyware, other spyware, and worms.  It is estimated that there are now 10,000 variants of the Cool Web search Internet Explorer hijacker alone.

Problem: after cleaning your machine you may find you can no longer connect to your network and/or the internet.

Problem #2: While earlier releases of Windows allowed one to remove The TCP/IP protocol stack and DUN services and re-add them, XP considers these core services and will not obviously allow you to do so.

Problem #3: The published fixes by MS do not often work, including using the Netsh.exe utility to do a reset, or even a Repair re-installation of XP.

A Tek-Tip member - CableInstaller - known generally on malware removal forums as Option^Explicit has written a tool that works wonders in situations where your Winsock service stack has become corrupted.  While the tool works under all versions of Windows from Win9x -- XP, I will describe briefly what it does under XP:

. It disables all network adapters
. It removes the registry keys Winsock and Winsock2
. It replaces the keys with a virgin registry set from a clean install of XP it contains inside the program
. It forces a rebuilding of the Winsock service, including routing tables, using the Netsh int ip reset resetlog.txt command
. It re-enables your adapters
. It checks that your HOSTS file has a valid localhost pointer to 127.0.0.1

I cannot tell you how often this little utility has proved a lifesaver:  WinsockFix  Direct download: http://www.dslreports.com/r0/download/544752~62fe0e8dc00fac87e6f0f83c54d283a4/WinsockFix.zip
-or-
http://www.spychecker.com/program/winsockxpfix.html

Additional Notes:

The tool also works wonders if your network and/or connectivity fails after driver updates, adapter changes, or multiple fiddles with your network connection settings.

Special Note For Service Pack 2 Users:

Service Pack 2 adds a new command to repair the Winsock corruption problem that can be caused by adware, spyware, or some other causes.  You should use this instead of the utility WinsockFix:

netsh winsock reset

Using this command should normally not do any harm, so if you have unsolvable connection problems or spurious disconnections, try it. It does remove all nonstandard LSP (Layered Service Provider) entries from the Winsock catalog, which are usually adware or spyware entries, but if you happened to have a legitimate one installed, it would also be removed and would have to be reinstalled.

If you're really curious, you can use the command:

netsh winsock show catalog

before and after resetting the catalog to find out whether any entries were in fact removed and which ones these were. Another way to get at the same information is to run

winmsd

and select Components, Network, Protocol. The Layered Service Providers in the list should be of the MSAFD or RSVP ... Service Provider type. All others are likely malevolent and should disappear after the reset command shown above.

Special Note for Microsoft Antispyware users:

If after cleaning you lose internet and or network connectivity, it is also a common Winsock LSP layer issue.  Follow the advice in this FAQ, which is identical to the Microsoft suggestion in this MS KB article: http://support.microsoft.com/kb/892350


More information:

http://support.microsoft.com/default.aspx?scid=kb;en-us;817571&Product=winxp

A recent Microsoft KB article that provides some diagnostic steps, and suggests a reasonable method of doing-it-yourself:  http://support.microsoft.com/?kbid=811259 The second half of this KB article describes how to reset the TCP/IP service stack, which is sometimes necessary as a second step to repairing your Winsock corruption problem.


Best to all,
Bill Castner


Back to Microsoft: Windows XP Pro FAQ Index
Back to Microsoft: Windows XP Pro Forum

My Archive

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close