Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4521
  • Last Modified:

Unable to delete unknown files in winsock lsp found by hijack this.

After running Hijack This and deleting found nasty processes I am unable to delete 4 unknown files in Winsock lsp.  I am fighting a browser hijacker called search 200.  When Internet Explorer loads and you check the allowed sites in the pop up blocker settings it always lists lop.com and search200.com as allowed.  following is the hijackthis log.
Logfile of HijackThis v1.98.2
Scan saved at 12:20:56 PM, on 11/16/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\GP Motor Sports\Desktop\hijackthis\HijackThis.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\aplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aplsp.dll

0
rider164
Asked:
rider164
  • 4
  • 3
1 Solution
 
SheharyaarSaahilCommented:
Hello rider164 =)

Use LSPFix to delete those O10 files >> http://www.spychecker.com/program/lspfix.html
0
 
rider164Author Commented:
Thanks for the quick reply.
I ran LSPFix and it did not identify any problem lsp files.
It listed mswsock, winmr.dll, aplsp.dll and rsvpsp.dll but did not recomend removal of any of these.
0
 
SheharyaarSaahilCommented:
hmmmmm aplsp.dll is really Nasty one, so we are sure that we have to remove it, and so you can Manually remove it using LSPFix :)
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 
rider164Author Commented:
I removed aplsp.dll.  Now lop.com and search200.com do not show up in allowed sites in the pop up blocker.  I am still getting a search toolbar across the bottom of the internet explorer page which I thought was from search200 but I am not sure.
0
 
SheharyaarSaahilCommented:
hmmmm try Using ToolbarCop to remove the unwanted Toolband, Toolbar Icons and BHO:
http://windowsxp.mvps.org/toolbarcop.htm

Also make sure that you have these tools on your system,
========================================================
AdAware ==> http://www.spychecker.com/program/adaware.html
SpyBot  ==> http://www.spychecker.com/program/spybot.html
CoolWebShredder ==> http://www.softpedia.com/public/cat/10/17/10-17-150.shtml
Stinger ==> http://vil.nai.com/vil/stinger
========================================================

Turn off ur System Restore before cleaning the system if its WinME\XP >> http://www.pchell.com/virus/systemrestore.shtml
Then Run all of them one by one in safemode and delete everything they detect.
Then delete the temporary internet files and history of IE
and run Disk Cleanup on ur hard drive to delete those temp and junk files.
Restart back in Normal Mode to check for the problems now ?? :)
0
 
rider164Author Commented:
It appears that I am hijacker free.  I am running windows XP, Norton Internet Security, Adaware, Spybot, CoolWebShredder and Stinger.  I ran these in safe mode and cleaned the hard drive per your instructions.  It looks like all is well at this time.
Thanks, Rider164
0
 
SheharyaarSaahilCommented:
Excellent.... Good Job!! ^_^
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now