Re: blown up TCP/IP/SID entries
From: Kent W. England [MVP] (kwe_at_mvps.org)
Date: 05/14/04
- Next message: Ron: "IP Address"
- Previous message: Wayne B.: "Individual files aren't shared"
- In reply to: Gary: "blown up TCP/IP/SID entries"
- Next in thread: Chuck: "Re: blown up TCP/IP/SID entries"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 13 May 2004 17:10:01 -0700
Gary wrote:
> Does anyone know the KB article or a weblink to the TCP/IP/SID issues
> with AD and XP pro? I have the fix, which is to edit the
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock and
> .....WinSock2 keys, but would like to learn more about the issue. I
> understand that this is a "not very publicized", but recognized issue
> by MSFT.
Are you talking about the LSP service stack at
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters
\Protocol_Catalog9\Catalog_Entries?
If so, this stack is usually broken by spyware and is fixed by LSPfix
from cexx.org. Read
http://www.spyany.com/program/article_spy_rm_SAHAgent.html manual
removal instructions for how the Layered Services are linked in this
registry key.
If the chain is not broken, but includes spyware, you have to know what
.dlls are involved in the spyware before you can hope to remove it. Some
anti-spyware can remove spyware that is embedded in the layered
services, but LSPfix is the easiest way to repair a damaged stack or
remove components from a working stack. These issues are usually
discussed in the virus or security groups.
-- Kent W. England, Microsoft MVP for Windows Security
- Next message: Ron: "IP Address"
- Previous message: Wayne B.: "Individual files aren't shared"
- In reply to: Gary: "blown up TCP/IP/SID entries"
- Next in thread: Chuck: "Re: blown up TCP/IP/SID entries"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
