Fix Corrupted Winsock Settings

malicious software attacks that tamper with network settings and Winsock.  These corrupt Winsock settings can therefore lead to all kinds of networking troubles which are difficult  to analyze and understand for the inexperienced user.Winsock Repair is a free portable and  can fix most Winsock errors with the single push of a button so it makes more comfortable for you  fix the errors manually. Winsock Repair is a portable software program for the Windows operating system that has two primary functions. The first is to reset the TCP/IP stack which will rewrite important Windows Registry keys with their default values. The second will try to repair Winsock so that the network connectivity issues are a thing of the past. It does provide an option to list the installed LSPs (Layered Service Providers) which can be important as pre-installed LSPs might need to be reinstalled after fixing the Winsock errors. 




[attachment deleted by admin]

[Web moderator]

Better off with someone who can read a HJT log.

Just an aside here....this softwares installer triggered my antispyware, which blocked PSVRR.exe....you may want to run a scan if you've tried the program.....the download website is green WOT but......

[Moderator]

From Prevx:

PSVRR.EXE has been seen to perform the following behavior:

    * The Process is packed and/or encrypted using a software packing process
    * Checks for the use of debuggers
    * Creates a new Background Service on the machine
    * Reads email address and phone book details
    * Visits web sites on your PC without you knowing
    * Uses DNS to retrieve the IP address for web sites
    * Found on infected systems and resists interrogation by security products
    * Looks at the contents of the autoexec.bat file

PSVRR.EXE has been the subject of the following behavior:

    * Added as a Registry auto start to load Program on Boot up
    * Executed as a Process
    * Copied to multiple locations on the system
    * Created by processes which appear to be checking for interception by security products
    * Downloaded from covert web sites without the user knowing
    * This program is often downloaded from the web

Based on this info the link is being removed temporarily until further review...
patio.

Also from Prevx:

File Activity
One or more files with the name PSVRR.EXE creates, deletes, copies or moves the following files and folders:

Creates c:\docume~1\user\locals~1\temp\aut7.tmp
Creates c:\documents and settings\user\application data\psvr32.exe
Deletes c:\docume~1\user\locals~1\temp\aut7.tmp
Creates c:\documents and settings\user\application data\_pconfig.cfg
Website Activity
One or more files with the name PSVRR.EXE interacts with the following web sites and pages. Web addresses have been deliberately modified to prevent unintentional use.

www .ophyemaweito .com / 0 / proxy .cfg
Port 80 IP:124.217.253.230

i ran it through  sanboxie and saw nothing of the sort as far as PSVRR.EXE .  it has no installer it is portable!and before i post any thing i check it out myself and also visit virus total.  http://www.virustotal.com/analisis/51d4ff61d83d4249396f490bdb3d3f001038a56563b1cee6263deb2f86ffa9fb-1252338442    fully portable, meaning that it requires no installation and can be run directly from a USB flash disk. It also writes absolutely no settings to the Registry or the user’s folder. here is the authors email if you want to complain. rizonetech@gmail.com.

[attachment deleted by admin]

i ran it through  sanboxie and saw nothing of the sort as far as PSVRR.EXE .  it has no installer it is portable!and before i post any thing i check it out myself and also visit virus total.  http://www.virustotal.com/analisis/51d4ff61d83d4249396f490bdb3d3f001038a56563b1cee6263deb2f86ffa9fb-1252338442    fully portable, meaning that it requires no installation and can be run directly from a USB flash disk. It also writes absolutely no settings to the Registry or the user’s folder. here is the authors email if you want to complain. rizonetech@gmail.com.

ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

Just an aside here....this softwares installer triggered my antispyware, which blocked PSVRR.exe....you may want to run a scan if you've tried the program.....the download website is green WOT but......  it has no *censored* installer.

Bob , don't get all po'd...All I stated was that the program triggered my AV when I tried to save it....Whether it had an installer or not there was something in the file that caused PSVRR.exe to be blocked....My intention was to alert others of the possibility they may download something malicious to their computers......I certainly wasn't slagging your choice of programs, just giving others who may download it a heads up.

* Found on infected systems and resists interrogation by security products

Someone could download this and not even know they had it, it could be the wrapper, who knows, so why not play it safe.

In order to determine exactly what was happening, I decided to run a ProcMon trace while I ran and closed the program in question.

The resulting log was huge... most of it was basic registry reads that windows itself does to determine the various possible settings, appinit dlls, etc.

However, none of it was "bad" or something it wouldn't be accessing- most of the keys and files the program accessed were, not surprisingly, related to winsock.

However, this is the caveat! The Antispyware program karnac is using may be hard-coded to flag certain programs that access these keys as "spyware".

In fact this is a well known "caveat" of many anti-spyware programs. An example is the following article, which discusses a similar issue with one of the authors programs, and outlines exactly how easy it is to "sneak under the velvet rope" as he describes it. http://visualstudiomagazine.com/articles/2008/01/29/are-you-safer-now.aspx

I think that the reason it triggered the anti-spyware program was merely because it "hinted" at having references to certain registry keys- much as the author of the aforementioned article encountered with mcaffee.

thanks ,and i will most certainly further investigate stuff before i post a review. i have learned a lot from this forum and have respect for all of you, and would never post something bad knowingly.

[Moderator]

bobgar i'll step in here for a bit...
It probably seems you feel bashed and/or being held under a microscope for your recent recommendations...i hope that's not the case.
But as a public Forum that doles out advice to many users we tend to err on the side of caution. It's part of what we do and should not be interpreted as being against your recommendations...

By all means continue to recommend apps that you find useful and should in fact be recommended...

patio.

[Malware Removal Specialist]

Keep em coming bobgar34.

I think it's safe to say all of us have had at least one link removed from an internet forum. I know I've had my hand slapped a time or two.

Since it has been considered safe ?It has been deemed safe right? can the link be posted again?

[Moderator]

I've been busy and have not finished testing as of yet.

How many times has a link been re-instated in someone's post?

[Moderator]

Many.

Many.

so you guys keep a record of which links are removed from certain threads?

i just want to say thanks for the support everyone, i was really  down and out thinking i  screwed up. and the developer of that tool had some other cool utilities so i am going to take something i learned from B.C`s reply that procmon trace and regmon to evaluate things as i find them. as bad as i felt this turned out pretty good.

[Moderator]

No reason to feel bad bobgar...

ghacks has an article about the developer of this tool, he has released a new program called Rizone`s power tools, it looks like it could be a good one with more features coming soon.   the ghacks article: http://www.ghacks.net/2009/10/10/rizone%E2%80%99s-power-tools/       and the new program plus his many others can be found here:  http://www.rizonetech.com/?p=474