Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    US charges Samourai cryptomixer founders for laundering $100 million

Featured Deal: A one-year Sam's Club membership is only $14 now

Latest Buyer's Guide:    How to setup a VPN on your router: Detailed walkthrough

Generic User Avatar

How To Remove An Lsp Found When Running Smitfraudfix

Started by Grinler , Sep 27 2007 01:03 PM

  • Please log in to reply
No replies to this topic

#1 Grinler

Grinler

    Lawrence Abrams


  • Avatar image
  • Admin
  • 45,075 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:USA
  • Local time:01:49 AM

Posted 27 September 2007 - 01:03 PM

How to remove an LSP found when running SmitFraudFix
Introduction If you have reached this guide, then that means you have run SmitFraudFix and it warned you that an LSP, or Layered Service Provider, was found. LSPs are programs that are installed in your computer's configuration in such a way that they are linked, like a chain, with other LSP programs already installed. Unfortunately, due to how these programs are configured and linked together, if you improperly remove one, the chain will become broken and there is a very high chance that you will no longer be able to access your network and the Internet. In order to remove an LSP you need to use a specialized tool called LSP-Fix. LSP-Fix is designed to remove an offending LSP and then repair the LSP chain so there are no missing links. This allows for an LSP removal without any fear of losing your connectivity. This guide will walk you through removing the malware LSP files installed by the latest rogue anti-spyware programs, such as AntiVirGear, in a safe manner. If you want a more detailed introduction to Layered Service Providers and LSP-Fix you can visit this tutorial. Important Note: A lot of other sites are providing guides on how to remove rogue anti-spyware infections. None of these guides, if they even mention the LSPs, are currently telling you how to properly remove these particular files. In fact, if you follow their instructions to remove an LSP, there is a very good chance that your Internet connection will no longer work. Therefore, it is imperative that you DO NOT follow any instructions found elsewhere unless they give specific instructions on safely removing LSP files installed by these malware.

Current LSP Files being installed with Rogue Anti-spyware products C:\Windows\System32\laf1.dll (The number after laf can be different. For example, laf2.dll or laf3.dll).
Known Rogue Anti-spyware programs that are bundled with LSPs

AntiVirGear


Removal Instructions:
  1. When running SmitFraudFix, if you have a malware LSP installed you will see a message similar to the following:

    C:\WINDOWS\system32\laf1.dll Detected, use LSPFix.exe to delete !

    Write down on a piece of paper the exact filename as shown in the above message as we will need it in the steps below.

  2. Download LSP-Fix.exe from the following link and save it on your desktop. The download link is:

    LSP-Fix.exe download link

  3. Once the program is downloaded on to your desktop you will see the following icon for the program:




  4. Double-click on the LSPFix.exe icon and the program will launch. When it launches you will see a screen similar to the one below.




  5. Put a checkmark in the checkbox labeled I know what I'm doing (or enjoy re-installing my operating system...).

  6. Now look through the files listed under Keep and select the filename that SmitFraudFix displayed by left clicking once on it. Then you should click on the button labeled >> as indicated by the red arrow in the image below. Make sure you only select the files displayed by SmitFraudFix!




  7. When you click on the >> button the file will move to the Remove box as shown in the image below.




    At this point you should now click on the Finish button.

  8. LSP-Fix will now remove the LSP from your Windows configuration and repair the LSP chain. When done, a summary box will be displayed as shown below.




    When reviewing the summary box, do not be alarmed if the information shown on your computer is different from what is shown in the example above.

  9. Now reboot your computer and run LSP-Fix again. When the program is displayed, the file you removed should no longer exist under the Keep column. If the file is no longer listed you can manually delete it.

    If the file still exists under the Keep box I suggest you notify the helper working on your log. If you are using a self-help guide you can post about your problem in the Am I infected? forum.
The SmitFraud LSP should now be removed from your computer and you can continue with the rest of the malware removal process.

This is a self-help guide. Use at your own risk.

BleepingComputer.com can not be held responsible for problems that may occur by using this information. If you would like help with any of these fixes, you can post a HijackThis log in our HijackThis Logs and Analysis forum.

If you have any questions about this self-help guide then please post those questions in our Am I infected? forum and someone will help you.

Lawrence Abrams

Join our Official Discord Chat Server!

Follow us on Twitter!
Follow us on Facebook

BC AdBot (Login to Remove)

 

Back to Spyware and Malware Removal Guides Archive


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


  1. BleepingComputer Forums
  2. Security
  3. Am I infected? What do I do?
  4. Spyware and Malware Removal Guides Archive
  5. Privacy Policy
  6. Rules ·