LISTSERV 16.0 - MSUNAG Archives

Subscriber's Corner

Email Lists

MSUNAG Archives

MSUNAG@LIST.MSU.EDU

View:

Message:

[

First

Last

]

By Topic:

[

First

Last

]

By Author:

[

First

Last

]

Font:

Proportional Font

		LISTSERV at MSU
		MSUNAG Home
		MSUNAG September 2004

Subject:

Re: Winsock, XP, and Spyware

From:

Laurence Bates <[log in to unmask]>

Reply-To:

[log in to unmask]

Date:

Thu, 30 Sep 2004 20:06:36 -0400

Content-Type:

text/plain

Parts/Attachments:

text/plain (73 lines)

Thanks for the update John.  That is very helpful.  We have also been having
wireless connections with Windows XP machines recently.  I did some research
on this topic in the last few days and have tried to summarize it in the
flowchart at the following URL.

http://www.educ.msu.edu/info/TechTips/WirelessXP.jpg

At least I know Visio a lot better now ;-)



-----Original Message-----
From: MSU Network Administrators Group [mailto:[log in to unmask]] On
Behalf Of John Resotko
Sent: Thursday, September 30, 2004 9:21 AM
To: [log in to unmask]
Subject: [MSUNAG] Winsock, XP, and Spyware

I don't know if anyone else has seen these issues or not, but at the request
of some people I've talked to, I'm sharing what I know.  In the last few
weeks, we've had a rash of student laptops that can't seem to keep the
address they were assigned by DHCP, or they repeatedly drop and re-request a
new DHCP address.  In quite a few cases, Winsock corruption was the reason
for the problem.

In the September 21st issue of PC Magazine, reporter Bill Machrone reported
on an added effect of spyware: corruption of the Winsock stack under Windows
XP. This can cause some odd effects, including intermittant release/renew of
IP addresses, a general inability to connect to the web when all hardware
drivers are working normally, or odd errors when running a networked
application such as ""An operation
was attempted on something that is not a socket".   His proposed cure is
to reset the Winsock stack and related TCP/IP entries in the registry.
To do this, check out

http://www.spychecker.com/program/winsockxpfix.html

a utility which does a partial reset on the Winsock stack.  Microsoft also
has some  proposed solutions for this problem.  First,  manually editing the
registry to completely remove the Winsock and TCP/IP stack, then
reinstalling it from the CD.  See:

http://support.microsoft.com/?kbid=811259

for the details on this procedure.  This corruption is the result of spyware
and adware removal which does not cleanly remove additions to the TCP/IP
stack and Winsock settings.  While rare on Windows 2000 machines, there is
some additional information on how to reset related entries on both a Win2K
and WinXP system at:

http://support.microsoft.com/?kbid=817571

An additional procedure for reseting the IP stack and related registry
entries WITHOUT completely removing and reinstalling TCP/IP, see also :

http://support.microsoft.com/?kbid=299357

which give you a command line method using the Netshell (netsh) to reset
registry entries related to the stack in a manner similar to what you do
when you remove and reinstall TCP/IP.

We've had almost twenty cases of this in the last three weeks at the law
college.  In all but three of them, resetting the Winsock stack resolved the
problem. I hope others find this information useful.

John A. Resotko
Head of Systems Administration
Michigan State University College of Law
208 Law College Building
East Lansing, MI  48824-1300
email: [log in to unmask]
Phone: 517-432-6836
Fax: 517-432-6861