ZHPDiag – Module Ø10 (LSP)

Winsock is a Windows Software Library whose goal is to implement a "programming interface inspired by Berkeley sockets. It supports including the sending and receiving of packages data on networks TCP/IP. (Wikipedia).

Hackers use Winsock to load resources of random names like "SecureAssist.dll"., 'zdengine.dll' or 'OptimizerMonitor.dll '..

Origin

– The module Ø10 (LSP) has summer creates him 20 may 2008.

Features

– This module lists all the resources in the Winsock2 subkeys. The ZHP analyzer defines the legitimacy or harmfulness of resources.

Overview ZHPDiag

—\\ Winsock hijacker (Layered Service Provider) (Ø10)
Ø10 – WLSP:\000000000004\Winsock LSP File – C:\Windowssystem32pnrpnsp.dll

—\\ Winsock hijacker (Layered Service Provider) (Ø10) v1.25.02
Ø10 – WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation – PNRP namespace provider.) — C:\Windowssystem32pnrpnsp.dll
Ø10 – Broken Internet access because of LSP provider (.No. file.) — C:\WINDOWSsystem32winrnr.dll

Example of infection

—\\ Winsock hijacker (Layered Service Provider) (Ø10)
Ø10 – Protocol_Catalog9Catalog_Entries00000000001 – C:\WindowsSystem32SecureAssist.dll
Ø10 – Protocol_Catalog9Catalog_Entries00000000002 – C:\WindowsSystem32SecureAssist.dll
Ø10 – Protocol_Catalog9Catalog_Entries00000000003 – C:\WindowsSystem32SecureAssist.dll
Ø10 – Protocol_Catalog9Catalog_Entries00000000004 – C:\WindowsSystem32SecureAssist.dll
Ø10 – Protocol_Catalog9Catalog_Entries00000000025 – C:\WindowsSystem32SecureAssist.dll