Have you heard of the term LSP hijacker? Well, you may not know the term, but you may have encountered the problem caused by it. LSP stands for Layered Service Provider, which is basically a .dll file that uses the Winsock API to place itself into the TCP/IP stack.
|Name||LSP Hijacker, PUP|
|Type||LSP Browser Hijacker, PUP|
|Short Description||A LSP hijacker can intercept the connection between the Internet and PC applications.|
|Symptoms||Internet connectivity issues, problems related to potentially unwanted programs.|
|Distribution Method||Installation of PUPs, third party software installers, bundling, etc.|
|Detection tool||Download Malware Removal Tool, to See If Your System Has Been Affected By LSP Hijacker, PUP|
Once this is done, the traffic between the Internet and applications on the computer can be interrupted, filtered or in some cases – modified. If you have recently experienced a repetitive interception of your Internet traffic, your system may have been compromised by a LSP hijacker.
How Are LSP and Potentially Unwanted Software Related?
LSP software usually takes care of low-level Internet related tasks. Data is transmitted in both ways through a chain of the LSP programs.
As you may have guessed, both legitimate and malicious software can use LSPs. Examples of legitimate applications using the service are Sygate Firewall, Mcafee Personal Firewall, E-Safe, and many others. However, potentially unwanted programs, such as adware and browser hijackers, can also employ LSPs and completely mess the targeted system. We have written about LSP browser hijackers before. A program that falls into the category is Dnsioweb.net. Another depiction of LSP hijacking is WeWatcherProxy.
What the problem generally is users have no idea a LSP intruder has entered their systems, until it’s too late. Such programs can be installed in a stealth manner – via bundled, silent and unattended installers.
Why Is LSP Hijacking Employed?
In terms of spyware and PUP, LSPs can be employed to redirect the traffic from the user’s PC to predetermined websites, or collect stats about Internet usability. When used for good reasons, LSPs will scan network traffic for malicious files, viruses, Trojans, etc.
How Can LSP Hijacking Be Stopped?
An AV program can remove the intruder. However, the removal process can be risky. You may wonder why. The Winsock Service Provider Interface (SPI) contains a system for layering providers. One of the problems may be that there can be more LSPs in the user’s stack. The order of layered providers is stored in the Winsock Catalog. If one of the LSPs is ‘taken out’ of the stack, there is a risk of damaging the Internet connection. Instead of fixing the problem, the problem can get worse.
There are some free utilities such as LSP-Fix that can fix problems related to LSP hijacking troubles. However, even such utilities should only be used by expert users and with great caution.
In case the LSP intruder was accompanied by a potentially unwanted program, the user should locate the PUP and uninstall it the regular way (the Uninstall a program).
Security researchers at MalwareBytes remind that the LSP feature was deprecated in Windows Server 2012. As a result, a prevalent number of Windows 8 metro apps have skipped the LSPs. If the user is running Windows 8/10, there may be no need of fixing anything. However, if there is a persistent Internet problem related to a LSP hijacker such as the Mezaa app (Mezaa.Service.exe) or WeWatcherProxy, there following process can be attempted:
→Choose Start – Programs – Accessories – right click on the Command Prompt and select Run as administrator.
→In the Command Prompt window type “Netsh winsock reset catalog”, and press Enter.
→Restart the PC.
After those steps are followed, the problematic programs can be removed manually from the system. However, remember that by doing this, you will delete everything, added to the default entries.
Such steps should only be done by users with expert knowledge and understanding of core system functionalities.
In case you feel like a browser hijacker or a PUP with such capabilities has sneaked into the system, you can also refer to our removal manual especially crafted for spyware of that kind.
Step 1: Remove/Uninstall LSP Hijacker, PUP in Windows
Here is a method in few easy steps to remove that program. No matter if you are using Windows 8, 7, Vista or XP, those steps will get the job done. Dragging the program or its folder to the recycle bin can be a very bad decision. If you do that, bits and pieces of the program get left behind, and that can lead to unstable work of your PC, mistakes with the file type associations and other unpleasant activities. The proper way to get a program off your computer is to Uninstall it.
Select the program that you want to remove, and press “Uninstall” (fig.3).
Follow the instructions above and you will successfully uninstall LSP Hijacker, PUP.
Step 2: Remove LSP Hijacker, PUP from your browser
Select the “Add-ons” icon from the menu
Select LSP Hijacker, PUP and click “Remove”
After LSP Hijacker, PUP is removed, restart Mozilla Firefox by closing it from the red “X” in the top right corner and start it again.
Select LSP Hijacker, PUP to remove, and then click ‘Disable’. A pop-up window will appear to inform you that you are about to disable the selected toolbar, and some additional toolbars might be disabled as well. Leave all the boxes checked, and click ‘Disable’.
After LSP Hijacker, PUP has been removed, restart Internet Explorer by closing it from the red ‘X’ in the top right corner and start it again.
From the drop menu select ‘Preferences’
In the new window select ‘Extensions’
Click once on LSP Hijacker, PUP
A pop-up window will appear asking for confirmation to uninstall LSP Hijacker, PUP. Select ‘Uninstall’ again, and the LSP Hijacker, PUP will be removed.
In order to remove any associated objects that are left after uninstall and detect any other threats, you should:
Step 3: Start Your PC in Safe Mode to Remove LSP Hijacker, PUP.
Removing LSP Hijacker, PUP from Windows XP, Vista, 7 systems:
1. Remove all CDs and DVDs, and then Restart your PC from the “Start” menu.
– For PCs with a single operating system: Press “F8” repeatedly after the first boot screen shows up during the restart of your computer. In case the Windows logo appears on the screen, you have to repeat the same task again.
– For PCs with multiple operating systems: Тhe arrow keys will help you select the operating system you prefer to start in Safe Mode. Press “F8” just as described for a single operating system.
3. As the “Advanced Boot Options” screen appears, select the Safe Mode option you want using the arrow keys. As you make your selection, press “Enter“.
4. Log on to your computer using your administrator account
While your computer is in Safe Mode, the words “Safe Mode” will appear in all four corners of your screen.
Removing LSP Hijacker, PUP from Windows 8, 8.1 and 10 systems:
Whilst holding down Shift button, click on Power and then click on Restart.
A menu will appear upon reboot. You should choose Safe Mode by pressing its corresponding number and the machine will restart and boot into Safe Mode so you can scan for and remove LSP Hijacker, PUP.
Step 4: Remove LSP Hijacker, PUP automatically by downloading an advanced anti-malware program.
To clean your computer you should download an updated anti-malware program on a safe PC and then install it on the affected computer in offline mode. After that you should boot into safe mode and scan your computer to remove all LSP Hijacker, PUP associated objects.