Fixing LSP Hijacking and Internet Connection Problems - How to, Technology and PC Security Forum |

Fixing LSP Hijacking and Internet Connection Problems

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Have you heard of the term LSP hijacker? Well, you may not know the term, but you may have encountered the problem caused by it. LSP stands for Layered Service Provider, which is basically a .dll file that uses the Winsock API to place itself into the TCP/IP stack.

NameLSP Hijacker, PUP
TypeLSP Browser Hijacker, PUP
Short DescriptionA LSP hijacker can intercept the connection between the Internet and PC applications.
SymptomsInternet connectivity issues, problems related to potentially unwanted programs.
Distribution MethodInstallation of PUPs, third party software installers, bundling, etc.
Detection toolDownload Malware Removal Tool, to See If Your System Has Been Affected By LSP Hijacker, PUP

Once this is done, the traffic between the Internet and applications on the computer can be interrupted, filtered or in some cases – modified. If you have recently experienced a repetitive interception of your Internet traffic, your system may have been compromised by a LSP hijacker.

How Are LSP and Potentially Unwanted Software Related?

LSP software usually takes care of low-level Internet related tasks. Data is transmitted in both ways through a chain of the LSP programs.

As you may have guessed, both legitimate and malicious software can use LSPs. Examples of legitimate applications using the service are Sygate Firewall, Mcafee Personal Firewall, E-Safe, and many others. However, potentially unwanted programs, such as adware and browser hijackers, can also employ LSPs and completely mess the targeted system. We have written about LSP browser hijackers before. A program that falls into the category is Another depiction of LSP hijacking is WeWatcherProxy.

What the problem generally is users have no idea a LSP intruder has entered their systems, until it’s too late. Such programs can be installed in a stealth manner – via bundled, silent and unattended installers.

Why Is LSP Hijacking Employed?

In terms of spyware and PUP, LSPs can be employed to redirect the traffic from the user’s PC to predetermined websites, or collect stats about Internet usability. When used for good reasons, LSPs will scan network traffic for malicious files, viruses, Trojans, etc.

How Can LSP Hijacking Be Stopped?

An AV program can remove the intruder. However, the removal process can be risky. You may wonder why. The Winsock Service Provider Interface (SPI) contains a system for layering providers. One of the problems may be that there can be more LSPs in the user’s stack. The order of layered providers is stored in the Winsock Catalog. If one of the LSPs is ‘taken out’ of the stack, there is a risk of damaging the Internet connection. Instead of fixing the problem, the problem can get worse.

There are some free utilities such as LSP-Fix that can fix problems related to LSP hijacking troubles. However, even such utilities should only be used by expert users and with great caution.

In case the LSP intruder was accompanied by a potentially unwanted program, the user should locate the PUP and uninstall it the regular way (the Uninstall a program).


Security researchers at MalwareBytes remind that the LSP feature was deprecated in Windows Server 2012. As a result, a prevalent number of Windows 8 metro apps have skipped the LSPs. If the user is running Windows 8/10, there may be no need of fixing anything. However, if there is a persistent Internet problem related to a LSP hijacker such as the Mezaa app (Mezaa.Service.exe) or WeWatcherProxy, there following process can be attempted:

→Choose Start – Programs – Accessories – right click on the Command Prompt and select Run as administrator.

→In the Command Prompt window type “Netsh winsock reset catalog”, and press Enter.

→Restart the PC.

After those steps are followed, the problematic programs can be removed manually from the system. However, remember that by doing this, you will delete everything, added to the default entries.

Such steps should only be done by users with expert knowledge and understanding of core system functionalities.


In case you feel like a browser hijacker or a PUP with such capabilities has sneaked into the system, you can also refer to our removal manual especially crafted for spyware of that kind.

Step 1: Remove/Uninstall LSP Hijacker, PUP in Windows

Here is a method in few easy steps to remove that program. No matter if you are using Windows 8, 7, Vista or XP, those steps will get the job done. Dragging the program or its folder to the recycle bin can be a very bad decision. If you do that, bits and pieces of the program get left behind, and that can lead to unstable work of your PC, mistakes with the file type associations and other unpleasant activities. The proper way to get a program off your computer is to Uninstall it. To do that:

  • Hold the Windows Logo Button and “R” on your keyboard. A Pop-up window will appear (fig.1).
  • uninstall-virus-fig1

  • In the field type in “appwiz.cpl” and press ENTER (fig.2).
  • uninstall-virus-fig2

  • This will open a window with all the programs installed on the PC.
    Select the program that you want to remove, and press “Uninstall” (fig.3).
  • uninstall-virus-fig3

    Follow the instructions above and you will successfully uninstall LSP Hijacker, PUP.

    Step 2: Remove LSP Hijacker, PUP from your browser

    Remove a toolbar from Mozilla FirefoxRemove a toolbar from Google Chrome Remove a toolbar from Internet Explorer Remove a toolbar from Safari
    Start Mozilla Firefox Open the menu window


    Select the “Add-ons” icon from the menu


    Select LSP Hijacker, PUP and click “Remove


    After LSP Hijacker, PUP is removed, restart Mozilla Firefox by closing it from the red “X” in the top right corner and start it again.

    Start Google Chrome and Open the drop menu


  • Move the cursor over “Tools” and then from the extended menu choose “Extensions
  • uninstall-fig8

  • From the opened “Extensions” menu locate LSP Hijacker, PUP and click on the garbage bin icon on the right of it.
  • uninstall-fig9

  • After LSP Hijacker, PUP is removed, restart Google Chrome by closing it from the red “X” in the top right corner and start it again.
  • Start Internet Explorer:

  • Click “‘Tools’ to open the drop menu and select ‘Manage Add-ons’
  • uninstall-fig10

  • In the ‘Manage Add-ons’ window, make sure that in the first window ‘Add-on Types’, the drop menu ‘Show’ is on ‘All add-ons’
  • uninstall-fig11

    Select LSP Hijacker, PUP to remove, and then click ‘Disable’. A pop-up window will appear to inform you that you are about to disable the selected toolbar, and some additional toolbars might be disabled as well. Leave all the boxes checked, and click ‘Disable’.


    After LSP Hijacker, PUP has been removed, restart Internet Explorer by closing it from the red ‘X’ in the top right corner and start it again.

    Start Safari

    Open the drop menu by clicking on the sprocket icon in the top right corner.

    From the drop menu select ‘Preferences’
    In the new window select ‘Extensions’
    Click once on LSP Hijacker, PUP
    Click ‘Uninstall’


    A pop-up window will appear asking for confirmation to uninstall LSP Hijacker, PUP. Select ‘Uninstall’ again, and the LSP Hijacker, PUP will be removed.

    In order to remove any associated objects that are left after uninstall and detect any other threats, you should:

    Step 3: Start Your PC in Safe Mode to Remove LSP Hijacker, PUP.

    Removing LSP Hijacker, PUP from Windows XP, Vista, 7 systems:

    1. Remove all CDs and DVDs, and then Restart your PC from the “Start” menu.
    2. Select one of the two options provided below:

    For PCs with a single operating system: Press “F8” repeatedly after the first boot screen shows up during the restart of your computer. In case the Windows logo appears on the screen, you have to repeat the same task again.

    For PCs with multiple operating systems: Тhe arrow keys will help you select the operating system you prefer to start in Safe Mode. Press “F8” just as described for a single operating system.

    3. As the “Advanced Boot Options” screen appears, select the Safe Mode option you want using the arrow keys. As you make your selection, press “Enter“.
    4. Log on to your computer using your administrator account

    While your computer is in Safe Mode, the words “Safe Mode” will appear in all four corners of your screen.

    Removing LSP Hijacker, PUP from Windows 8, 8.1 and 10 systems:

    Substep 1:

    Open the Start Menu
    Windows-10-0 (1)

    Substep 2:

    Whilst holding down Shift button, click on Power and then click on Restart.

    Substep 3:

    After reboot, the aftermentioned menu will appear. From there you should choose Troubleshoot.

    Substep 4:

    You will see the Troubleshoot menu. From this menu you can choose Advanced Options.
    Windows-10-2 (1)

    Substep 5:

    After the Advanced Options menu appears, click on Startup Settings.
    Windows-10-3 (1)

    Substep 6:

    Click on Restart.
    Windows-10-5 (1)

    Substep 7:

    A menu will appear upon reboot. You should choose Safe Mode by pressing its corresponding number and the machine will restart and boot into Safe Mode so you can scan for and remove LSP Hijacker, PUP.

    Step 4: Remove LSP Hijacker, PUP automatically by downloading an advanced anti-malware program.

    To clean your computer you should download an updated anti-malware program on a safe PC and then install it on the affected computer in offline mode. After that you should boot into safe mode and scan your computer to remove all LSP Hijacker, PUP associated objects.

    NOTE! Substantial notification about the LSP Hijacker, PUP threat: Manual removal of LSP Hijacker, PUP requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

    Milena Dimitrova

    An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

    More Posts

    Leave a Comment

    Your email address will not be published. Required fields are marked *

    Time limit is exhausted. Please reload CAPTCHA.

    Share on Facebook Share
    Share on Twitter Tweet
    Share on Google Plus Share
    Share on Linkedin Share
    Share on Digg Share
    Share on Reddit Share
    Share on Stumbleupon Share