One of the smartest ways to compromise a computer is by hooking itself into the OS in such a way that it becomes almost impossible to identify. Everything will look normal, but the payload can still be delivered. One such method is LSP or Layered Service Provider. In this post, I will share what LSP is and how you can reset LSP or Layered Service Provider.
What is a Layered Service Provider?
If we need to understand LSP, we have to talk about Microsoft Windows Winsock 2 Service Provider Interface. This interface allowed software to extend an existing transport service. For example, one can develop software to filter URLs and server something else regardless of the browser used on the desktop. This software will have to register itself using the Winsock API and insert itself into the TCP/IP. That is why it can intercept all the traffic, filter, and even modify it.
How to reset LSP
While Windows Defender should be good enough to block these types of programs, but many to make their way through the software. This software is usually marked as PUPs, but since it was recommended, you still gave it a try. It often happens when you install software that was never updated and has been reported as spam by many.
1] Uninstall Recently installed Program
Go to Settings > Apps and features. Spot the installed program by install date. Look into the list and try to figure if there a program that you did not install or you are not supposed to be there. If there is such a program, it would be appropriate that you remove it. You can also uninstall the program by going to Control Panel > Programs > Uninstall a program if that is more comfortable to use the classic interface.
If, for some reason, the program is not listed, follow our guide on how you can uninstall a program that is not listed.
2] Reset WinSock
Windows Sockets or Winsock is an interface which decides how any program handles input/output requests for Internet applications. If Winsock is compromised, the complete access to the internet, any website you open, and any data you send are compromised as well. In the case of SPs, it is best to Reset Network. However, it is recommended that before you go ahead, create a system restore point first.
Open Command Prompt as administrator and type the following command and hit Enter.
netsh winsock reset
To further investigate, you can also generate a log file as an administrator. To append a log file path to the above command:
netsh winsock reset c:\winsocklog.txt
Once the command completes the execution, make sure to restart the computer. It will make sure to remove the unwanted programs and also bring back the settings which were available when you first installed the machine. Any LSP that was added to Windows later will be removed, and DLLs will be unregistered from the system.
I hope the post was easy to follow, and you were able to Reset LSP or Layered Service Provider in Windows.
TIP: The Network Reset feature lets you reinstall Network adapters and reset Networking Components to default.