Application causing LSP Chain to be deleted. No external connectivity after (Battleping)

  • 27 April 2014
  • 2 replies
  • 52 views

Hey there!
 
So i have an issue with a clients workstation and thought id ask to see what else i can do to try and fix it. The clients using a program called BattlePing (www.battleping.com) to allow him to connect to online games and reduce his latencey. From what it looks like it just creates a ssh tunnel and runs traffic through there but anyway. I first ran into a problem with the clients workstation a few weeks ago when we initially installed WebRoot Endpoint Protection on it and after an initial reboot we had no network / internet connectivity.  After reading the logs form the iniital scan (and getting some help from support!) we found it to be a result from a malware LSP Chain Corruption. These where the following lines in the log.
 
"Removed invalid LSP chain entry: %SystemRoot%system32etworkdlllsp.dll"
"Removed invalid LSP chain due to malware corruption"
 
 I ended up performing a clean installation of windows 8.1 on the workstation, updated, installed endpoint protection and installed everthing back onto the workstation and everything was working fine and we had no more issues.
 
However. I received a call from the client today saying that he cant access anything on his network or on the internet, after looking into it i have found that the exact same error in the scan logs as when i first intalled it. I also found the logs where after it was monitoring this program battleping.
 
From the looks of it Battleping has been set to allowed (it has a G in the scan logs) and the client did tell me that this happened exactly after battleping was closed and when he tried to open an internet browser it would proceed ot not repond and crash which he then rebooted his workstaton, however he had been using battleping prior to this without any problems. After my first attempt at trying to repair this i am not too sure what i would do to prevent this in the future, the client is adament on keeping this progam on his pc.
 
Has anyone had any issues with this kind of false possitive before? i'm not too sure what to do to resolve it.
 
 
Thanks for reading!
 
Kurtis

2 replies

networkdlllsp.dll is part of the Battleping application and is not malware, so it may be a False Positive.
 
If you are unable to resolve this issue.
Have him swap to the backup driver on the Battleping program,  This does not use an LSP chain.
It is located under:  Connection > Driver.
 
Reset the winsock catalog  using command prompt  should restore interenet connectivity.
 
Thanks for the reply shantest, I will get him to change this setting. As for the winsock catalogue reset I've tried this on the workstation and received a "the system cannot find the file specified" tried a whole bunch of things to try and resolve the error but ended up just restoring from a backup.

Reply