How to Reset Winsock in Batch Script
The Windows Sockets API (Winsock) is the interface layer between applications (browsers, email clients, streaming apps) and the network stack. When Winsock becomes corrupted, often from incomplete software uninstalls, browser hijackers, VPN remnants, or malware, applications lose the ability to communicate over the network even though the connection itself is healthy. You'll see symptoms like "Page cannot be displayed" in all browsers while Wi-Fi shows "Connected." Resetting the Winsock catalog restores this communication layer to its factory-installed state.
This guide explains how to reset Winsock with proper diagnostics, complementary resets, and post-reset verification.
Understanding Winsock's Role
Application Layer:
Chrome, Outlook, Spotify, etc.
│
▼
┌─────────────────────────────────────┐
│ WINSOCK CATALOG │ ← netsh winsock reset
│ (Translates app requests into │
│ network protocol operations) │
│ │
│ May contain Layered Service │
│ Providers (LSPs) from VPNs, │
│ firewalls, and malware │
└─────────────────────────────────────┘
│
▼
TCP/IP Stack → Network Adapter → Internet
What Winsock corruption looks like:
| Symptom | Why It Happens |
|---|---|
| "Page cannot be displayed" in all browsers | Winsock can't translate DNS/HTTP requests to TCP operations |
| Connected to Wi-Fi but no internet access | Winsock layer blocks or corrupts outgoing connections |
| DNS lookups fail after flushing DNS cache | Winsock LSP intercepts and breaks DNS requests |
| Network services fail to start | Winsock registry keys are damaged |
| Internet works for some apps but not others | Corrupt LSP filters traffic selectively |
What causes Winsock corruption:
- Malware removal: Malware often installs Winsock LSPs to intercept traffic. Removing the malware without cleaning the LSPs leaves broken hooks.
- VPN/firewall uninstall: VPN clients and firewalls install LSPs for traffic interception. Incomplete uninstall leaves orphaned LSPs.
- Browser hijacker cleanup: Security tools may remove a hijacker's executable but leave its Winsock hooks.
- Disk corruption: Bad sectors affecting the Winsock registry keys.
Resetting the Winsock catalog modifies protected registry keys at HKLM\System\CurrentControlSet\Services\Winsock and Winsock2. Without administrator elevation, the command fails silently or with "Requested operation requires elevation."
Method 1: Complete Winsock Reset with Complementary Fixes
A Winsock reset alone often isn't sufficient: if the DNS cache or TCP/IP stack is also corrupted, you'll still have issues. This method combines all related resets for a thorough network repair.
Implementation
@echo off
setlocal
echo ============================================================
echo Winsock Reset Utility
echo ============================================================
echo.
:: =============================================
:: Step 1: Check admin privileges
:: =============================================
net session >nul 2>&1
if errorlevel 1 (
echo [ERROR] This script must be run as Administrator. >&2
echo Right-click and select "Run as administrator." >&2
endlocal
exit /b 1
)
echo [OK] Running with administrator privileges.
echo.
:: =============================================
:: Step 2: Show current Winsock catalog (diagnostic)
:: =============================================
echo [INFO] Current Winsock catalog providers:
echo.
:: Count LSPs to help diagnose the issue
set "LSPCount=0"
for /f "tokens=*" %%a in ('netsh winsock show catalog 2^>nul ^| findstr /i "Provider" ^| find /c /v ""') do set "LSPCount=%%a"
echo Registered providers: %LSPCount%
echo (Default Windows has ~30 providers. Significantly more may indicate^)
echo (third-party LSPs from VPNs, firewalls, or malware.^)
echo.
:: =============================================
:: Step 3: Confirm the reset
:: =============================================
set /p "Confirm=Proceed with Winsock reset? (YES/no): "
if /i not "%Confirm%"=="YES" (
echo [INFO] Cancelled. No changes made.
endlocal
exit /b 0
)
echo.
:: =============================================
:: Step 4: Perform the resets
:: =============================================
:: Reset Winsock Catalog
echo [1/4] Resetting Winsock Catalog...
netsh winsock reset >nul 2>&1
if not errorlevel 1 (
echo [OK] Winsock Catalog reset to default.
) else (
echo [ERROR] Winsock reset failed. >&2
)
:: Reset TCP/IP Stack (complementary - often needed alongside Winsock)
echo [2/4] Resetting TCP/IP Stack...
set "ResetLog=%TEMP%\winsock_ipstack_reset_%RANDOM%.log"
netsh int ip reset "%ResetLog%" >nul 2>&1
if not errorlevel 1 (
echo [OK] TCP/IP Stack reset.
) else (
echo [WARNING] TCP/IP reset may not have completed fully. >&2
)
:: Flush DNS cache
echo [3/4] Flushing DNS cache...
ipconfig /flushdns >nul 2>&1
echo [OK] DNS cache flushed.
:: Reset WinHTTP proxy (proxy settings can also cause "connected but no internet")
echo [4/4] Resetting proxy settings...
netsh winhttp reset proxy >nul 2>&1
echo [OK] Proxy reset to direct access.
echo.
echo ============================================================
echo Winsock reset complete.
echo ============================================================
echo.
echo *** A REBOOT IS REQUIRED ***
echo.
echo The Winsock catalog is loaded into kernel memory at boot time.
echo Until you restart, applications continue using the old
echo (corrupted^) catalog. The reset takes effect only after reboot.
echo.
echo ============================================================
:: Log the operation
for /f "delims=" %%t in (
'powershell -NoProfile -Command "Get-Date -Format ''yyyy-MM-dd HH:mm:ss''"'
) do echo [%%t] WINSOCK RESET on %COMPUTERNAME% by %USERNAME% >> "%~dp0network_maintenance.log"
:: Offer reboot
echo.
set /p "Reboot=Reboot now? (YES/no): "
if /i "%Reboot%"=="YES" (
echo [ACTION] Rebooting in 10 seconds...
shutdown /r /t 10 /c "Winsock reset - restarting to apply changes."
)
endlocal
exit /b 0
A Winsock reset removes ALL Layered Service Providers (LSPs), including those installed by legitimate software like enterprise VPNs, web filters, and parental controls. After the reset, these applications may need to be reinstalled or repaired to restore their network filtering functionality.
What the Winsock reset does at the registry level:
netsh winsock reset overwrites the registry keys at:
HKLM\System\CurrentControlSet\Services\WinsockHKLM\System\CurrentControlSet\Services\Winsock2
This removes ALL registered Winsock providers (including any Layered Service Providers) and restores the default Windows providers. This is why it's so effective against malware, any malicious LSPs that were intercepting or modifying network traffic are wiped.
Why complementary resets are included:
Winsock corruption rarely occurs in isolation. The same events that corrupt Winsock (malware, bad uninstalls) typically also damage:
- TCP/IP registry keys →
netsh int ip resetfixes these - DNS resolver cache →
ipconfig /flushdnsclears stale entries - Proxy settings →
netsh winhttp reset proxyremoves rogue proxy configurations
Running all four resets together ensures no related corruption survives.
Method 2: Pre-Reset Winsock Catalog Inspection
Before resetting, inspect the current Winsock catalog to identify what LSPs are installed. This helps diagnose whether a specific piece of software is causing the corruption and whether reinstalling it will be needed after the reset.
@echo off
setlocal
echo [INFO] Winsock Catalog Inspection:
echo --------------------------------------------------
echo.
net session >nul 2>&1
if errorlevel 1 (
echo [ERROR] Administrator privileges required. >&2
endlocal
exit /b 1
)
:: Show the full catalog
echo [INFO] Registered Winsock providers:
echo.
netsh winsock show catalog | findstr /i "Description Provider"
echo.
echo --------------------------------------------------
echo.
:: Count and categorize
for /f "tokens=*" %%n in ('netsh winsock show catalog ^| findstr /i "^Winsock Catalog" ^| find /c /v ""') do set "TotalEntries=%%n"
echo Total catalog entries: %TotalEntries%
echo.
echo Default Windows installation has approximately 30 entries.
echo Significantly more may indicate third-party LSPs.
echo.
:: Check for common non-Microsoft providers
echo Non-Microsoft providers detected:
netsh winsock show catalog | findstr /v /i "Microsoft MSAFD" | findstr /i "Description" 2>nul
if errorlevel 1 echo (None found - catalog appears clean^)
echo.
echo --------------------------------------------------
echo.
echo [TIP] If non-Microsoft providers are listed above, they may need
echo to be reinstalled after a Winsock reset (VPNs, firewalls,
echo web filters^).
endlocal
exit /b 0
What to look for in the catalog:
| Provider Type | Source | Impact of Reset |
|---|---|---|
| Microsoft Base Providers (MSAFD, etc.) | Windows default | Automatically restored by the reset |
| VPN providers (Cisco, Palo Alto, etc.) | Enterprise VPN software | VPN software needs repair/reinstall |
| Firewall providers (Comodo, Norton, etc.) | Third-party firewalls | Firewall features need repair/reinstall |
| Unknown/suspicious providers | Potential malware LSPs | Removed. This is the intended effect. |
After a Winsock reset, any software that installed its own LSPs (VPN clients, web filters, parental controls, firewalls) may stop functioning. The application itself still runs, but its network interception/filtering capability is lost because its LSP was removed from the catalog. Reinstalling or repairing the application re-registers its LSP.
Method 3: Post-Reset Verification
After resetting and rebooting, verify that the Winsock catalog is clean and network connectivity is restored.
@echo off
setlocal
echo [INFO] Post-reset Winsock verification:
echo --------------------------------------------------
echo.
:: Check catalog state
for /f "tokens=*" %%n in ('netsh winsock show catalog ^| findstr /i "^Winsock Catalog" ^| find /c /v ""') do set "Entries=%%n"
echo Catalog entries: %Entries%
if %Entries% leq 35 (
echo [OK] Catalog size is within normal range (default ~30 entries^).
) else (
echo [INFO] Catalog has %Entries% entries. Check for re-installed LSPs.
)
echo.
:: Connectivity tests
echo Connectivity tests:
ping -n 1 -w 3000 127.0.0.1 >nul 2>&1
if not errorlevel 1 (
echo [OK] Loopback (127.0.0.1^) - TCP/IP stack functional
) else (
echo [FAIL] Loopback failed - stack may need TCP/IP reset too >&2
)
ping -n 1 -w 3000 8.8.8.8 >nul 2>&1
if not errorlevel 1 (
echo [OK] Internet (8.8.8.8^) - external connectivity working
) else (
echo [FAIL] Cannot reach external IP - check connection >&2
)
ping -n 1 -w 3000 google.com >nul 2>&1
if not errorlevel 1 (
echo [OK] DNS (google.com^) - name resolution working
) else (
echo [FAIL] DNS resolution failed - may need DNS configuration >&2
)
echo.
echo --------------------------------------------------
endlocal
exit /b 0
Expected post-reset state:
After a successful Winsock reset and reboot:
- The Winsock catalog should have approximately 30 entries (default Microsoft providers).
- Loopback (127.0.0.1) should succeed immediately.
- External IP (8.8.8.8) should succeed if the physical connection is healthy.
- DNS resolution should succeed if the DNS server configuration is correct.
If any test fails after the reset and reboot, the issue may be at a different network layer (TCP/IP stack, adapter, physical connection, DNS configuration).
How to Avoid Common Errors
Wrong Way: Only Resetting Winsock
:: INCOMPLETE: may leave TCP/IP, DNS, and proxy corruption intact
netsh winsock reset
:: "Internet still doesn't work after reboot!"
Winsock corruption often accompanies TCP/IP and DNS corruption. Resetting only Winsock fixes the application-to-stack translation layer but leaves other corrupted layers untouched.
Correct Way: Combine Winsock reset with TCP/IP reset, DNS flush, and proxy reset (Method 1).
Wrong Way: Not Rebooting After Reset
The Winsock catalog is loaded into kernel memory during boot. netsh winsock reset modifies the registry, but the kernel continues using the old catalog until the next boot. Testing immediately after the reset will show no improvement.
Correct Way: Always reboot after a Winsock reset. Every method in this guide includes a reboot prompt.
Wrong Way: Using the Script Without Knowing What's Installed
:: Resets Winsock without knowing that the corporate VPN had an LSP
netsh winsock reset
:: After reboot: VPN no longer filters traffic, IT department is unhappy
Correct Way: Run Method 2 (catalog inspection) first to identify what LSPs are installed. Note any non-Microsoft providers that will need reinstallation after the reset.
Problem: VPN/Firewall Stops Working After Reset
Enterprise VPNs and firewalls install LSPs to inspect and filter network traffic. A Winsock reset removes these LSPs, disabling their network interception capability.
Solution: After the reset and reboot, repair or reinstall the affected application. Most enterprise software has a "Repair" option in Add/Remove Programs that re-registers its LSP without a full reinstall.
Problem: Same Corruption Returns After Reset
If the Winsock catalog corrupts again shortly after resetting:
- The malware that installed the corrupt LSP is still present - run a full antivirus scan before resetting.
- The software that installed the LSP is still running and re-registers it - uninstall the software before resetting.
- A scheduled task or login script reinstalls the LSP - check for automated re-registration.
If malware installed a malicious Winsock LSP, resetting Winsock while the malware is still active is pointless - it will immediately reinstall the LSP. Remove the malware FIRST (using an antivirus scan from Safe Mode if necessary), THEN reset Winsock to clean up the orphaned LSP.
Best Practices and Rules
1. Inspect Before Resetting
Run Method 2 to see what's in the Winsock catalog before clearing it. This identifies which legitimate software will need repair/reinstall after the reset.
2. Combine All Related Resets
Pair netsh winsock reset with netsh int ip reset, ipconfig /flushdns, and netsh winhttp reset proxy for a thorough network repair (Method 1).
3. Always Reboot
The Winsock catalog is loaded at boot time. Without a reboot, the reset has no effect on running applications.
4. Remove Malware FIRST
If the corruption was caused by malware, remove the malware before resetting Winsock. Otherwise, the malware re-installs its LSP immediately.
5. Verify After Reboot
Run Method 3 to confirm the catalog is clean and connectivity is restored. Don't assume the reset worked, verify it.
6. Document Installed LSPs for Enterprise Environments
In corporate environments, maintain a record of which software installs Winsock LSPs. This allows IT to quickly repair affected applications after a Winsock reset.
Conclusion
Resetting the Winsock catalog is the primary fix for application-level network failures where the connection itself is healthy but applications cannot communicate over it. By inspecting the catalog before resetting, combining the reset with complementary TCP/IP and DNS fixes, and verifying the result after rebooting, you create a thorough network repair workflow. The key insight is that Winsock resets remove ALL Layered Service Providers, both malicious and legitimate, so knowing what's installed beforehand and planning for reinstallation afterward is essential for a smooth recovery.