Short bio

PUP.Optional.Winsock and all associated detection names refer to a type of Potentially Unwanted Program (PUP) that intercepts network traffic between the Internet and its victims applications, making it possible to redirect browsers to potentially malicious websites, insert advertisements into the victim’s browsing experience, and even collect/intercept personal information.

This detection refers to a specific DLL which performs the interception, which means it can show up alongside numerous PUP detections.

For more information on how this happens, as well as info on the LSP stack, please check out our blog on Labs.

Common infection method

PUP.Optional.Winsock is often found detecting one or more parts of another PUP. As it is not related to any specific PUP threat, general PUP avoidance tactics should prevent you from further infection.


Malwarebytes Anti-Malware completely removes this threat. No further clean up is required.

However, it is important to note that after quarantine of this threat, your system may require at least two complete reboots to remediate the damage. For an example of a PUP that utilizes this threat, check out the removal guide for the Shopperz PUP.

Associated threats

  • Optional.Winsock.Hijack
  • Optional.Winsock.HijackBoot
  • Optional.Winsock.HijackBoot.A
  • Optional.Winsock.WnskRST

Cybersecurity info you can’t do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Select your language