Author Topic: LSASS EXPLOIT  (Read 2075 times)

0 Members and 1 Guest are viewing this topic.

Mashiro

  • Guest
LSASS EXPLOIT
« on: May 30, 2006, 10:24:30 AM »
Yes, this has been really irritating me for the past 3 months.  This virus hit during the period I was away from home and unable to maintenance the computer.  My parents and sisters use the computer and they really trashed it... I tried all of those LSASS removal tools such as the one from norton, I've obviously run full scans with AVAST! and honestly it's just lame nothing detects the worm on my computer at all!

I have ZoneAlarm installed on this computer and when ZoneAlarm is activated LSASS becomes locked away in my networking so it never attacks.

My point is this, This worm has been sitting on my frickin computer for 3 months and not even a reformat of the harddrive completely partition and everything was able to get rid of it.  I think that it may be residing in my network card or perhaps my DSL router? 

the following IP address is where the attack is coming from: 70.16.133.190:445/tcp

PS, I know that since it's being blocked there isn't a problem but if I were to ever have to disable ZoneAlarm and AVAST! this virus will immediately hit my computer and force a shut down.  I have something lurking around SOMEWHERE and it's bothering me to no end, I really want to get rid of it.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67212
Re: LSASS EXPLOIT
« Reply #1 on: May 30, 2006, 01:58:30 PM »
Can you boot in Safe Mode?
From there, can you schedule a boot time scanning with avast?
On-line scanning (at Safe Mode) will help?
Do you have any other security program installed?
The best things in life are free.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 87439
  • No support PMs thanks
Re: LSASS EXPLOIT
« Reply #2 on: May 30, 2006, 03:28:10 PM »
Quote from: Mashiro
My point is this, This worm has been sitting on my frickin computer for 3 months and not even a reformat of the harddrive completely partition and everything was able to get rid of it.  I think that it may be residing in my network card or perhaps my DSL router?

the following IP address is where the attack is coming from: 70.16.133.190:445/tcp

You probably aren't infected with the LSASS Exploit virus, the warning doesn't necessarily mean you have a LSASS exploit virus (residing on your computer), just that someone has attempted to infect you with a virus exploiting the LSASS vulnerability.

If your Operating System is fully up to date you aren't vulnerable to this exploit, it doesn't stop people trying to infect you.

I assume that this alert is from the Network Shield rather than ZA (check the avast Log Viewer), if so Network Shield will have blocked the download access to this exploit, you weren't infected. A lot depends on what starts first on the windows book, if ZA was a little quicker it would detect the LSASS exploit traffic as you mention but if Network Shield was somehow in front of the firewall it would detect and block the LSASS exploit.

On-line Virus Scanners and other useful Links Security-Ops.eu.tt, you could use one of these to confirm you aren't infected.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.1.6049 (build 23.1.7883.774) UI 1.0.746/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security