lsass exploit problem

[anakin]

Hello, guys, I hope you can help me with this, because I really don't know about viruses.
I've always been so concerned with security, and use avast! for a few years now.

Last monday, I received an e-mail from a known person, with a .doc file attached.
I use mozilla Thunderbird.
I downloaded the file, and fast-checked it -as I always do- with avast! (I had just updated the

virus database, which I do everyday). It said the file was ok.

I don't have Word installed on my computer. I imported it with OpenOffice.org. The file had no

macros attached.

Then, I saw this message in yellow background with red letters for a few secs.:

"Network shield: blocked "LSASS Exploit (SXP) - attack from 77.209.14.241:445/tcp"

The computer didn't crash, but my browser (Firefox) stopped working as if going to crash, and

then it when on, and later, my connection to the internet went off.

Since then, the computer works correctly but my connection to the internet crashes after 5

minutes or so, and if I want to re-connect, I have to re-boot my machine.
If I don't connect to the internet, the problem doesn't happen. And it also happens if I connect

although I don't initiate any browser at all.

The "Network shield" message appears only every once in a while, (only for a few seconds, so I

got a screen print to 'record' it), but the failure with internet connection happens always since

then.

Before the connection to internet hangs, I always see a windows dialog that "Generic host process

for Win32" doesn't work.

I've performed two boot-time scans of the computer. Avast! says there's no virus.
Whenever I start avast! it checks memory and doesn't report any virus.
I've checked the system for viruses and avast! says there are no viruses.
I've taken the original file to the chest, explored it there, and avast! says it has no viruses.

But the problem with internet connections still persists.

(I run Windows XP SP-2, with the firewall on)
I checked entries in this forum for LSASS and saw people have already had problems with LSAS, but

it seems it switches off people's computers. It's not what happens to me.

PS: message from avast!'s network shield seems to refer to an IP address; I checked it in geektools, and it belongs to vodafone, wich is my internet ISP provider. I don't understand this.

Could they have transmitted this virus to me?

Pls, can anyone help me or suggest something I could do?

Thank you very much in advance.

[Spiritsongs]

   Hi :

     As you have now discovered, emails from "known person(s)" MAY NOT
     actually be from "them"; email addresses are "stolen" on a regular basis.
     To be more safe, should actually send an email to the person who allegedly
     sent the email to "confirm" it is actually from them .
     As to your situation, have you tried clicking "Run", typing "cmd" ( without
     the quotes ), click "ok", type "netsh winsock reset" and reboot !?

     And hopefully you have more security on your computer in addition
     to Avast !?

[anakin]

 
Thank you for your help, Spiritsongs.

I did as you told me, but it was unsuccessful.
I formatted the disk and restored from my weekly backup.

In addition to avast! and windows firewall, what more security would you recommend me?

   sorry my ignorance, and thks. for your patience.

PS: the e-mail was "really" from the person I expected; we had talked by the phone, and I was expecting his e-mail.

[polonus]

Hi anakin,

This also cures this exploit: http://vil.nai.com/vil/stinger/default.aspx
You can use it as a non-resident scanner next to avast resident av,

polonus