LSASS Exploit (sxp) ?????
This is a discussion about LSASS Exploit (sxp) ????? in the Windows Security category; I run Avast! Virus protection and every few minutes I get a small popup from avast warning me of an LSASS Exploit (sxp) and then it lists my wan ip and a port number. I have no idea what is going on here.
I run Avast! Virus protection and every few minutes I get a small popup from avast warning me of an LSASS Exploit (sxp) and then it lists my wan ip and a port number.
I have no idea what is going on here. I have full virus protection and have scanned my entire computer several times. I also used their removal tool and it did nothing. I also am running windows xp sp2 with all the updates, which should have patched this old exploit, yet it keeps popping up. I'll even run a netstat -a to make sure I dont see any funny connections and I dont. I've also run a full spy doctor scan and found nothing.
Any clue here?
I have no idea what is going on here. I have full virus protection and have scanned my entire computer several times. I also used their removal tool and it did nothing. I also am running windows xp sp2 with all the updates, which should have patched this old exploit, yet it keeps popping up. I'll even run a netstat -a to make sure I dont see any funny connections and I dont. I've also run a full spy doctor scan and found nothing.
Any clue here?
Participate in our website and join the conversation
This subject has been archived. New comments and votes cannot be submitted.
Dec 20
Dec 21
0
1 minute
Responses to this topic
It's possible that you got the Sasser virus. Anyway Microsoft put out a fix for it a long time ago: http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
On the other hand, Avast! may be giving you a false positive.
There are three ports nomally affected by Sasser: TCP port 445 (Windows networking), FTP server on port 5554, and port 9996 as its backdoor.
On the other hand, Avast! may be giving you a false positive.
There are three ports nomally affected by Sasser: TCP port 445 (Windows networking), FTP server on port 5554, and port 9996 as its backdoor.
OP
I just decided to block port 445 with a registry hack since my version of windows (xp with sp2)_ is not listed on the security page by Microsoft.
