LSASS Exploit (sxp) ?????
I run Avast! Virus protection and every few minutes I get a small popup from avast warning me of an LSASS Exploit (sxp) and then it lists my wan ip and a port number. I have no idea what is going on here.
I run Avast! Virus protection and every few minutes I get a small popup from avast warning me of an LSASS Exploit (sxp) and then it lists my wan ip and a port number.
I have no idea what is going on here. I have full virus protection and have scanned my entire computer several times. I also used their removal tool and it did nothing. I also am running windows xp sp2 with all the updates, which should have patched this old exploit, yet it keeps popping up. I'll even run a netstat -a to make sure I dont see any funny connections and I dont. I've also run a full spy doctor scan and found nothing.
Any clue here?
I have no idea what is going on here. I have full virus protection and have scanned my entire computer several times. I also used their removal tool and it did nothing. I also am running windows xp sp2 with all the updates, which should have patched this old exploit, yet it keeps popping up. I'll even run a netstat -a to make sure I dont see any funny connections and I dont. I've also run a full spy doctor scan and found nothing.
Any clue here?
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
It's possible that you got the Sasser virus. Anyway Microsoft put out a fix for it a long time ago: http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
On the other hand, Avast! may be giving you a false positive.
There are three ports nomally affected by Sasser: TCP port 445 (Windows networking), FTP server on port 5554, and port 9996 as its backdoor.
On the other hand, Avast! may be giving you a false positive.
There are three ports nomally affected by Sasser: TCP port 445 (Windows networking), FTP server on port 5554, and port 9996 as its backdoor.
