LSASS exploit (sxp) attack

Avast Free Antivirus / Premium Security
1

Hi, sorry for my language, I’m french

I updated avast to avast 4.6.603 and he detect me (from “bouclier reseau” an entering connection : "LSASS exploit (sxp) attack from 82.127.189.130:445 " blocked

I never had this alarm with the old version… ???

thx for your answers
-Wilbird-

Wxp-sp2-Avast-kerio-SS&D-adaware-SG-SB>>> (updated)

2

And your question is?

3

…LoL… :smiley:

it is a known problem of the new version or a real attack?

4

It is not a problem, since Avast blocked it :wink:
And the LSASS exploit is really old.
Worms like Sasser and Blaster are using this exploit.
Just make sure you have ALL security patches/updates installed for your system.

Nothing to worry about if you have your system up-to-date and have configured Avast and your firewall correctly.

EDIT: Make yourself familiar with the applications you use using the help files. They contain a lot of information.
Also use the search option on this board. A lot of questions have been asked and answered here. :wink:

5

I have just updated window.

that then I to make of other : the message is always ?
thx

6

Sorry, but I don’t know what you mean.
http://world.altavista.com may be of help to you with translating to English.

7

sorry… :-\

the message of alarm always appears, same after the updates window

What do I have to make?
thx

8

As I said. Don’t worry. Avast is blocking it and that is good.
If you don’t want to see the message, disable in the options of the provider “show detailed information about performd action”

That way Avast will still work and block the attacks but you won’t see the message.

9

OK,
thank you eddy for your helping

:wink:

10

Yo Eddie, I have a question
I’m gettin this attack from two computers on my network but my avast blocks them all the time. Can i run the blaster and sasser removal tools on the infected computers? I tried running avast but no luck.

11

Eddy is not being logged last days :-\ :cry:

And, what happens if you disable avast! to run the removal tools?
Are you sure that this particular computer is infected?

12

It is really nice to know that Avast is really taking care of this but the question is - is there any internal file which is trying to introduce this attack which Avast is confronting repeatedly? For example, if this message appears in my PC then should I assumen that LSASS or any other exe file should be healed in order to stop the repeated attempt to hack our computers?

13

FYI: You posted to a way outdated thread…!!
Please start a new topic to ask for help in the forum.
asyn

14

From 2005 ??? ??? ??? Are you travelling on a computer time machine or drinking to much beer ;D

15

They are external and random attacks, not internal. Normally your firewall should be the one to detect and block these attacks (silently) but for some reason the avast Network Shield is blocking them.

What is your firewall ?