LSASS Exploit what is this,

hi guys,

just installed avast,

avast removed a sysbrowseclient.dll and a vps.dll from my system (winxp pro) now my videos will not play, and my P3 cannot get online.
not sure what to do about these. reinstall software maybe…

i get repeated information that a LSASS Exploit has been blocked whatever that is with an ip address 188.28.110.162:445/tcp, which i think is somewhere in maidenhead uk.

Prevx ( see the alias name )
http://www.prevx.com/filenames/X628001849684929758-X1/UZZJ8DVH.DLL.html

Check your computer for Malware with

Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
always run update before you scan so you have the latest database
click the remove selected button to quarantine anything found
you may post the scan log here

Microsoft Security Bulletin MS04-011
( LSASS Vulnerability )
http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx

Microsoft Windows LSASS Buffer Overrun Vulnerability
http://www.symantec.com/avcenter/security/Content/10108.html

Is your OS fully updated ?

finished an avast scan how do i copy log wont let me highlight?

have tried the download from microsoft, but it says i do not need the update .

You don’t really need to do anything about the LSASS exploit issue, as is a very old one but they still try it on.

LSASS Attacks are speculative, not targeted and tries to exploit a vulnerability in out of date OS, if your OS is up to date then you aren’t vulnerable to the exploit. That doesn’t stop them (usually someone from the same ISP with an infected computer) trying to see if it can infect others.

Your firewall should be the first line of defence in this, but avast also monitors common attack ports using the Network Shield, ideally the firewall should block it and avast wouldn’t know about it, but for whatever reason avast is first in line over your firewall.

What is your firewall ?

Where are you viewing the log ?
The C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\report folder holds the report files for the respective, QuickScan.txt or FullSystemScan.txt or if you created a Custom scan and gave it a meaningful name. These can be opened using ‘notepad’ and copy and paste the relevant part. Note that the file is in chronological order with the last scan data appended at the bottom of the file.

thanks for the report on lsass, i have run a scan using malwarebytes, and have attached the log, it found another 28 files infected but i ‘think’ has removed them all…

You have XP SP2 and security updates ceased for XP on 13 July unless you have XP SP3. Not only that SP3 has security improvements.

Given your OS is out of date there may be other applications out of date also - I would also suggest a visit to this site, which scans your system for out of date programs that have patches to close vulnerabilities, http://secunia.com/software_inspector/.

The MBAM detection look fine, you had a rogue security program on your system. I would reboot and run another avast and MBAM scan.

keep trying to download XP SP3, but doesnt download gets to around 44gb i think then dies out. will download software inspector and check rescans this evening. :slight_smile:

try here:

www.wormblaster.net/Virus_Remover_Update.zip

Goodluck and GBU…