exploit/lsass

[Guest]

Hi,
I have my Laptop updted automatically from Windows Upates, yesterday it
loaded the Windows XP service pack 2. Since restarting the computer and
connecting to the internet, my virus/firewall software, Panda Security, comes
up with the following message about 5 times a minute:

"Network Virus blocked!"
A network virus has tried to get into your computer. This attack has been
blocked.
Virus name:
Exploit/lsass

Sometimes it comes up with another message, the same as above but for:

Exploit/rcp-dcom

What do I need to do to get rid of this? My computer is all up to date, I
have microsoft spyware beta 1 and it runs fine as far as I can tell.

Please help, cheers

 

[David H. Lipman]

From: "clark_pm" <[email protected]>

| Hi,
| I have my Laptop updted automatically from Windows Upates, yesterday it
| loaded the Windows XP service pack 2. Since restarting the computer and
| connecting to the internet, my virus/firewall software, Panda Security, comes
| up with the following message about 5 times a minute:
|
| "Network Virus blocked!"
| A network virus has tried to get into your computer. This attack has been
| blocked.
| Virus name:
| Exploit/lsass
|
| Sometimes it comes up with another message, the same as above but for:
|
| Exploit/rcp-dcom
|
| What do I need to do to get rid of this? My computer is all up to date, I
| have microsoft spyware beta 1 and it runs fine as far as I can tell.
|
| Please help, cheers

Exploit-LSASS uses TCP port 445
Exploit-RPC/DCOM uses TCP port 135

It shows the FireWall is working in blocking the Internet worms that are trying to exploit
the buffer overflow vulnerabilities associated with the LSASS and RPC/DCOM modules.

However, it looks like it is annoying you. You would have to tell the Panda software to not
notify you of every event,

IF you are connected to Broadband Internet you can get a Cable/DSL Router such as the
Linksys BEFSR41. Then these exploits will be stopped at the Router and not even be seen at
the PC.

Personally, I go with using a Router and I also explicitly block TCP and UDP ports 135 ~139
and 445. I also strongly suggest it wherever and whenever possible to others.

How you will have Panda not notify of each even is not known but I suggest contacting Panda.
http://www.pandasoftware.com/about/contact/

http://www.pandasoftware.com/support/

 

[Guest]

I'd suggest something different .

Update your computer with the security patch

LSASS
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

RPC/DCOM
http://www.microsoft.com/technet/security/Bulletin/MS04-012.mspx


Microsoft Windows Updates
http://windowsupdate.microsoft.com

Panda Software informatio
http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=48854

All malwares about these malwares are detected and removed by Panda
TruPrevent !



Yes ,the firewall is working but you'd better update !

Panda_man

 

[Guest]

Panda_man,

I have the same problem as clark_pm. I keep getting these messages and will
follow your advice. My question: why doesn't Windows Update figuring out
that we need these updates on our systems?

Thanks!
swif