Jump to content

lsass.exe and udp port 500


Guest Bomb123
 Share

Recommended Posts

Guest Bomb123

Hello... Yesterday i had this alert from comodo firewall that lsass.exe wants to accept connection to udp port 500. The ip that tried to connect to the port belonged to some brazil telecom. I then scanned the lsass.exe in virustotal, here are the results http://www.virustotal.com/file-scan/report...b501-1292621138 So i am just wondering if this is a legit file. One person in the virustotal says that this is a patched file but i dont understand how could my computer be infected because i just installed a fresh install of windows xp...

Here is the file lsass.zip

Link to post
Share on other sites

  • Root Admin

The Lsass.exe process is responsible for the following components:

* Local Security Authority

* Net Logon service

* Security Accounts Manager service

* LSA Server service

* Secure Sockets Layer (SSL)

* Kerberos v5 authentication protocol

* NTLM authentication protocol

Just being probed does not mean you're infected. However you can easily get infected during the installation of Windows if you're online and not careful what you're doing.

Make sure you have a firewall running on your system to stop probing from coming through. On XP the built-in firewall only check incoming it does not block outgoing so using another firewall product that monitors both incoming and outgoing would be highly advisable.

I would ensure that you have an Anti-Virus product installed and up to date and do a full system scan. Also do a scan with an up to date version of MBAM and make sure both of them come back clean.

Link to post
Share on other sites

Guest Bomb123

Thanks for the information. So is there any worms that exploits the lsass.exe to spread? The ip that the probe came from is 187.53.50.82. I am just scanning my computer. Happy Days!

Link to post
Share on other sites

Guest Bomb123
There are plenty of attacks that can reach out and spread to other systems. Just run the AV and AM scans and see what they say then you won't have to guess and worry.

Well i have scanned my computer now with mbam, comodo antivirus, super antispyware, dr.web cureit and spybot search and destroy and all scanners did not find any malware so i quess that my system is clean. If someone could also confirm that the lsass.exe that i uploaded are clean then it would all be good. Thanks. :rolleyes:

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.