Techist - Tech Forum

Techist - Tech Forum (http://www.techist.com/forums/)
-   Microsoft Windows and Software (http://www.techist.com/forums/f9/)
-   -   is this safe to allow? (http://www.techist.com/forums/f9/safe-allow-21835/)

jaksback 07-29-2004 08:15 PM

is this safe to allow?
 
my firewall asks me every now and again if it wants me to allow the following to be allowed to access the internet....is it?
http://img.photobucket.com/albums/v1...a619/lsass.jpg

xotix 07-29-2004 08:17 PM

click on technical support, and zonelabs web site will tell you what that program is all about.

however, if you have recently installed software before you started to see that, then you have spyware.

Lobos 07-30-2004 03:01 AM

I don't think it has any buisness accessing the internet

jaksback 07-30-2004 04:34 AM

well, i have run spybot S&D, adaware, and have a real time antivirus which none have rung alarms. they are all updated. this only happens every now and then. I had been just letting it go access but i will see what happens the next time when i don't

microbell, my firewall logs don't display what programs are being rewuired permission to the net.

ShoobieRat 07-30-2004 03:19 PM

LSASS.EXE: Local security authentication server

From: Microsoft, Windows Base

Info: "lsass.exe" is the Local Security Authentication Server. It verifies the validity of user logons to your PC/Server. It generates the process responsible for authenticating users for the Winlogon service. This process is performed by using authentication packages such as the default Msgina.dll. If authentication is successful, Lsass generates the user's access token, which is used to launch the initial shell. Other processes that the user initiates inherit this token.

Note: The lsass.exe file is located in the c:\windows\System32 folder. In other cases, lsass.exe is a virus, spyware, trojan or worm!

Virus with same name:
W32.Nimos.Worm - Symantec Corporation
W32.Sasser.E.Worm (Lsasss.exe) - McAfee
W32.HLLW.Lovgate.C@mm - Symantec Corporation


A fully updated Windows, and virus checker should catch this. I'd deny it access. If Windows throws up, restore access.

jaksback 07-30-2004 08:53 PM

the last time it popped up was when I went to check for updates on Adaware. I denied it access, there was no update available (or at least that's what it said). There doesn't appear to be any internet activity out of the ordinary according to the firewall. nothing seems to be dumping on me, so the next time that it asks I'll deny it.

Lobos 07-31-2004 08:33 AM

If your reference file is 01R334 24.07.2004 Then your ok for adaware . They havent had an update for a good three days.

jaksback 07-31-2004 08:41 AM

Thanks Lobos, i appreciate that...A LOT....it is 01R334....sometimes I get nervous about when they don't have updates for a few days. I actually had to reinstall both my AV and Spybot cuz when I went to update either one they both told me no updates were available and that was like after 2 weeks. Something went glitch.

How many signatures should I have for Spybot? It has 15501 right now. Is this right?

Lobos 07-31-2004 08:46 AM

actually spybot s/d just had one

07-28-2004

Spybot Definitions update July 28/04
Use program internal updater!
Beta Definitions: 19 kb
http://www.spybot.info/en/download/index.html

jaksback 07-31-2004 08:56 AM

i ran then detection update from the site from your link above and when i check for probs with spybot it still says only 15501 definitions...what the hell...gotta go to work so i'll work on this later.


All times are GMT -5. The time now is 05:31 PM.

Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2018, vBulletin Solutions, Inc.