Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lsass (exp & Sxp) & Dcom Exploit Attacks - Wt! R They?


  • Please log in to reply
2 replies to this topic

#1 chishnfips

chishnfips

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:10:37 AM

Posted 19 July 2006 - 11:50 PM

I used Avast! cause it caught virus's Nortons/McAffees didn't. And once again it has saved my tush!

Anyhow, I tried my traceroute to no avail!! Below is a copy of my log - anyone care to give it a go? Please do!

Then of course the question is, what to do next? Other than the obvious. It seems this all started when I d/l'd the 'beta' Yahoo/MSN compatible msngr. So beware all! I'd like to get the attacker/s tracked and taken care of before someone out there gets caught out. Not all ppl are puter savvy.

Here it is: Good Luck and let me know - Thanks.

07.07.2006 16:10:04 LSASS Exploit (EXP) attack
from 209.43.96.199:445
07.07.2006 16:15:10 LSASS Exploit (SXP) attack
from 209.161.211.213:445
08.07.2006 20:04:41 LSASS Exploit (SXP) attack
from 209.161.238.98:445
19.07.2006 16:33:59 DCOM Exploit attack
from 201.121.183.226:135
19.07.2006 20:30:03 DCOM Exploit attack
from 209.161.221.163:135
19.07.2006 20:36:13 DCOM Exploit attack
from 209.161.221.163:135
We have just enough religion to make us hate,
but not enough to make us love each other"

- Johnathon Swift

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,277 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:37 AM

Posted 20 July 2006 - 08:23 AM

Did you receive a Network Sheild alert that looks like this?

Network shield is meant to block known internet worms, "NETWORK SHIELD: BLOCKED "DCOM EXPLOIT" - ATTACK FROM 200.217.63.80:135/TCP" basicly means avast has blocked one (dcom exploit) and you are protected/safe.

The log identifies the attacks and where they originated from.
See the discussions here and here for "DCOM Exploit"

Same applies to "LSASS EXPLOIT". The attack is identified and blocked by avast.
See the discussions here and here for "LSASS Exploit"

If you want to double-check your system to ensure its clean, download and scan with MS Malicious Software Removal Tool.

Edited by quietman7, 20 July 2006 - 08:28 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 chishnfips

chishnfips
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:10:37 AM

Posted 21 July 2006 - 12:09 AM

Thanks for your reply.

My avast! wdw isn't that big and I know it's blocked and I'm protected. I've run all programs and then some no spy/mal/troj/worm - nada!

I'm asking because it's a bloody nuisance! I suppose you just have to put up with it, till they tired of trying and/or a fix becomes available for it. Which really sux! And make me more determined to get my brain wrapped around learning Linux! lol Here's tonights fun for you:
20.07.2006 21:01:49 LSASS Exploit (SXP) attack
from 209.161.213.115:445
20.07.2006 21:06:22 DCOM Exploit attack
from 209.161.213.115:135
20.07.2006 21:10:25 DCOM Exploit attack
from 209.161.213.115:135
20.07.2006 21:35:39 DCOM Exploit attack
from 209.161.213.115:135
20.07.2006 21:40:37 LSASS Exploit (SXP) attack
from 209.161.213.115:445
20.07.2006 21:40:50 DCOM Exploit attack
from 209.161.213.115:135
20.07.2006 21:41:37 DCOM Exploit attack
from 209.161.213.115:135
20.07.2006 22:56:14 DCOM Exploit attack
from 209.161.213.115:135
20.07.2006 23:00:03 DCOM Exploit attack
from 209.161.213.115:135
21.07.2006 00:22:15 LSASS Exploit (SXP) attack
from 209.161.56.81:445

Lol...I just can't imagine what it must be like for ppl who don't know how to protect themselves or fix their own puters.
We have just enough religion to make us hate,
but not enough to make us love each other"

- Johnathon Swift




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users