Sorry for the cross-post, but I originally posted about this in the Antivirus board here:http://www.bleepingcomputer.com/forums/ind...=25&t=89810
...and I think that was the wrong place. So if a mod wants to close that thread or merge it with this one, that would be great! Thanks!
I use Zone Alarm free version 7.0.302 and have been for months. But for the first time the other day, as soon as I dialed-up to the internet (though I had been connected multiple times previously that day with no warning coming up), I got this message:LSA Shell (Export Version) wants to accept connections from the Internet.
Source IP: 18.104.22.168: Port 500
This is the program's first attempt to access the Internet.
I clicked on DENY and then immediately opened up ZA and checked the Program Control, and LSA Shell (Export Version) had been added to the list with both Access-Trusted and Access-Internet checked with green checkmark (even though I clicked DENY)! I immediate changed them check marks to ASK (question marks). There were question marks already in the columns for Server-Trusted and Server-Internet.
There were a number of these entries in my ZA log:Type: Firewall
Protocol: ICMP (type:3/subtype:2)
Source IP: <I believe this is my IP listed here>
Destination IP: 22.214.171.124
Acton Taken: Blocked
Count: 8 (18, 31, 15, 18, 12, 22, 12 -- those are all the different occurances while I was on-line)
It doesn't look like I've had any more of these since disconnecting from the internet and then logging back on.
I have never had an Outgoing log message before...And I do not recognize these companies for the IP address in question, nor is there any reason that anybody should/would be trying to access my computer. I don't run any weird programs nor play any games, etc.WHOIS results for 126.96.36.199
Generated by www.DNSstuff.com
Location: United States [City: Kennesaw, Georgia]
AT&T WorldNet Services ATT (NET-12-0-0-0-1)
188.8.131.52 - 184.108.40.206
GAMESTOP, INC. GAMESTOP35-170 (NET-12-14-170-0-1)
220.127.116.11 - 18.104.22.168
Note: I have dial-up. I have since scanned my computer with Ad-Aware SE free, AVG free, AVG rootkit scanner, and SpyBot, all updated with the most current definitions, etc. -- and all is clear. This situation has not happened again -- only that ONE TIME. Once I disconnected from the internet and dialed back up, it has never happened again.1.
What exactly has happened here? What has this popped up now? I did not change any settings or anything...2.
Is this someone trying to connect to my computer all of a sudden?3.
Should I remove LSA Shell (Export Version) all together from my Program Control list in ZA? (Edit: I did this already...
Could this imply that I've got something "bad" on my computer?5.
Is there anything else I should do/check to make sure something bad isn't going on?6.
Should I have immediately disconnected from the internet and then logged back on? I don't recall if I checked my email or logged onto anything password-sensitive, etc. while still connected to the internet when that happened. I'm pretty sure I updated my AVG to the newest program version while I was still connected that time. Does any of that matter?
I can post a HijackThis log in the proper forum here if necessary, but I'd rather not start doing on-line scans and installing new stuff unless there's a chance I have an actual problem. So any help with these questions and what happened would be greatly appreciated!
Thanks for the help, as always!
Edited by bloomcounty, 04 May 2007 - 09:55 AM.
My stats: Windows XP Home SP2; Firefox 3.0.14 w/ Ad-Block Plus; IE 6.0 (used only for monthly Windows Critical Updates); ZoneAlarm 6.1.744.001 Free; AVG 8.5 A/V Free; SuperAntispyware Free 4.28.1010