Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

ZoneAlarm Alert "lsa Shell (export Version) Wants To Accept Conne


  • Please log in to reply

#1
bloomcounty

bloomcounty

    Member

  • Member
  • PipPip
  • 93 posts
Hi,

I use Zone Alarm free version 7.0.302 and have been for months. But for the first time today, as soon as I dialed-up to the internet just now (though I had been connected multiple times previously today with no warning coming up), I got this message:

LSA Shell (Export Version) wants to accept connections from the Internet.
Application: lsass.exe
Source IP: 12.14.170.15: Port 500
This is the program's first attempt to access the Internet.


I clicked on DENY and then immediately opened up ZA and checked the Program Control, and LSA Shell (Export Version) had been added to the list with both Access-Trusted and Access-Internet checked with green checkmark (even though I clicked DENY)! I immediate changed them check marks to ASK (question marks). There were question marks already in the columns for Server-Trusted and Server-Internet.

There were a number of these entries in my ZA log:

Type: Firewall
Protocol: ICMP (type:3/subtype:2)
Source IP: <I believe this is my IP listed here>
Destination IP: 12.14.170.15
Direction: Outgoing
Acton Taken: Blocked
Count: 8 (18, 31, 15, 18, 12, 22, 12 -- those are all the different occurances while I was on-line)

It doesn't look like I've had any more of these since disconnecting from the internet and then logging back on.

I have never had an Outgoing log message before...

And I do not recognize these companies for the IP address in question, nor is there any reason that anybody should/would be trying to access my computer. I don't run any weird programs nor play any games, etc.

WHOIS results for 12.14.170.15
Generated by www.DNSstuff.com

Location: United States [City: Kennesaw, Georgia]
AT&T WorldNet Services ATT (NET-12-0-0-0-1)
12.0.0.0 - 12.255.255.255
GAMESTOP, INC. GAMESTOP35-170 (NET-12-14-170-0-1)
12.14.170.0 - 12.14.170.255


Note: I have dial-up.

1. What exactly has happened here? What has this popped up now? I did not change any settings or anything...

2. Is this someone trying to connect to my computer all of a sudden?

3. Should I remove LSA Shell (Export Version) all together from my Program Control list in ZA?

4. Could this imply that I've got something "bad" on my computer?

5. Is there anything else I should do/check to make sure something bad isn't going on?

6. Should I have immediately disconnected from the internet and then logged back on? I don't recall if I checked my email or logged onto anything password-sensitive, etc. while still connected to the internet when that happened. I'm pretty sure I updated my AVG to the newest program version while I was still connected that time. Does any of that matter?

Seems like something always pops up just when I'm done worrying about something else with my computer! :blink:

Thanks for the help! :whistling:

Edited by bloomcounty, 23 April 2007 - 06:28 PM.

  • 0

Advertisements


#2
cheyenne 09

cheyenne 09

    Member 1K

  • Member
  • PipPipPipPip
  • 1,258 posts
Hi Bloomcounty
It is lightly that you may have Malware on your System so Please go to the malware forum and follow the instructions at the top....Especially the CLICK HERE. That will Help make sure your System is Clean and if after this Process if this is still a Problem then Return here to this Thread .. And well see if we Help you fix it. Good Luck


Link To Malware Forum
http://www.geekstogo...o_Here-f37.html

:whistling: Cheyenne 09 :blink:
  • 0

#3
bloomcounty

bloomcounty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts

Hi Bloomcounty
It is lightly that you may have Malware on your System so Please go to the malware forum and follow the instructions at the top....Especially the CLICK HERE. That will Help make sure your System is Clean and if after this Process if this is still a Problem then Return here to this Thread .. And well see if we Help you fix it. Good Luck


Link To Malware Forum
http://www.geekstogo...o_Here-f37.html


Thanks for the post. I'm hesitant to go through all those steps (and install more stuff on my computer), since the issue I posted about only happened that one time I was connnected. I hit "deny" access in ZA, eventually disconnected, and everytime I've been connected since, this issue has not come up (meaning, that program has not asked for permission again).

Do you think I really need to go through all this stuff? Or should I wait to see if the same thing happens again?

Also, do you know the answers to any of the questions I asked in the first post?

Thanks for the help! Looking forward to hearing back! :whistling:
  • 0

#4
cheyenne 09

cheyenne 09

    Member 1K

  • Member
  • PipPipPipPip
  • 1,258 posts
Hi bloomcounty
The basic Answer is Some Spyware and Viruses use this ports to Access your Computer thats why i said to go to the Malware Forum as i Cannot Advise you what to do in that Area and it is Also Against the Rules Here. So Please get this checked out. and because it has Stopped happing Doesn't mean you Don't have a Problem. I hope this Helps you Good Luck

:whistling: Cheyenne 09 :blink:
  • 0

#5
bloomcounty

bloomcounty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts
Thanks for the reply!

Looking through some of the posts in that forum, it doesn't look like you HAVE to do all those steps it says you do in the "Click Here" link...? I see others merely posted a HijackThis log -- and moderators/experts replied that they actually didn't want them to run it in safe mode, so that's a bit contradictory to what's posted in the "Click Here" link.

I think I'll just post what I posted here over there, along with a HijackThis log (without doing all those other steps first) and seeing what a mod/expert thinks... Sound good?
  • 0

#6
cheyenne 09

cheyenne 09

    Member 1K

  • Member
  • PipPipPipPip
  • 1,258 posts
Hi Bloomcounty
I know there is a lot of steps but it better Do them to insure your System is Clean and Free of Trogans and Viruses and Any other Malware that Might be Lurking in the Background as this Crusaul to being Safe on the Internet But it Really comes Down to you its your System. The Sevaral steps that will help you clean up 70 percent of all problems by yourself using the Programs in the Malware Forum. If at the end of the process you still have the same issue Post back here let me know what you deside. And in the mean Time i'll see if can find anything else that can Help you.Good Luck


:whistling: Cheyenne 09 :blink:
  • 0

#7
bloomcounty

bloomcounty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts
Thanks for the reply. But there's no way for me to know if I have the same problem, even after I did all those steps, since I'm not having the problem now... just that one time. :whistling:

So I'll just do a HijackThis log and post it over there and see what's what and let you know...
  • 0

#8
cheyenne 09

cheyenne 09

    Member 1K

  • Member
  • PipPipPipPip
  • 1,258 posts
Hi Bloomcounty
Ok Thanks for letting me know Good Luck :help:


:whistling: Cheyenne 09 :blink:
  • 0

#9
bloomcounty

bloomcounty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts
Well, unfortunately, I've yet to get a response... Any suggestions? Thanks!
  • 0

#10
cheyenne 09

cheyenne 09

    Member 1K

  • Member
  • PipPipPipPip
  • 1,258 posts
Hi Bloomcounty
I am sorry to here you have had No reply to your Topic i would Post in the Waiting Room and Remember to Post a link to your Topic and also add brief description of the Problem as well as it's been more than 3 Day's and Someone should pick it up from There let me know how you get on. Good Luck


Link to The Waiting Room
http://www.geekstogo..._Room-f100.html


:whistling: Cheyenne 09 :blink:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP