I use Zone Alarm free version 7.0.302 and have been for months. But for the first time today, as soon as I dialed-up to the internet just now (though I had been connected multiple times previously today with no warning coming up), I got this message:
LSA Shell (Export Version) wants to accept connections from the Internet.
Source IP: 18.104.22.168: Port 500
This is the program's first attempt to access the Internet.
I clicked on DENY and then immediately opened up ZA and checked the Program Control, and LSA Shell (Export Version) had been added to the list with both Access-Trusted and Access-Internet checked with green checkmark (even though I clicked DENY)! I immediate changed them check marks to ASK (question marks). There were question marks already in the columns for Server-Trusted and Server-Internet.
There were a number of these entries in my ZA log:
Protocol: ICMP (type:3/subtype:2)
Source IP: <I believe this is my IP listed here>
Destination IP: 22.214.171.124
Acton Taken: Blocked
Count: 8 (18, 31, 15, 18, 12, 22, 12 -- those are all the different occurances while I was on-line)
It doesn't look like I've had any more of these since disconnecting from the internet and then logging back on.
I have never had an Outgoing log message before...
And I do not recognize these companies for the IP address in question, nor is there any reason that anybody should/would be trying to access my computer. I don't run any weird programs nor play any games, etc.
WHOIS results for 126.96.36.199
Generated by www.DNSstuff.com
Location: United States [City: Kennesaw, Georgia]
AT&T WorldNet Services ATT (NET-12-0-0-0-1)
188.8.131.52 - 184.108.40.206
GAMESTOP, INC. GAMESTOP35-170 (NET-12-14-170-0-1)
220.127.116.11 - 18.104.22.168
Note: I have dial-up.
1. What exactly has happened here? What has this popped up now? I did not change any settings or anything...
2. Is this someone trying to connect to my computer all of a sudden?
3. Should I remove LSA Shell (Export Version) all together from my Program Control list in ZA?
4. Could this imply that I've got something "bad" on my computer?
5. Is there anything else I should do/check to make sure something bad isn't going on?
6. Should I have immediately disconnected from the internet and then logged back on? I don't recall if I checked my email or logged onto anything password-sensitive, etc. while still connected to the internet when that happened. I'm pretty sure I updated my AVG to the newest program version while I was still connected that time. Does any of that matter?
Seems like something always pops up just when I'm done worrying about something else with my computer!
Thanks for the help!
Edited by bloomcounty, 23 April 2007 - 06:28 PM.