Unkown Address blocked

By =met=Badger
Apr 27, 2006
  1. My ISP's network has been loaded with viruses and I suffer for other peoples ignorance. But alas I am not all knowing so I ask for help from everyone here.

    My firewall has been blocking intrusions from somewhere to lsass.exe. Ive logged them and the address is 0x77E74A8F. this isnt a MAC or IP. its more like Code. and I know nothing about code.

    Ive been getting spammed approx every 4 hrs since i reformatted my windows drive.
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your computer may be infected with viruses/malware etc.

    Go HERE and follow the instructions, in the order they are given.

    Post a fresh HJT log, only after doing the above.

    Regards Howard :)
  3. =met=Badger

    =met=Badger TS Rookie Topic Starter Posts: 25

    No I know wat i am doing when it comes to keepin my pc relatively clean. and I do not have a virus or spyware. Ive looked at My HJT log and theres nothin that shouldnt be there.
  4. Peddant

    Peddant TS Rookie Posts: 1,446

    This should explain the lsass.exe situation HERE
  5. =met=Badger

    =met=Badger TS Rookie Topic Starter Posts: 25

    No it doesnt explain anything new. just that he has the similar problem. BUT MY PROBLEM isnt lsass.exe. IT IS NOT on my pc or effecting my pc, BUT it is my ISP's problem and it reduces network BW which is my problem. Because anyone w/ half a brain will goole anything supicious and in this case i found this:
    but I would like to KNOW what This is
    Just info on the address. I think this is code because ive gotten a few buffer overflows.
  6. Peddant

    Peddant TS Rookie Posts: 1,446

    Perhaps you could give us a few more details about those ? Did they reference any application ? Make sure Windows and all your apps are fully updated.You`ve probably done that already,but it has to be said.Quicktime and OE have had overflow issues in the past.
  7. =met=Badger

    =met=Badger TS Rookie Topic Starter Posts: 25

    no it doesnt referance anything other than lsass.exe . what im thinkin it may be, after ive done a little research, is that the address failure is on my pc within the program lsass and the errors and buffer overflow that is being logged by my firewall is a result of an external atempt to access my pc. although my firewall is not logging ips for the blocked intrusions.

    1.Does anyone know exactly What lsass (Local Security Authentication Server), in windowsxp, really does besides auth for winlogon?

    2.If there is anyway to remove it by removing any winlogon services?

    my understanding of winlogon is that it is mainly used with Remote assistance or remote desktop. alloowing other users to access your windows via a network. It's a part of the Windows Login subsystem. Winlogon is necessary for user authorization and checks the Windows XP activation code.

    3. Does windows force you to use winlogon when accessing the internet?

    I know these are extremely technical question and help answering them would be gonna post thes same 4 Q's in the Windows forum on this site aswell.
  8. =met=Badger

    =met=Badger TS Rookie Topic Starter Posts: 25

    I have found out that you can disable lsass. so HAZZAR!

    This information is provided in the Black Viper Tweaks for windows XP.
    Black viper tweaks are designed and tested by black viper himself and i think there is a disclaimer stating " any damage you cause is your fault" but you can always reinstall windows. and if your not prepared to back-up your info first.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...