LSASS.EXE connected to usertrust.com

[Carlos Lakomy]

Every now and then I check the active ports on my server and for some
reason there is always one LSASS.EXE that is connected to
89.usertrust.com:http. Has anyone seen this before? I've ran SpyBot and I
few others and can never seem to find what it is. The only thing that I run
that I would consider questionable is the POPUP Blocker by panicware. I use
Active Ports by SmartLine to do my checking http://www.ntulility.com. I
would appreciate any input that may be helpful.

-C

 

[Tom Pepper Willett]

UserTrust is a A Public Key Infrastructure providing SSL Certificates and
Digital Signatures. Do you have one on your machine?

Tom


| Every now and then I check the active ports on my server and for some
| reason there is always one LSASS.EXE that is connected to
| 89.usertrust.com:http. Has anyone seen this before? I've ran SpyBot and I
| few others and can never seem to find what it is. The only thing that I
run
| that I would consider questionable is the POPUP Blocker by panicware. I
use
| Active Ports by SmartLine to do my checking http://www.ntulility.com. I
| would appreciate any input that may be helpful.
|
| -C

 

[Steven L Umbach]

That certainly does not look like a malicious site. Try disabling your running
startup programs to see if the connection goes away. You also might try using Process
Explorer and TcpView from SysInternals to try to gain further info on what is going
on with that connection and processes. --- Steve

http://www.sysinternals.com/ntw2k/freeware/procexp.shtml
http://www.sysinternals.com/ntw2k/source/tcpview.shtml

 

[Guest]

This is depending upon his location on your computer; Windows NT4/2000/XP/2003 only. LSASS is the Local Security Authentication Server. It verifies the validity of user logons to your PC/Server (in technical jargon : it generates the process that is responsible for authenticating users for the Winlogon service).

However, you should go to www.answerthatwork.com and review other possible files with this name. Yes, this could be a virus. That site explains it very well.

Gina Novelle
www.thirdpocket.com

 

[USERTRUST]

Carlos,

The most common reasons for the connection to usertrust.com is:

1. You have an SSL certificate from either Freessl.com or fro
USERTRUST.

2. Your website is configured to accept client authenticatio
certificates.

The reason your server connects to usertrust.com is to download CR
information pertaining to either SSL or Client certificates. This i
not a virus. If you would like further information please feel free t
email me.

Nathan Luke
USERTRUST Inc.
(e-mail address removed)

*Every now and then I check the active ports on my server and fo
some
reason there is always one LSASS.EXE that is connected to
89.usertrust.com:http. Has anyone seen this before? I've ran SpyBo
and I
few others and can never seem to find what it is. The only thing tha
I run
that I would consider questionable is the POPUP Blocker by panicware
I use
Active Ports by SmartLine to do my checking http://www.ntulility.com
I
would appreciate any input that may be helpful.

-C

-
USERTRUS