Trend Micro: MS04-011_LSASS_EXPLOIT

[David]

After a really bad experience with trojans, etc., I reformatted my HD
and reinstalled WinXP. Since Norton watched me go down in flames, I'm
now trying out Trend Micro's PC-cillin Internet Security.
-
It keeps alerting me about a "MS04-011_LSASS_EXPLOIT" (a network virus
attack on .NET). When I tried to retrieve the prescribed fix from
Microsoft, it told me that I did not have .NET on my computer, so the
fix could not be installed.
-
So the annoying window keeps on popping up (about 5-10 times per
minute, usually) telling me of the attack, but that PC-cillin is
successfully protecting me. The small window will not let me continue
to work until I click on it.
-
I don't want to stop the window from coming up and telling me about
various attacks, but is there any way to get some sort of fix that will
end this Trend Micro window?
-
Thanks,
David Aman

 

[David H. Lipman]

From: "David" <[email protected]>

| After a really bad experience with trojans, etc., I reformatted my HD
| and reinstalled WinXP. Since Norton watched me go down in flames, I'm
| now trying out Trend Micro's PC-cillin Internet Security.
| -
| It keeps alerting me about a "MS04-011_LSASS_EXPLOIT" (a network virus
| attack on .NET). When I tried to retrieve the prescribed fix from
| Microsoft, it told me that I did not have .NET on my computer, so the
| fix could not be installed.
| -
| So the annoying window keeps on popping up (about 5-10 times per
| minute, usually) telling me of the attack, but that PC-cillin is
| successfully protecting me. The small window will not let me continue
| to work until I click on it.
| -
| I don't want to stop the window from coming up and telling me about
| various attacks, but is there any way to get some sort of fix that will
| end this Trend Micro window?
| -
| Thanks,
| David Aman

Use a FireWall to block this network port exploitation. If you are using Broadband, I
suggest a Router such as the Linksys BEFSR41 which will isolate the Exploit to the WAN suide
of the Router and protect your PC on the LAN. side of the Router.

 

[Richard S. Westmoreland]

From: "David" <[email protected]>

| It keeps alerting me about a "MS04-011_LSASS_EXPLOIT" (a network virus
| attack on .NET). When I tried to retrieve the prescribed fix from
| Microsoft, it told me that I did not have .NET on my computer, so the
| fix could not be installed.

| I don't want to stop the window from coming up and telling me about
| various attacks, but is there any way to get some sort of fix that will
| end this Trend Micro window?

Use a FireWall to block this network port exploitation. If you are using Broadband, I
suggest a Router such as the Linksys BEFSR41 which will isolate the Exploit to the WAN suide
of the Router and protect your PC on the LAN. side of the Router.

Yep. If you don't want to disable the window, then the only way to get rid
of the attack notice is to stop it before it gets to Trend's firewall, and
that's with a hardware firewall. If you just installed WinXP, make sure you
ran all of the windows updates. If you are up to date, then even without
Trend running you're protected from the lsass exploit. What you're seeing
is someone else on your broadband network that is infected with Sasser and
trying to infect other machines.

 

[lee]

Use a FireWall to block this network port exploitation. If you are using Broadband, I
suggest a Router such as the Linksys BEFSR41 which will isolate the Exploit to the WAN suide
of the Router and protect your PC on the LAN. side of the Router.

I think he is using the firewall component of TIS. That's what's giving
him the alert about MS04-011_ LSASS_Exploit. Typically, you'll get this
if you're on a LAN where administrative probes are occuring. The network
virus component of TIS can be set to *not* alert for stuff like this.