Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: lsass.exe/LSA Shell (Export Version) questions.

Hybrid View

  1. #1
    maxsselfissteam Guest

    Default lsass.exe/LSA Shell (Export Version) questions.

    Hi, I have a few questions concerning the same program/problem:

    1. During the last few hours, ZoneAlarm has been asking twice whether LSA Shell (Export Version) (it is indeed lsass.exe, not a similar name, and the date it has last been changed at doesn't look suspicious either) should be allowed to accept connections from the internet (the same IP adress was shown in both cases). I can't remember this occuring ever before; Norton AntiVirus, Ad-Aware and Spybot Search & Destroy don't find anything on my PC and I haven't noticed any other suspicious stuff (XP SP2 is up to date, I use Mozilla's products for browsing and mailing and I'm quite careful in general). What could that message be related to? Might it be anything to worry about?

    2. When I took a look at my Program Control list, I noticed that LSA Shell (Export Version) was allowed to access the trusted and internet zones. I don't remember allowing it to do so -- is it one of the programs that are allowed to access the internet automatically after ZoneAlarm's installation? (I have removed it from the list in the meantime.)

    3. Probably the least important one: While doing research about that problem, I let Windows Explorer look for files containing the word lsass in my Internet Logs folder and opened safeprograms.xml afterwards (it opened in Internet Explorer) -- is it dangerous to open said file, i.e. might any settings be changed etc. simply through opening it?

    Thanks for any replies!

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm (Free)
    Software Version:5.5

  2. #2
    maxsselfissteam Guest

    Default Re: lsass.exe/LSA Shell (Export Version) questions.

    On a related sidenote, I have yet another question... I wanted to do a scan with Trendmicro's Housecall right now, but during the installation/updating process, ZoneAlarm asked me whether Internet Explorer (I wasn't aware this new version was going to work with Firefox as well) should be allowed to act as a server, and after checking whether it was really Housecall that brought this up, I allowed it to do so to make sure everything would work. After a while, I got somewhat paranoid though and stopped the test -- would there be any danger that IE might start listening to stuff that isn't related to Housecall?

  3. #3
    jasen1970 Guest

    Default Re: lsass.exe/LSA Shell (Export Version) questions.

    I have exactly the same problem. It has only started in the last few weeks for unknown reasons, except to say it might have coincided with the most recent ZAPro upgrade. The lsass.exe file is apparently a legitimate Windows system file if it begins with an L in lowercase, but there is a known virus that looks like the same file name but begins with an "i" in uppercase. I respond to the ZA alert by clicking "deny" and click the box which applies my decision the next time the file tries to do something, but every time I start up or every time I reboot, it goes through the same thing and does not "remember" my previous action of denying the file access. I do not know how to stop it either. I tried moving the file to see what happened, restarted and received the same message only to see that it had been replaced by another copy. I did move it, really, as I checked to see if it was still in the Windows system32 folder and it wasn't......I am totally confused here!I also do not detect it as a virus or trojan file via Norton, etc., so I think it is actually a real windows file. Can someone tell us why it doing this and why ZA won't stop alerting when an action has been made for or against access rights??cheers,Jasen

  4. #4
    jasen1970 Guest

    Default Re: lsass.exe/LSA Shell (Export Version) questions.

    I fixed it! I followed Bill's suggestion in an earlier thread. You have to go to Windows "Safe mode" by rebooting and pressing F8 at the same time. Go to C:/windows/internetlogs and delete backup.rdb and iamdb.rdb, then reboot. The ZA database apparently can be corrupted sometimes when you upgrade and you need to do this to reset it.cheersJasen

  5. #5
    maxsselfissteam Guest

    Default Re: lsass.exe/LSA Shell (Export Version) questions.

    I read about that, but my problem is quite different, I think. I'm mainly wondering why I got these messages at all, i.e. why someone/something wanted to connect to my lsass.exe at all (if I'm understanding the initial ZA message correctly) as this has never happened before.

    (By the way, I did some more tests now -- the Kaspersky Online Scanner didn't find anything, and I ran Norton AntiVirus, Ad-Aware and Spybot S&D in safe mode; nothing was found.)

  6. #6
    jasen1970 Guest

    Default Re: lsass.exe/LSA Shell (Export Version) questions.

    Hi again,I'm not so sure it is different but will let someone else take a look and comment on this one. As you have noticed, it is only a recent thing for me too and what I have done seems to have fixed it, and I too see lsass.exe with trusted access in the program list. I might try elsewhere to find answers as to why this is and why so recently.cheersJasen

  7. #7
    jasen1970 Guest

    Default Re: lsass.exe/LSA Shell (Export Version) questions.

    It seems I didn't fix it. I still get the alert. I have no idea what to do apart from go back to an earlier version and try that.oh well.Jasen

  8. #8
    pianolady Guest

    Default Re: lsass.exe/LSA Shell (Export Version) questions.

    I had this exact problem. Followed these steps found at the Support site for Zonelabs.To repair this problem, please follow these steps. Please note that this will remove your program permission settings (so you may want to make note of them), but re-establishing them is a simple process. If any of the steps below does not apply to you, or you are unable to perform the function listed, please continue to the next step. This MUST be done with an Admin account if your Operating System supports these! 1. If you are running Windows 95/98/Me/XP/2000, reboot your system into Safe Mode. Your OS determines the method, but normally pressing F8 at the beep, or holding the control key during bootup, will work. For more information on rebooting in Safe Mode, click Start, then Help. Click the Search tab, and type in "Safe Mode". Double- click "Start Windows in Safe Mode" for the instructions. 2. Open the Internet Logs directory (in 9x/ME this will be "c:\windows\internet logs", in NT/2000 it will be c:\winnt\internet logs, in Windows XP it could be either of these folders). 3. Delete all files that have the extension .RDB, .LDB, or TMP. 4. Empty your Recycle Bin. 5. Reboot your system.

  9. #9
    pianolady Guest

    Default Re: lsass.exe/LSA Shell (Export Version) questions.

    Spoke too soon. It was back after a couple restarts! I decided to uninstall and reinstall the program. Big mistake. Now the computer reboots every time I try to open the installation program. This applies to the current and previous versions of ZA (including the free version). Gave up, and installed something else. Darn it, I just paid for the renewal too! Not a happy camper. Can't find any virus or adware problems.

  10. #10
    tsuga Guest

    Default Re: lsass.exe/LSA Shell (Export Version) questions.

    i see i'm not the only one with this problem, it just started a few days ago for me as well. intially when it first asked for permission i granted it then i became rather parinoid and went back and set it to 'ask permission' even though ZA advised not to--i've had no re-occurence since

Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •