Results 1 to 4 of 4

Thread: Is this generic host alerts and LSA Shell Export Version red alerts a trojan problem?

  1. #1
    old_surfer Guest

    Default Is this generic host alerts and LSA Shell Export Version red alerts a trojan problem?

    On June 16th, my ZAP log mentions some:
    OSFW,2008/06/15,11:04:32 -7:00 GMT,UNKNOWN(0),Microsoft Windows Malicious Software Removal Tool,C:\WINDOWS\system32\MRT.exe,PROCESS,OPENPROCE SS,DST,\SystemRoot\System32\smss.exe
    I realise it now, looking into my ZAP logs file.

    Later in the summer this line multiplied dozens of times in the log and I realize that too now, but before I started having ZAP alerts, the violet ones saying
    Generic Host Program for win32 services is trying to act as a server
    and red alerts saying
    LSA Shell Export Version is trying to communicate with C:\Windows\system32\Zonelabs\UpdClient.exe by opening its process, application Isass.exe.
    among other things.
    I always denied them but did not find the time to check this problem.
    I have lots of problems in my p/c's function (for instance, help & support of Windows does not function when online) and today I tried to restore before this date (June 16th) basically in order to avoid those alerts and eventual trojan provoking them but I cannot restore before August (when I press the left arrow of restore system calendar being in August it does not function to lead me to July). It seems that restore system functions only for 3 months back maximum and I'm afraid that if it's about a trojan here I'll do nothing going only back to the 1st of August since the problem appears having occurred earlier.
    Please advise.

    Operating System:Windows XP Home Edition
    Software Version:8.0
    Product Name:ZoneAlarm Pro

  2. #2
    old_surfer Guest

    Default Re: Is this generic host alerts and LSA Shell Export Version red alerts a trojan problem?

    Since nobody answered my message till now I add that I sent an enquiry to the http://www.zonealarm.com/store/conte...ch_support.jsp
    with my license number and still waiting for their answer and updated my Adaware and Spybot through run as with a simple account (no admin rights) and checked my system.
    Adaware found just some MRU and tracking cookies but Spybot found System Doctor 2006 (program directory trojan downloading also Swifthand-C, Huntbar, Tango etc, don't know if I wrote them down correctly because of my confusion and anxiety) which said it erased when I rebooted.
    I checked again and it found nothing.
    My red and violet alerts seemed to have stopped but I'm not sure what's going on and my big problem is what if I will for instance, restore to beginning August, uninstall my ZAP, cleandisk, defragment, run a c:/check, cleaninstall last version available of ZAP and still have alerts of all kind.
    Or if my alerts stopped but I still have Trojans and a corrupted ZAP.
    Forgot to say that except for the violet and red generic host alerts and the red LSA Shell Export alerts I had also all kinds of alerts, for instance when I was trying to run Adaware I had alert saying Ad-aware service is trying to communicate with C:\Windows\system32\Zonelabs\vsmon.exe by opening its process, application aawservice.exe, which I denied and although Adaware functionned alright, but those other alerts were more rare while the generic host and LSA Shell ones were practically one each couple of minutes or so, even if I asked ZAP to remember denial.
    Finally I must add that except for all those ZAP alerts I denied, now I allowed some new program alert and retrying program alert for Spybot, since it wasn't written high risk on it, not at all risky as a matter of fact.
    I think that all alerts stopped exactly after I accepted those ones.
    Tks

  3. #3
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Is this generic host alerts and LSA Shell Export Version red alerts a trojan problem?

    OSFW,2008/06/15,11:04:32 -7:00 GMT,UNKNOWN(0),Microsoft Windows Malicious Software Removal Tool,C:\WINDOWS\system32\MRT.exe,PROCESS,OPENPROCE SS,DST,\SystemRoot\System32\smss.exe

    This is okay. The mrt.exe (microsoft malicious software removal tool (scanner)) and the smss.exe are okay.

    Generic Host Program for win32 services is trying to act as a server
    and red alerts saying
    LSA Shell Export Version is trying to communicate with C:\Windows\system32\Zonelabs\UpdClient.exe by opening its process, application Isass.exe.

    also okay.

    lsass.exe and the smss.exe will open other processes.
    In the case of the za files, the ZA will "protect" itself from be opened by other files thus the alert (even if safe files from the windows).

    System restore issues?
    It maybe corrupted - if you are adventurous, disable the system restore in the Properties of My Computer and immediately reboot. Now the files are cleaned out.
    Then re-able the system restore and immediately reboot. Now the system restore is restarted and of any new files will be without the previous corrupted files.

    Oldsod.
    Best regards.
    oldsod

  4. #4
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Is this generic host alerts and LSA Shell Export Version red alerts a trojan problem?

    Instead of spybot and adaware (getting far behind the leaders in detections and removal), try the superantispyware and the malwarebytes antimalware seen here and these two are probably your best choices...

    http://forum.zonelabs.org/zonelabs/b...essage.id=4284

    also try the asquared and the norman malware cleaner and the dr web cureit. (note: the norman and dr web are not complete installs)

    But the manual removal for the System Doctor 2006 is found here:

    http://www.bleepingcomputer.com/forums/topic58656.html

    Oldsod.
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •