Can anyone tell me what this report by my virus software means?
Risk name: MSRPC Malicious LSASS DS Request BO (1)
Attacking Computer: 76.160.255.111,3288
Attacking Computer: 76.53.10.103,16924
Hi Patty! Hubby suggests that you google the text after the “risk name” and see if there is any info out there about it.
My goodness, I forgot to post about the 3 boxes of candy I sent to Bagram last Friday! Yikes! I will try to remember to do it tomorrow.
I did a quick security search and found these:
FORENSIC LOG:
Infection Source:
76.160.255.111
Executables Delivered:
ftpupd.exe
txyqlyt.exe
Listen Ports Opened:
1031
1031
891
Processes Created:
MSMSGS.EXE
txyqlyt.exe
Registry Entries Modified or Created:
HKEY_LOCAL_MACHINE@...Microsoft\Wireless
It’s the IP addresses of the computers that the bug is launching from. It looks like the bug is trying to exploit MS Messenger.
More...
“The Windows Messenger from Microsoft provides Online Chat and Instant Messaging.
If you don’t use Windows Messenger, you can disable it as follows: Start -> Programs -> Windows Messenger -> Tools -> Options -> Preferences. Uncheck “Run this program when Windows Starts”.
Note: The msmsgs.exe file is located in the folder C:\Program Files\Messenger. In other cases, msmsgs.exe is a virus, spyware, trojan or worm! Check this with Security Task Manager.”
I don’t know. This page from google’s cache might give you some info. http://72.14.209.104/search?q=cache:A9D-ZrYsPHwJ:www.cybertechhelp.com/forums/archive/index.php/t-147714.html+Risk+name:+MSRPC+Malicious+LSASS+DS+Request+BO+(1)&hl=en&ct=clnk&cd=3&gl=us .
Here’s the search I did. Search: Risk name: MSRPC Malicious LSASS DS Request BO (1). http://www.google.com/search?hl=en&q=Risk+name%3A+MSRPC+Malicious+LSASS+DS+Request+BO+%281%29&btnG=Google+Search .
Download the software and it will scan everything including that message you posted.