DOWNLOAD: Best tool to repair Windows problems & optimize system performance | Best driver update software for your PC
 
Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Question about "Error" found on Event Viewer

  1. #1
    frk410s2 is offline New Member
    Join Date
    Dec 2009
    Posts
    8

    Default Question about "Error" found on Event Viewer

    Hello everyone and thank you so much for reading and helping me.

    Let me first explain that I am running Windows Vista Pro. For the past few days, my computer has been freezing up as I have been browsing the web. Ctrl+Atl+Del does nothing, I wait to see if Firefox will respond to no avail. I am forced to do a hard shut-down. When I restart, the computer works well for a few hours, even a day or so. Then the freezing repeats.



    My computer is up to date with all updates from Microsoft, the Microsoft Firewall is turned on and I have Symantec Anti-Virus up to date and running. (Actually I'm pretty compulsive with updating.)

    So I decided to look at my event viewer to see if I could find out what was wrong. BINGO. Every time my computer has frozen up in the past few days, an event is logged as the following:

    "An anonymous session connected from xxx.xxx.xxx.xx has attempted to open an LSA policy handle on this machine. The attempt was rejected with STATUS_ACCESS_DENIED to prevent leaking security sensitive information to the anonymous caller.
    The application that made this attempt needs to be fixed. Please contact the application vendor. As a temporary workaround, this security measure can be disabled by setting the \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contr ol\Lsa\TurnOffAnonymousBlock DWORD value to 1.
    This message will be logged at most once a day."

    I intentionally masked the IP address on this post. Each time the event is reported, the IP is different and from around the globe.

    I said, "Woah" what does that mean? So, I googled. And the responses on how to "fix" it were way over my head. I mean *way* over. Is there anyway I can fix this? Microsofts webpage has an article about this problem on their Support Website.

    I read it and felt like I was reading.. well... not English. I know people on this forum are extremely technically advanced and I feel quite ignorant.

    So I am begging for some help here It is a hacking attempt? Do I need to install a 3rd party firewall? Please let me know if you have any questions.

    Thanks so much for your time!!

    Katie

  2. #2
    leofelix is offline Member
    Join Date
    Oct 2008
    Location
    Italy
    Posts
    1,668

    Default

    Hello and welcome to TheWindowsClub forum
    It seems your computer is under attack.
    You should prevent access to TCP 445 port by blocking it through Vista Firewall, or do use this temporary fix

    Security Research & Defense : Update on the SMB vulnerability situation

    Please, tell me is your system up to date?

  3. #3
    frk410s2 is offline New Member
    Join Date
    Dec 2009
    Posts
    8

    Default

    First, Thank you so very much for the welcome and the speedy reply. My system is up-to-date with Critical and Recommended Up-Dates from Microsoft. Symantec is up to date. My browser is up-to-date. I can't think of anything else that I should check. Any ideas?
    Thanks for the link - I can understand most of it! Should I "C Disable SMBv2 using Microsoft Fix-It." or Block the Port? Or both?

    Thanks so much!

  4. #4
    leofelix is offline Member
    Join Date
    Oct 2008
    Location
    Italy
    Posts
    1,668

    Default

    Well, no problems
    If your system is up to date you actually do not need to apply that fix.

    It seems that event id 6033 is quite common, have a look here, please

    Event ID 6033 Source LsaSrv


    and here

    Windows 2003 - Risk of modify this registry key ?

    Thank you

    [EDIT to say] What version of Symantec Norton Antivirus are you using?
    Last edited by leofelix; 20th December 2009 at 21:14.

  5. #5
    frk410s2 is offline New Member
    Join Date
    Dec 2009
    Posts
    8

    Default

    I understand! So someone is just *trying* to attack me, and not actually succeeding?

  6. #6
    leofelix is offline Member
    Join Date
    Oct 2008
    Location
    Italy
    Posts
    1,668

    Default

    I'm not sure, since I do not use Windows Firewall but a third party personal firewall and I'm behind a router (with a hardware firewall build in).

    However if I were you I would read this

    Windows Vista Firewall enhancements: rule types, profiles, domain isolation

    Then I'd block TCP 445 port;-)

  7. #7
    seti is offline Member
    Join Date
    Nov 2008
    Posts
    1,923

    Default

    Hi katie and welcome to the forum. Reading what Leofelix has replied to you and your replies and your original question. If there is a problem with your firewall this can be easily shown. Visit grc.com and Shields Up which is a completley safe and trustworthy fire wall tester. The results should show all stealthed, if it does otherwise then follow the recommendations. However a possible quicker answer for you would be to install an Internet Security Suite of which there are many to choose from. By doing the last thing it will turn off the Windows Firewall replacing it. If you do not want to do that, you can just go for a firewall, Zone Alarm is a good free one to choose.

  8. #8
    frk410s2 is offline New Member
    Join Date
    Dec 2009
    Posts
    8

    Default

    Hello! Thanks for the welcome
    I went to Shields UP and got this response: Attempting connection to your computer. . .
    Shields UP! is now attempting to contact the Hidden Internet Server within your PC. It is likely that no one has told you that your own personal computer may now be functioning as an Internet Server with neither your knowledge nor your permission. And that it may be serving up all or many of your personal files for reading, writing, modification and even deletion by anyone, anywhere, on the Internet!
    Your Internet port 139 does not appear to exist!
    One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.
    Unable to connect with NetBIOS to your computer.
    All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.

    So reading that, it sounds like i'm good and secure. Any opinion/comment?

    Also, I'm running Symantec 11.0.2000.1567.

  9. #9
    Corrine's Avatar
    Corrine is offline Gold Member
    Join Date
    Jan 2009
    Location
    Upstate NY
    Posts
    961

    Default

    Hi, Katie. That is a not an error I am familiar with. However, although your computer is up to date, you have a software firewall and up-to-date antivirus software, you do not mention any other security measures. As a result, I would suggest an anti-malware scan. The standard instructions I provide follow:

    Please download ATF Cleaner by Atribune from ATF-Cleaner.exe - www.atribune.org . Save it to your Desktop.

    Run ATF Cleaner
    • Double-click ATF-Cleaner.exe to run the program.
    • Click Select All found at the bottom of the list.
    • Click the Empty Selected button.
    • Click Exit on the Main menu to close the program.
    • Shutdown/restart the computer.


    Please download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, be sure Quick scan is selected, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
    • Click Remove Selected.

  10. #10
    leofelix is offline Member
    Join Date
    Oct 2008
    Location
    Italy
    Posts
    1,668

    Default

    [EDIT to say] Sorry I posted contemporaneously with Corrine, please follow her directions carefully, thank you


    @ frk4010s2,
    correct, you system is fully protected from inbound attacks:-)
    The latest version of Norton Antivirus is (2010) 17.0.0.136

    Are you using Symantec Enteprise edition maybe?

    However I'd suggest you to download and install MalwareBytes' Antimalware free and run a quick scan (do not worry, MalwareBytes' won't conflict with Norton)

    Malwarebytes.org

    simply download the free edition, if you like it you may get real time protection and Ip blocker for only 18 Euro/$ 24,95/ 16,21 - a life time license.

    Make me know, please.

    And if you want you may like to http://forum.thewindowsclub.com/foru...-yourself.html

    P.S sorry for my english
    Last edited by leofelix; 20th December 2009 at 23:53.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22