4 replies to this topic

[leeuniverse]

Hey.... I had to turn off my Firewall (Outpost Security Suite Pro) because when I would run Autopatcher so I could download all the stuff, I was getting some oddball script error. So, turned off my firewall, downloaded all the autopatcher updates/files and then turned off my puter, came back the next day, started my puter and my firewall starts by itself and then LSASS.EXE want's access to everything, several things after the computer has started, and also when I start my browser.

Now, what the heck is this....??? Did downloading autopatcher change some stuff on my computer?
Did some hacker hack into my system the short time autopatcher was downloading stuff? I'm not finding any infection.
Thing is, is my system was totally set..... My firewall shouldn't be warning me about anything, it's already trained.
That tells me Autopatcher has likely done something to my system??? I doubt a hacker had fun so quick, especially I still had Spyware Doctor running, so it should have detected any funny business more than likely.

So, what's the beef???

[_def_x_]

Quote

Hey.... I had to turn off my Firewall

Why would you connect to the internet without at least Windows firewall running?
No one on these forums would ever encourage running your PC without a firewall,
and would likely tell you to find another way to update your PC if you had to run
without anything in place just to use AutoPatcher.

Quote

Did downloading autopatcher change some stuff on my computer?

Quote

That tells me Autopatcher has likely done something to my system???

If you don't even know what or how AutoPatcher and APUP are or how they work,
why are you using the software?

"YOU" downloaded a zip file, unzipped it to a folder, "YOU" downloaded files Directly
from Microsoft.com" and "AutoPatcher.com" (check the scripts for the file download
locations) and now they are sitting in a folder - thats it!

Quote

Did some hacker hack into my system the short time autopatcher was downloading stuff? I'm not finding any infection.

Hackers can be malicious or if you are lucky, just toy with a system, but it happens when you
make yourself vulnerable, like you did, and not by using AutoPatcher.

Quote

So, what's the beef???

This is my question for you - what's the beef with AutoPatcher? Most of the time around here, members are
trying to help other members, and it is painful to hear about problems and frustrations folks have with their
machines, especially when they have important work to get done, but this issue is "self-inflicted" if a problem
at all.

I use ZoneAlarm Pro, every new AutoPatcher module I create I have to add new settings in ZoneAlarm's
"Program Control" so it will allow APUP to connect without being hindered. Maybe your firewall recognized a
new process and was trying to figure out how to monitor it - who knows.

Mike

Edited by gUiTaR_mIkE, 13 February 2009 - 07:24 AM.

[James]

First, we need to get some facts straight:

 leeuniverse, on Feb 13 2009, 02:20 AM, said:

... when I would run Autopatcher so I could download all the stuff ...
... the short time autopatcher was downloading stuff?

AutoPatcher never connects to the internet and never downloads anything.

APUP connects to the internet and downloads files. It never installs anything.

 leeuniverse, on Feb 13 2009, 02:20 AM, said:

... I doubt a hacker had fun so quick, ...

I don't. If you turn off your firewall and connect direct to the internet you may have 20 seconds or less before you are infected. Yes, really. This is a well-known statistic.

 leeuniverse, on Feb 13 2009, 02:20 AM, said:

then LSASS.EXE want's access to everything,

Which lsass.exe was running? There is a Windows file with that name. There is also a virus with that name.

Quote

"lsass.exe" is the Local Security Authentication Server. It verifies the validity of user logons to your PC/Server. It generates the process responsible for authenticating users for the Winlogon service. This process is performed by using authentication packages such as the default Msgina.dll. If authentication is successful, lsass generates the user's access token, which is used to launch the initial shell. Other processes that the user initiates inherit this token.

The lsass.exe file is located in the c:\windows\System32 folder. In other cases, lsass.exe is a virus, spyware, trojan or worm!

 leeuniverse, on Feb 13 2009, 02:20 AM, said:

Hey.... I had to turn off my Firewall (Outpost Security Suite Pro) ...

Please read the FAQ, we have posted many times that you do not turn off Outpost, you re-configure the Content Filtering.

--

[leeuniverse]

Thanks nice guy's..... I'm an "old" user of Autopatcher, but stopped when MS stopped it.
Anyway, yes, I guess I didn't update myself on all the "latest" nuances.

And no.... It doesn't appear to be the worm.

Anyway, was just wondering if anyone had any thoughts other then the "obvious" gut reaction put downs.
Thanks anyway.

[_def_x_]

Quote

Anyway, was just wondering if anyone had any thoughts

If this was the case why didn't you just ask for some help instead of insinuating
APUP messed up your system - as your first post for a "long time user"?

Quote

other then the "obvious" gut reaction put downs

Again, you find a way to shoot yourself in the foot. Like I said in my first statement
above, why not ask for some assistance instead of blasting an "app" you were using
improperly? Should I say your reaction was one from the "GUT?"

I have no pride so I will say, "If I over-reacted and misunderstood your intention" I
apologize, but you seem to be the type that hits in the face and takes issue when you
are hit back. I looked closely at your post and I don't see any instances of the word
"help".

I'm done with this post!