[Arin]

I run Avast! Virus protection and every few minutes I get a small popup from avast warning me of an LSASS Exploit (sxp) and then it lists my wan ip and a port number.

I have no idea what is going on here. I have full virus protection and have scanned my entire computer several times. I also used their removal tool and it did nothing. I also am running windows xp sp2 with all the updates, which should have patched this old exploit, yet it keeps popping up. I'll even run a netstat -a to make sure I dont see any funny connections and I dont. I've also run a full spy doctor scan and found nothing.

Any clue here?

[Sampson]

It's possible that you got the Sasser virus. Anyway Microsoft put out a fix for it a long time ago: http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
On the other hand, Avast! may be giving you a false positive.

There are three ports nomally affected by Sasser: TCP port 445 (Windows networking), FTP server on port 5554, and port 9996 as its backdoor.

[Arin]

I just decided to block port 445 with a registry hack since my version of windows (xp with sp2)_ is not listed on the security page by Microsoft.