lsass.exe is part of the XP o/s.
if both Symantec and AVG say no worm you do not have a worm.
hope this helps.
lsass.exe listens on port 500 for UDP and if ZA tells you that your LSASS is trying to connect, you are well to deny although I am unaware of any decrease in functionality as a result of the denial.
a zone alarm alert informed me that LSA shell export version was trying to access the internet...
i said "no" and started looking for info....
according to AVG, i'm clean
Symantec says "no sasser worm found"
a search on my PC says that i have 4 copies of lsass.exe, but they are all dated 2001 (XP pro)
questions: do i have the worm or not? if yes, what now?