Geeks Geeks and More Geeks - View topic - DCom Exploit - Computer, Internet, Photography, Microsoft Office and general disussion - Free Message Board Hosting by FreePowerBoards.com

The Friendly Place to Get Help and Support!

Here you will find free, friendly and courteous help and support for all your computing and photography needs. We also have forums where you can just relax and have fun, talk about anything you want to discuss within board guidelines, and share your interests and hobbies with others. Our portal (Home) page contains several activities and games where you can just relax. It also contains an ecard service.

You are welcome to browse the forums to see what we have to offer, but you must register in order to participate. Some forums, games and activities are viewable only after you register. If you are new, click here to get started.

Exactly what is this and should I be alarmed?

I am online less than a minute, waiting for this site to load in another window whiles I am in another window and I get this warning from AVAST.

This is not the first time I have been getting this warning... I have been getting this pop-up for a week now... the number of the IP(?) has been different.... and it happens only at night (not every night thou - lol).

I read a bit about it and it says:

a) I better get a better firewall... or

b) The worm is inside already and I should do a scan... my scanners are all up to date and my last scan(s) was on friday... in both modes... nothing found.

So any ideas what this is and what should I do?

Thanks!
_________________

"Spirituality is not religion, religion divides people. Believing in something unites"

Network shield is meant to block known internet worms, "NETWORK SHIELD: BLOCKED "DCOM EXPLOIT" basicly means avast has blocked one (dcom exploit) and you are protected/safe.

The log identifies the attacks and where they originated from.

The following is from Step 5 of Sticky #3 in the Tutorials forum:

5. There are several known security vulnerabilities in Windows, some even with the latest security patches, that can be eliminated by small utilities developed by Steve Gibson at http://www.grc.com. If you are using the computer with Windows XP SP1, this is particularly true. Below is a link to a utility that will tell you whether or not you have the vulnerability, and will give you the option to fix it if you have it.

Link to Download: http://www.grc.com/freeware/dcom.htm

The DCOMbobulator: DCOMbobulator allows any Windows user to easily verify the effectiveness of Microsoft's recent critical DCOM patch. Confirmed reports have demonstrated that the patch is not always effective in eliminating DCOM's remote exploit vulnerability. But more importantly, since DCOM is a virtually unused and unneeded facility, the DCOMbobulator allows any Windows user to easily disable DCOM for significantly greater security.

So, if you want to be absolutely sure, even if the application indicates you don't have the vulnerability, you can always select the Decombobulate Me! button and then reboot your system and recheck for the vulnerability.

DCOM uses port 135, so if you find that you don’t have the vulnerability, you will want to choose the button that says “Remote Port 135 Test" because other services also use this port. Be sure to read about the Remote Port 135 Test in the text box below the button before running the test. If the test reveals other than “Stealth”, you are vulnerable. A test result of "Closed" just isn't good enough for me.

The best protection you can have against this vulnerability and stop the attacks will be to get a Router. You should never be without one anyway if you are going to surf the Internet!

If you want to double-check your system to ensure it's clean, download and scan with MS Malicious Software Removal Tool here:

http://www.microsoft.com/security/malwareremove/default.mspx

To check out all the tools at Steve Gibson’s site, read Step 5 of Sticky #3 in the Tutorials forum.
_________________
Repa

Older than dirt!

Thank you Repa... I will have a read through of Steve's site tomorrow

Quote:

If you want to double-check your system to ensure its clean, download and scan with MS Malicious Software Removal Tool.

Hmmm... exactly which one are you talking about? I don't see "MS Malicious Software Removal Tool" at Steve Gibson site Embarassed

_________________

"Spirituality is not religion, religion divides people. Believing in something unites"

I forgot to add the URL. I just added it to my original post, apparently while you were posting. Re-read the post, as I added a couple of other comments as well.
_________________
Repa

Older than dirt!

Got ya

Will check on it later... and thanks again...

I must.... in Ruth's words

_________________

"Spirituality is not religion, religion divides people. Believing in something unites"

Have you fixed your DCOM problem?
_________________
Repa

Older than dirt!

No not yet... but since I posted this I haven't been getting any... weird....lol

I will still check it out... just haven't had the time Rolling Eyes

_________________

"Spirituality is not religion, religion divides people. Believing in something unites"

Page generation time: 0.5242s (PHP: 100% - SQL: 0%) - SQL queries: 27 - - Debug on