Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: ravi16aug on June 24, 2010, 09:26:23 PM

Title: Repeated Alerts from Network Shield
Post by: ravi16aug on June 24, 2010, 09:26:23 PM

Hi
My dad is getting this alert multiple times a day.
Any pointers on how to get rid of this issue?

Title: Re: Repeated Alerts from Network Shield
Post by: Lisandro on June 24, 2010, 09:30:07 PM

Messages like:
Network Shield: blocked "DCOM Exploit" - attack from 81.178.115.162:135/tcp
are due to the RPC/DCOM exploit, which is a vulnerability that allows an attacker to gain access to the destination machine by sending a malformed packet to the DCOM service. It uses the RPC TCP port 135.

Which firewall do you use?
And, most important, is your operational system updated?

Title: Re: Repeated Alerts from Network Shield
Post by: ravi16aug on June 24, 2010, 09:43:31 PM

Thanks for your response.
The machine in question has a copy of fully patched Windows 7 Home Premium installed.
The only firewall in the system is the default Windows firewall at default settings.

Title: Re: Repeated Alerts from Network Shield
Post by: Lisandro on June 25, 2010, 02:43:17 PM

It should be enough.
Anyway, you're protected by avast Network Shield. Be happy :)

Title: Re: Repeated Alerts from Network Shield
Post by: polonus on June 25, 2010, 03:00:37 PM

Hi, Ravi Gupta, there could have been two problems,

1. Your Windows is not fully updated.
2. You're not using a two-side firewall.

Network Shield is a protection against known Internet worms/attacks. It analyzes all network traffic and scans it for malicious content. It can be also taken as a lightweight firewall (or more precisely, an IDS (Intrusion Detection System).

Messages like:
Network Shield: blocked "DCOM Exploit" - attack from 81.178.115.162:135/tcp
are due to the RPC/DCOM exploit, which is a vulnerability that allows an attacker to gain access to the destination machine by sending a malformed packet to the DCOM service. It uses the RPC TCP port 135. Basically, it could be infected by Internet worms such as Win32.CodeRed, Win32.SQLSlammer, Win32.Blaster, in32.Welchia (Nachi) and Win32.Sasser.
You can also download Steve Gibson's DCOMbobulator: http://www.grc.com/files/DCOMbob.exe   to disable DCOM on port 135

polonus

Title: Re: Repeated Alerts from Network Shield
Post by: Asyn on June 25, 2010, 09:06:13 PM

Quote from: Ravi Gupta on June 24, 2010, 09:26:23 PM

Hi
My dad is getting this alert multiple times a day.
Any pointers on how to get rid of this issue?

What issue..?? avast blocked it, that's what it is supposed to do.
Anyway, your firewall should have blocked it before avast...!!
Seems your W7 FW gets bypassed. Maybe use an advanced 3rd party product.
asyn