Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Stewdza on February 21, 2011, 07:26:18 PM

Title: What is this exploit?
Post by: Stewdza on February 21, 2011, 07:26:18 PM
Please, what is this?
Every 3-4 minutes avast! displays this:
<removed>
Thanks.
Title: Re: What is this exploit?
Post by: MAG on February 21, 2011, 07:37:08 PM
If you think it's an exploit why post what looks to be a live link?

Sorry - overreaction!
Title: Re: What is this exploit?
Post by: Stewdza on February 21, 2011, 07:38:19 PM
Avast says: EXPLOIT BLOCKED ?!
Title: Re: What is this exploit?
Post by: DavidR on February 21, 2011, 07:40:20 PM
DCOM Attacks are speculative, not targeted and tries to exploit a vulnerability in out of date OS, if your OS is up to date then you aren't vulnerable to the exploit. That doesn't stop them (usually someone from the same ISP with an infected computer) trying to see if it can infect others.
 
Your firewall should be the first line of defence in this, but avast also monitors common attack ports using the Network Shield, ideally the firewall should block it and avast wouldn't know about it, but for whatever reason avast is first in line over your firewall.

What is your OS and firewall ?
Title: Re: What is this exploit?
Post by: CraigB on February 21, 2011, 07:42:27 PM
Please modify the live link so that no one can unintentionally click on it.
Title: Re: What is this exploit?
Post by: Gargamel360 on February 21, 2011, 07:43:41 PM
Its a link to image hosting of the Avast! detection, harmless.
Title: Re: What is this exploit?
Post by: Stewdza on February 21, 2011, 07:44:24 PM
I don't have Firewall.
It is only on this internet modem (wireless modem).
On other internet modems all is OK.
Title: Re: What is this exploit?
Post by: DavidR on February 21, 2011, 07:45:04 PM
If you think it's an exploit why post what looks to be a live link?

He isn't posting a link to the exploit site but the image.

@ Stewdza
It would have been simpler to actually attach the image to the post (Additional Options in the Reply window), not to mention not so scary as using an external link, see my example.
Title: Re: What is this exploit?
Post by: Stewdza on February 21, 2011, 07:46:39 PM
Ok, thanks.
But what is that image?
Title: Re: What is this exploit?
Post by: DavidR on February 21, 2011, 07:47:46 PM
I don't have Firewall.
It is only on this internet modem (wireless modem).
On other internet modems all is OK.

At the very minimum you need the firewall that comes with your Operating system OS (which is ?) at that should do the blocking of this exploit attempt.
Title: Re: What is this exploit?
Post by: DavidR on February 21, 2011, 07:49:12 PM
Ok, thanks.
But what is that image?

It is the one you posted on the tinypic hosting site of the network shield blocking the exploit attempt..
Title: Re: What is this exploit?
Post by: Stewdza on February 21, 2011, 07:49:58 PM
Win7 Firewall?
No thanks.
But you tell me...Comodo or OnlineArmor?
Title: Re: What is this exploit?
Post by: DavidR on February 21, 2011, 08:00:00 PM
Well the win7 firewall should be blocking this, why it isn't and the network shield is I don't know.

The win7 firewall provides inbound protection, but the outbound protection is disabled by default. You could also enable the outbound protection of the Windows 7 firewall, but it isn't very friendly, is rule based and you have to create the rules. - Vista & Windows 7 Firewall Control, http://www.sphinx-soft.com/Vista/index.html (http://www.sphinx-soft.com/Vista/index.html) and this, http://www.sphinx-soft.com/Vista/faq.html (http://www.sphinx-soft.com/Vista/faq.html). Also check out this topic for some user friendly help for the Vista Firewall, Outbound protection, http://forum.avast.com/index.php?topic=30234.0 (http://forum.avast.com/index.php?topic=30234.0).

Comodo and Defence+ can be a bit of a pain and I have never user Online Armor, so I can't make any recommendation, I use Outpost Firewall Pro but that is a paid option.