Avast WEBforum

Other => Viruses and worms => Topic started by: yoonyul009 on May 27, 2011, 05:05:31 AM

Title: DCOM Exploit Attack please help me!
Post by: yoonyul009 on May 27, 2011, 05:05:31 AM
please help me to solve this one.. always appearing. I've used DCOMbobulator and private firewall but it still pops out..

(http://i582.photobucket.com/albums/ss264/aezakmi_99/exploit.png)
Title: Re: DCOM Exploit Attack please help me!
Post by: Pondus on May 27, 2011, 09:34:39 AM
use forum searc  "DCOM Exploit"  as the forum is full of these
Title: Re: DCOM Exploit Attack please help me!
Post by: DavidR on May 27, 2011, 02:35:15 PM
please help me to solve this one.. always appearing. I've used DCOMbobulator and private firewall but it still pops out..

I have always been of the opinion that dcombobulator is a waste of time as it is a 'local' setting, but that doesn't stop the external source trying to exploit it.

DCOM Attacks are speculative, not targeted and tries to exploit a vulnerability in out of date OS, if your OS is up to date then you aren't vulnerable to the exploit. That doesn't stop them (usually someone from the same ISP with an infected computer) trying to see if it can infect others.
 
Your firewall should be the first line of defence in this, but avast also monitors common attack ports using the Network Shield, ideally the firewall should block it and avast wouldn't know about it, but for whatever reason avast is first in line over your firewall.

What is your firewall ?
Title: Re: DCOM Exploit Attack please help me!
Post by: yoonyul009 on May 27, 2011, 02:39:00 PM
BTW, i am using windows 7 home premium..
i used private firewall but then when the DCOM Exploit attacked again while im using Private Firewall, i thought that private firewall is 'useless'. So now.. im just using the default windows firewall..
Title: Re: DCOM Exploit Attack please help me!
Post by: AdrianH on May 27, 2011, 02:43:01 PM
BTW, i am using windows 7 home premium..
i used private firewall but then when the DCOM Exploit attacked again while im using Private Firewall, i thought that private firewall is 'useless'. So now.. im just using the default windows firewall..

I think you are misunderstanding what is happening.  You are visiting a site or sites that have the exploit embedded, you are getting the warning popups because your system has successfully been protected.  You need to avoid the sites with malware.
Title: Re: DCOM Exploit Attack please help me!
Post by: Asyn on May 27, 2011, 03:11:12 PM
Your firewall should be the first line of defence in this, but avast also monitors common attack ports using the Network Shield, ideally the firewall should block it and avast wouldn't know about it, but for whatever reason avast is first in line over your firewall.

+1

I think you are misunderstanding what is happening.  You are visiting a site or sites that have the exploit embedded, you are getting the warning popups because your system has successfully been protected.  You need to avoid the sites with malware.

Has nothing to do with visited sites. ;)
Title: Re: DCOM Exploit Attack please help me!
Post by: DavidR on May 27, 2011, 03:18:09 PM
BTW, i am using windows 7 home premium..
i used private firewall but then when the DCOM Exploit attacked again while im using Private Firewall, i thought that private firewall is 'useless'. So now.. im just using the default windows firewall..

I think you are misunderstanding what is happening.  You are visiting a site or sites that have the exploit embedded, you are getting the warning popups because your system has successfully been protected.  You need to avoid the sites with malware.

Well you don't have to be even visiting a site or using your browser for your system to be a) port scanned or b) exploit attempts made, based solely on random IP address generation seeking out open systems. You have a broadband connection which is always on so your IP address must also be available.

The web shield is very hot on these types of exploit and hacked sites in general. This is an external attempt to connect, not whilst browsing or it would likely be the Web Shield alerting and reference to the browser.

A very long time ago when I installed XP I got hit by the Blaster worm (pre-avast days) and the site I was actually on was Windows Updates, getting the latest security updates and I got hit within a minute of being on line. So I rather doubt that MS was serving up exploits on the windows update site.
Title: Re: DCOM Exploit Attack please help me!
Post by: davexnet on May 27, 2011, 05:51:21 PM
According to the info at GRC, having a simple home router is enough to stop
the "probes" from getting through to the computer.  Port 135 is closed at the router.
Is this not true?  Secondly the exploit, taking advantage of a buffer overflow,
was supposedly fixed in Windows years ago.
Title: Re: DCOM Exploit Attack please help me!
Post by: Asyn on May 27, 2011, 05:58:48 PM
Secondly the exploit, taking advantage of a buffer overflow,
was supposedly fixed in Windows years ago.

It was, but it doesn't stop the attacks. ;)
Anyway, any good FW should stop this before avast!...
Title: Re: DCOM Exploit Attack please help me!
Post by: yoonyul009 on May 28, 2011, 06:40:01 AM
Secondly the exploit, taking advantage of a buffer overflow,
was supposedly fixed in Windows years ago.

It was, but it doesn't stop the attacks. ;)
Anyway, any good FW should stop this before avast!...


whats FW?
then what can i do to close port 135?
Title: Re: DCOM Exploit Attack please help me!
Post by: Asyn on May 28, 2011, 08:35:42 AM
whats FW?

FW = Firewall
Title: Re: DCOM Exploit Attack please help me!
Post by: yoonyul009 on May 28, 2011, 09:02:03 AM
how can i remove that pop-up?? and block the attack? ???
Title: Re: DCOM Exploit Attack please help me!
Post by: Asyn on May 28, 2011, 09:09:41 AM
1. how can i remove that pop-up??
2. and block the attack? ???

1. Check: 'Do not show this message again'
2. The attack already gets blocked by avast.
Title: Re: DCOM Exploit Attack please help me!
Post by: yoonyul009 on May 28, 2011, 11:12:17 AM
1. how can i remove that pop-up??
2. and block the attack? ???

1. Check: 'Do not show this message again'
2. The attack already gets blocked by avast.


---> is that just alright to block the attack? is there a way to remove it?
Title: Re: DCOM Exploit Attack please help me!
Post by: DavidR on May 28, 2011, 02:35:19 PM
You simply can't stop the external attempts as I said in my first reply.

Quote from: DavidR
I have always been of the opinion that dcombobulator is a waste of time as it is a 'local' setting, but that doesn't stop the external source trying to exploit it.

Closing port 135 is also a local setting, so it won't stop the speculative external attempts.

The windows 7 firewall has outbound protection disabled by default and even if enabled it isn't very user friendly. So how to close a port in the win7 firewall I don't know. Why it isn't getting in before the avast network shield I don't know as I would have though that it should block this 'silently.'

But there really isn't any way to tell if it just allowed this connection to port 135 or if it is simply the network shield being first in order.
Title: Re: DCOM Exploit Attack please help me!
Post by: Asyn on May 29, 2011, 08:28:49 AM
---> is that just alright to block the attack? is there a way to remove it?

Yes, blocking is alright.
Even, if you add a 3rd party firewall, it would only (silently) block it.