Avast WEBforum
Other => Viruses and worms => Topic started by: srmtpp on November 14, 2004, 08:29:41 PM
-
Hi, ever since I got avast 4.5 updated, this little box colored in yellow pops up in the bottom right corner of my moniter."On access scanner message". It says stuff like DCOM Exploit TC from ip adress ............... or TC Packet from ip ......
Someones trying to hack into my computer correct?
How can I totally prevent this and what should I do?
This is constantly popping up.. Constantly!
thanks
-
The RPC/DCOM exploit is a vulnerability that allows an attacker to gain access to the destination machine by
sending a malformed packet to the DCOM service. It uses the RPC TCP port 135.
How can I totally prevent this and what should I do?
- Make sure you have ALL security patches/updates from Microsoft.
- Use a firewall. Best is a router with hardware firewall.
This is constantly popping up.. Constantly!
You can disable the popup in Avast Network Shield provider.
-
ok so as long as avast is running, these packets arent going to get through right? Should I change the sensitivity levels?
and heres the warning things:
14.11.2004 14:24:43 DCOM Exploit attack
from 66.203.189.184:135
14.11.2004 14:26:55 DCOM Exploit attack
from 66.203.189.184:135
14.11.2004 14:27:39 DCOM Exploit attack
from 66.202.24.136:135
14.11.2004 14:27:48 DCOM Exploit attack
from 66.202.24.136:135
14.11.2004 14:28:01 DCOM Exploit attack
from 66.203.189.184:135
14.11.2004 14:28:09 DCOM Exploit attack
from 66.203.189.184:135
14.11.2004 14:29:14 DCOM Exploit attack
from 66.203.189.184:135
14.11.2004 14:34:04 DCOM Exploit attack
from 66.203.189.184:135
14.11.2004 14:34:54 DCOM Exploit attack
from 66.203.175.9:135
14.11.2004 14:36:31 DCOM Exploit attack
from 66.203.189.38:135
-
Network Shield. It protects the computer from the attacks of Internet worms (e.g. Blaster, Sasser, etc.). It will show warning messages in the system area (above the system clock) every time it detects an Internet worm attack. There is a logging feature too: all attacks will be recorded into a log file so that you can inspect their history, frequency, etc. The llast detected attacks will be displayed on the Last attacks page.
-
Hey good forum out here, 8)
Don't Know how it hapent but i got this DCOM message coming from my own IP. Does this mean i also have a worm or backdoor on my pc, because I cant find it, checkd all the processes i didn't know and nothing turned up.
Hope to hear from someone whats wrong.
Greetz,
-
The first virus I remember getting came from my own I.S.P. I know , they're suppose to be top of the line , but take into consideration that my I.S.P.'s personel cannot even write a descent web-page for their own site . I told them they needed help...lol
-
Problem is I'm on a network directly comectet to the internet (university) so it is local zone for virus I gues because the warnings come only from network IP's.
And its spreading, thats what I can tell, LOL
8)
-
I HAVE THE SAME PROBLEM...
IS SERIOUS THIS POP UP MESSAGE ?...
IM NOT ABLE TO DETECT DCOM Exploit IN HARD DISK!..
MAYBE I HAVE TO FORMAT?
I TRYED WITH Spybot SeD , he found it but when it fix DCOM Exploit ; IT Reapper How for magic...
HELP!!!! 8)
-
I HAVE THE SAME PROBLEM...
IS SERIOUS THIS POP UP MESSAGE ?...
IM NOT ABLE TO DETECT DCOM Exploit IN HARD DISK!..
MAYBE I HAVE TO FORMAT?
I TRYED WITH Spybot SeD , he found it but when it fix DCOM Exploit ; IT Reapper How for magic...
HELP!!!! 8)
You have misunderstood what the network shield is.
The pop up messages are infoming you that avast is blocking virus worms from gaining access to your PC.
The network shield was designed to prevent internet worms from entering your PC. You could say it is acting like a firewall.
The reason you are getting all these pop ups by avast is because you either
have no firewall,
a poorly configured firewall
or the Avast shield has been loaded before your firewall.
If you understand the above then you will know that a full format is not needed and secondly why a full scan found nothing.
-
danielsaaan
I will quote what eddy said earlyer
The RPC/DCOM exploit is a vulnerability that allows an attacker to gain access to the destination machine by
sending a malformed packet to the DCOM service. It uses the RPC TCP port 135.
Basicly, dcom isn't on your harddrive, its a internet attack worm trying to gain access to your pc to my knowledge, its a sort of "basic firewall" scanning your internet traffic, if you have your firewall configerd right, you wouldn't recive this mesage.
--lee
-
Thank you;
I Have a Firewall : Sygate Personal Firewall..(Maybe I have to study how to configurate it...)
OK,
I try to scan hard disk with Spybot Search And Destroy...
He found DCOM Exploit in my Hard Disk...
5 entiries in the systeme registry; They are:
DSO Exploit: Data source object exploit (Modify to registry, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Modifica al registro, nothing done)
HKEY_USERS\S-1-5-21-1123561945-823518204-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Modify to registry, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Modify to registry, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Modify to registry, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
--- Spybot - Search && Destroy version: 1.3 ---
2004-08-11 Includes\Cookies.sbi
2004-11-17 Includes\Dialer.sbi
2004-11-17 Includes\Hijackers.sbi
2004-11-17 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-11-17 Includes\Malware.sbi
2004-10-05 Includes\Revision.sbi
2004-10-25 Includes\Security.sbi
2004-11-17 Includes\Spybots.sbi
2004-10-21 Includes\Tracks.uti
2004-11-17 Includes\Trojans.sbi
NOW, The Problem Is that: Spybot Find it , i fix it but if i start another scan, SpyBot found it again...
OK,
Now i Find this LINK that talk about these problem:
http://www.talkroot.com/archivee/index.php/t-64684_Spybot's_DSO_Exploit.html
Thank you
Danieeele.
-
Basicly, dcom isn't on your harddrive
Sorry, but it sure is on your system. wether it can do any harm depends if you have installed ALL secutity patches/updates for your OS and other installed applications.
-
danielsaaan
I had the same problem with spybot, the only way i could permently remove them is to edit my registry manuly, basicly when spybot finds it right click the key and click "go to location" , then i deleated the reg key.
Ofcourse dont do think if you don't feel confident in editing your registry, if something goes wrong you can do some pritty bad damnage to your system.
Anotherway would be to just keep up-to-date with windows patches.
--lee
-
OK, tank you;)
But what do you think about this link; This link say that the spy bot report is just a bug...
can you read it please?
ok, bye
Danielsaaan
...LINK :http://www.talkroot.com/archivee/index.php/t-64684_Spybot
-
Recurring DSO-Exploits are indeed a bug/false positive in SPYBOT; rumours have it that it's fixed with the latest BETA, but I'm not sure
Don't worry about it or read the SPYBOT-forum for more info
-
As whocares say's, from the spybot faq...
DSO-Exploit is a security gap in Internet Explorer, Outlook and Outlook Express. Microsoft did already close this gap with security updates, so with current Windows updates and patches installed, it will no longer be a threat to your system.
Spybot-S&D will still detect the DSO-Exploit, but instead of fixing it for good, it will unfortunately again set an invalid value. Therefore it will again be found with every scan.
This little bug in Spybot-S&D has already been repaired and the respective fix will soon be available as a program update.
Can be found here:-
http://www.safer-networking.org/en/faq/36.html
-
Thank you all!
I have correct the problem with SP2!!!!...
SO, 2 weeks ago i install it, but after installation the system slow down and internet went like a snail....===//è
Now i have download Firefox and is all right!
Avast dont show more pop ups Alert about Dcom Exploit
BUT...
Spy Bot Serarch and Destroy again find Dcom without shance to extinguishes...
Maybe SpyBot S&D Software House will correct this problem soon...
OK,
Thank you again
See you! ;D(http://)
-
Basicly, dcom isn't on your harddrive
Sorry, but it sure is on your system. wether it can do any harm depends if you have installed ALL secutity patches/updates for your OS and other installed applications.
I receive the same thing from DCOP and LSASS Exploits...don't have ZoneAlarm cause Avast and ZA together slowdown my poor PC a lot, not very good system I have :'(
Can I get those patches/updates from the Windows Update service? some are so heavy for my slowww connection but they should be worth it!
-
I receive the same thing from DCOM and LSASS Exploits...
Can I get those patches/updates from the Windows Update service? some are so heavy for my slowww connection but they should be worth it!
At least, enable your XP SP2 firewall and you can search for DCOM an LSASS into the Microsoft Knowledge Database or Google for more ;)
-
I've been getting the DCOM exploit as well as the lsass.exe exploit..after doing some research I've come across (some of you may know this) the Kibuv-B worm that uses both these exploits to attack your computer through different points. Windows has patches for those of you who dont know about this. I highly reccoment you get em while they're hot otherwise yer in for a world of aggrivation and migraines.