Author Topic: Network Shield message  (Read 16386 times)

0 Members and 1 Guest are viewing this topic.

Gillie2tat

  • Guest
Network Shield message
« on: November 16, 2004, 07:17:09 PM »
I keep getting this message from Avast 4 Pro:-

Network Shield: blocked "DCOM Exploit" - attack from 81.178.115.162:135/tcp

What does this mean and do I do anything about it or is the fact that it is being blocked mean I'm OK?  I've had it several times since logging onto the internet 15 minutes ago.  I've never seen that particular message before.

Gillie2tat

  • Guest
Re:Network Shield message
« Reply #1 on: November 16, 2004, 07:19:00 PM »
Further information - I'm running the Kerio firewall which should be blocking this without Avast coming up with error messages.  And I have seen the other strand but because I am already running a firewall I am concerned about this issue.
« Last Edit: November 16, 2004, 07:19:51 PM by Gillie2tat »

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31078
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Network Shield message
« Reply #2 on: November 16, 2004, 07:20:21 PM »
The RPC/DCOM exploit is a vulnerability that allows an attacker to gain access to the destination machine by sending a malformed packet to the DCOM service. It uses the RPC TCP port 135.

And Avast has blocked that access. If you do not yet have a firewall, I strongly suggest you get one.

ps: and please use the search function prior to asking. This one has been answered already several times.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Network Shield message
« Reply #3 on: November 16, 2004, 07:25:48 PM »
There must be definitely something wrong with your firewall setup as it should've been blocked.

Or you have incoming RPC traffic enabled? Check the firewall rules...
« Last Edit: November 16, 2004, 07:25:54 PM by Vlk »
If at first you don't succeed, then skydiving's not for you.

Gillie2tat

  • Guest
Re:Network Shield message
« Reply #4 on: November 16, 2004, 08:01:37 PM »
Sorry Vlk I'm out of my depth here I have no idea how you check for that in the free edition of the Kerio firewall.  I've had a look round it but I have no idea where to look!  I have set it to deny all incoming intrusions.

Gillie2tat

  • Guest
Re:Network Shield message
« Reply #5 on: November 16, 2004, 08:18:39 PM »
This is really weird, I've found the section in the Kerio firewall where the IP that's causing the problem shows up - and it's my ISP!!

I wonder if their server is running portscans or something and causing these alerts.  Thank goodness Avast is spotting them.

And yes even though I've set Kerio to deny all intrusions these alerts are still coming up.

I attach a screenshot of the firewall details.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31078
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Network Shield message
« Reply #6 on: November 16, 2004, 08:24:11 PM »
The screenshot doens't show if the traffic is outgoing or incomming. If it is outgoing, your system is infected.

Gillie2tat

  • Guest
Re:Network Shield message
« Reply #7 on: November 16, 2004, 08:29:39 PM »
OK off to run a full system scan now.

By the way I only get these alerts when I am actually online.

Gillie2tat

  • Guest
Re:Network Shield message
« Reply #8 on: November 16, 2004, 10:27:15 PM »
OK I have run a full system scan with Avast, no viruses found.  I had it set to high with scan archives checked.  I then scanned with Spybot and Ad Aware, both found a few cookies but nothing more.

I rather think that if Avast is continually coming up with these alerts when I am online they are coming into the computer rather than going out from it.  If Avast is blocking them as it obviously is, is it possible to turn these alerts off and if so would it be reasonable to do so?  Avast would let me know at once anyway if something tried to run which had something it recognised as a virus.

As far as the Kerio firewall is concerned it is definitely working, I just don't know why it's not blocking this and what it is.

Also it seems to be happening almost every time I click on a link which suggests something to do with the server connection to my ISP.  I am wondering if I should report this to them in case it's a hacker.
« Last Edit: November 16, 2004, 10:50:56 PM by Gillie2tat »

Offline MikeBCda

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2247
Re:Network Shield message
« Reply #9 on: November 17, 2004, 12:47:14 AM »
If, as is often the case, your arrangement with your ISP is that you're disconnected after however-long of inactivity, any chance it's just them checking whether you're currently active?
Intel Atom D2700, 2 gig RAM, Win 7 x64 SP1 & IE-11, Firefox 51.0
(default). 320 gig HD, 15Mb DSL, Win firewall, Avast 12.3.2280 free, SpywareBlaster, MBAM Prem., Crypto-Prevent

Offline lukor

  • Administrator
  • Super Poster
  • ***
  • Posts: 1884
    • AVAST Software
Re:Network Shield message
« Reply #10 on: November 17, 2004, 12:58:34 AM »
Gillie, if our driver is loaded before the firewall's we see the exploit first and thus display these warning messages. You can switch them off in Network Shield provider.  In all cases it when you see it, the possible attack is detected and stopped. So there's no need to be nervous.

Lukas.


Gillie2tat

  • Guest
Re:Network Shield message
« Reply #11 on: November 17, 2004, 08:40:44 AM »
In answer to your first question, no I have an unlimited broadband account - there's no time limit for being online.

In answer to the second point - how do I switch off the alerts?  I'm perfectly happy that Avast is blocking these, great to have a little extra protection.  I just don't want these pop ups all the time.

I think the server is certainly doing something, what I don't know but if Avast is protecting me - which it is - I don't really need to know about it unless I have a virus of some kind:)

Not that nervous, I've been using puters since the early 1990s, have had my own since January 2001 and teach how to use Avast over at VU.  I just wanted to be sure what this was before I switched something off I shouldn't:) and I went all over the program last night but couldn't see how to switch off the alerts and still have the network shield protection which is what I want to do.  In fact I couldn't find any access to the network shield at all.
« Last Edit: November 17, 2004, 08:42:56 AM by Gillie2tat »

galooma

  • Guest
Re:Network Shield message
« Reply #12 on: November 17, 2004, 08:56:02 AM »
r,click on blue ball then on access protection control then double click on network sheild   That works for me  ;) ;D ;D ;D
« Last Edit: November 17, 2004, 08:56:53 AM by ginblossom »

Gillie2tat

  • Guest
Re:Network Shield message
« Reply #13 on: November 17, 2004, 08:59:18 AM »
OK for me that was right click on the Avast ball, left click on On Access Protection Control, click on Network Shield, click on Customise and uncheck warning messages.  I left the logs checked so that I'll have some way of tracking these alerts.

Thanks so much for all the help!

galooma

  • Guest
Re:Network Shield message
« Reply #14 on: November 17, 2004, 09:01:22 AM »
my pleasure see ya again soon  :D :D