INFECTED BY WIN32 DCOM-F EXPLOIT

[HAKr_NJN]

I AM USING AVAST HOME EDITION WITH 60 DAYS TRIAL AND NOW I AM INFECTED BY WIN32 DCOM-f[exploit]   making new .exe file in WINDOWWS/system32 folder named like ASR_13385.exe, ASR_21126.exe. SO PLEASE GIVE A PROCEDURE TO REMOVE IT, I HAVE ALSO SEARCH FOR THIS TOPIC AT GOOGLE AND GET A RESULT THAT IT WILL PRODUCE FROM rpc_kotic.exe BUT I HAVE NOT FOUND ANY PROCESS RUNNING IN TASKMGR rpc_kotic.exe AND IN WINDOWS FOLDER. AND ALSO HOW TO GET HIGH PROTECTION BY AVAST FREE EDITION. THANKS

[nmb]

Hello HAKr_NJN

you can try avast boot time scan to remove the infections.

if that doesn't work then get malwarebytes antimalware(mbam) from here : malwarebytes.org , install,update and perform full scan. post log here.

you can also try superantispyware (sas). dont worry about the tracking cookies it reports, let sas deal with it.

after doing this all, get hijack this from here : http://www.filehippo.com/download_hijackthis/download/8571e06e5eb8ab03c649f3b5d647c599/

install and run and post log here.

[.: L' arc :.]

 Please check if your firewall is enabled.

 If you are using XP, you may enhance your protection by installing a third party firewall with Outbound Protection. Examples are;

 (1) Agnitum Outpost
 (2) Online Armor
 (3) PCTools Firewall

[HAKr_NJN]

Thanks for Giving attention

YES I M USING WIN XP with SP2

And i found .exe file in system32 folder named like ASR_....
And below file type is Automated system recovery file
And i have deleted All the file, after deleting all Asr_ file windows have created 3 file named asr_fmt, asr_idm and asr_pfu and i think it is necessary file for windows. And in last 24 hours i m not getting any warning from AVAST detected DCOM exploit except a svchost.exe Application error report by windows that The instruction at "0x001f1cb0" referenced memory at "0x001f1cb0". The memory could not be "writtrn". Click on OK to terminate the program
Click on CENCEL to debug the program.And after that my net connection does not response and Does not show status window and i have to restart my PC. Give a brief description about DCOM Exploite, what problem i should get from it

AND BELOW LOG FILE LINK OF HIJECK THIS

[nmb]

post the hijack this log here. while posting go to additional options and attach the file.

edit : i use open dns and cannot open p2p or sharing sites. and i dont want to add these sites to "allow list". so please attach the file in the post. thank you

[YoKenny]

You're using Windows SP2 that has several security vulnerablilities and Windows SP3 has been available for over a year that has perfomance enhancements and several Critical Security Updates so in IE go to Tools then Windows Update then download and install all updates.

Go to Control Center then Security Center then set it to Automatic Updates (Recommended) or at least Notify me about updates but do not download nor install them.

IE8 is now available and it has more security than IE6:
http://www.microsoft.com/windows/Internet-explorer/default.aspx

Run Secunia Online Software Inspector to see what other applications have vulnerabilities:
http://secunia.com/vulnerability_scanning/online

[CharleyO]

***

Other than what Yokenny mentioned above, your HJT log looks clean. Please follow his advice.


***