What is DCOM Exploit...?

[maestro649]

What actually is DCOM exploit? The avast OnScanner shows frequent messages that it blocks DCOM exploit attack.
First i thought it was an error in Avast. But later came to know that it is protecting me from the attack.
But what exactly is this DCOM Exploit and LSASS Exploit(SXP)? Is there any harm from that for my computer?
I'm worried because i used to see this message often these days.
Pls reply.
 

Thnx.

[mpec82]

if it says that it has been blocked it's ok. try installing a firewall (sygate or others) and block lsass from accessing the net.

[kamulko]

Have you a firewall installed? Have you installed the WinXP Service Pack 2?

Avast! is blocking 2 real attacks:
the first is typic sign of the worm W32/Blaster or Lovesan, who use the RPC to intrude in your pc: see the microsoft patch, in Microsoft Security Bulletin (patch MS03-026);
the second alarm concerns a "hole" of microsoft: the patch have the code: MSO4-011.

Remember the firewall!!!

[kamulko]

Read here: page from WinPatrol Website

Local Security Authority Service - LSASS.EXE

Lsass.exe is a system process for Microsoft Windows security mechanisms. It generates the process responsible for authenticating users for the Winlogon service. This process is performed by using authentication packages such as the default Msgina.dll. If authentication is successful, Lsass generates the user's access token, which is used to launch the initial shell. Other processes that the user initiates inherit this token.

This program has been mentioned in many security bulletins after the Sasser worm was created and the LSASS vulnerability in Microsoft's Operating Systems was discovered. It also installs with Randex and Mydoom variants and numerous other worms. You'll need to leave this file in place. So you'll want to keep up to date with any security updates and service packs from Microsoft.

How to Obtain Windows XP Service Pack 2 - http://www.microsoft.com/athome/security/protect/windowsxp/choose.aspx

[Lisandro]

The message means that you are already protected and avast! blocked the attack. To turn off the display of these messages, go to the settings of the Network Shield provider and uncheck the option "Show warning messages".

See a picture here: http://forum.avast.com/index.php?board=1;action=display;threadid=9078 or http://forum.avast.com/index.php?board=2;action=display;threadid=9367

[TAP]

Could someone please tell me, if I have a firewall with full-patched Windows so is Network Shield really necessary for me?

Thanks 

[Lisandro]

Could someone please tell me, if I have a firewall with full-patched Windows so is Network Shield really necessary for me?

Network Shield is a protection against known Internet worms/attacks. It analyses all network traffic and scans it for malicious contents. It can be also taken as a lightweight firewall (or more precisely, an IDS (Intrusion Detection System).

Network Shield protects you from internet worms that spread themselves via various security holes in your system. Typicaly these kind of viruses don't infect files but instead  they attack running processes on your PC (either Windows components or some server programs like SQL Server, IIS etc.). These kind of attacks are not easily catched by ordinary antivirus during file or mail scanning. It is not a duplicate work with Standard Shield.

I won't disable it if I were you... It does not take enough resources to worry you and let you protect all the time...

[Jarmo P]

Could someone please tell me, if I have a firewall with full-patched Windows so is Network Shield really necessary for me?

I don't think Network Shield is necessary if your firewall is configured right.
I never got those warnings when running either Sygate fw or also only XP SP2 fw.

But if it is natural to get those warnings, some software running and allowed might open those ports?
I dont know?

[kamulko]

Hi, Jarmo!
Some months ago, a PC Magazine's deep test showed how ALL firewalls can be damaged by malwares. There's no inviolable firewall in the world! In other part of this forum, I said my experience: (2 years ago) my ZA was partly disassembled by a malware attack... without alarm messages!!! This fact shows the benefit of this Avast! option. Sorry for my english. 

[Jarmo P]

I agree with you Kamulko.

I do keep my Network Shield running, it was only an answer to maestro, that maybe there is something wrong in his fw, and also my answer to Tap, that I have never got a warning when behind a well configured fw.