Network Shield "DCOM BLOCKED" Attack From....

[N@URINE]

hi !
a friend of mine asked me to post his problem here
avast show that warning in the picture.
please can you explain to me why it appears and how can it be solved?
thank you in advance.

[Lisandro]

Messages like:
Network Shield: blocked "DCOM Exploit" - attack from 81.178.115.162:135/tcp
are due to the RPC/DCOM exploit, which is a vulnerability that allows an attacker to gain access to the destination machine by sending a malformed packet to the DCOM service. It uses the RPC TCP port 135.

Which firewall do you use?
And, most important, is your operational system updated?

You could get this free program from Steve Gibson's site.  This small program will test your PC to see if it's vulnerable.  The link below also explains what DCOM is all about.
http://www.grc.com/freeware/dcom.htm

[DavidR]

DCOM Exploit attacks are speculative as those responsible for the attack don't know if you are vulnerable to this exploit. Your firewall under normal circumstances should handle this before avasts Network Shield does.

So either their firewall is disabled or possibly not up to the job, so Tech question about what firewall is very relevant.

[ggf31416]

10.xxx.xxx.xxx are IP addresses that belong to a (probably very large) private network (maybe their ISP works as a private network )
http://en.wikipedia.org/wiki/Private_network

Other possibility is that the IP address was spoofed

[N@URINE]

Messages like:
Network Shield: blocked "DCOM Exploit" - attack from 81.178.115.162:135/tcp
are due to the RPC/DCOM exploit, which is a vulnerability that allows an attacker to gain access to the destination machine by sending a malformed packet to the DCOM service. It uses the RPC TCP port 135.

Which firewall do you use?
And, most important, is your operational system updated?

You could get this free program from Steve Gibson's site.  This small program will test your PC to see if it's vulnerable.  The link below also explains what DCOM is all about.
http://www.grc.com/freeware/dcom.htm

Hi Tech and David !
I'm late to reply because I had to wait my friend to tell me.
thank you so much Tech, my friend made an update for his window then Disabled the DCOM with that software, and the warning of Avast didn't show any longer.
you know everytime I come to this forum I can't image in it without you guys Tech and DavidR. you're always the very first to give help. many thanks for your efforts and I'm sorry for bothering you with my problems.

[Lisandro]

I'm sorry for bothering you with my problems.

You're not bothering in any way... without questions, no answers, no forum, no help, no joy

[N@URINE]

10.xxx.xxx.xxx are IP addresses that belong to a (probably very large) private network (maybe their ISP works as a private network )
http://en.wikipedia.org/wiki/Private_network

Other possibility is that the IP address was spoofed

thank you too, for your information, it is helpful.

[naecO]

Hello,
I've been having this same kind of warning from aVast since last night. Interestingly, however, I have remarked that I only started having this warning after switching to a unsecured wireless network (my ISP is down and i was using a public hotspot).

I will report again if these warning continue to appear when I'm back to my secure daily wireless connection.

If I'm correct, the secured connection must have been filtering these 'attacks'.