DCOM

[Piccolo]

Hi - There is an old post regarding this virus but I´m not so up with computer inner workings now as I used to be so would like some specific help please.

I´ve had this DCOM notice from Avast twice now, yesterday and today.  It has of course been blocked but I see from the old post that this ought to have been dealt with by my firewall.

I am wondering if there is a coincidence - I am currently without my telephone and internet connection due to a severe electrical storm so yesterday and today I am having to use an internet dongle.

My computer works on Vista Home Premium sp2 with the windows firewall.

I´d be grateful for some help please, thanks.

[Lisandro]

Messages like:
Network Shield: blocked "DCOM Exploit" - attack from 81.178.115.162:135/tcp
are due to the RPC/DCOM exploit, which is a vulnerability that allows an attacker to gain access to the destination machine by sending a malformed packet to the DCOM service. It uses the RPC TCP port 135.

DCOM Attacks are speculative, not targeted and tries to exploit a vulnerability in out of date OS, if your OS is up to date then you aren't vulnerable to the exploit. That doesn't stop them (usually someone from the same ISP with an infected computer) trying to see if it can infect others.
 
Your firewall should be the first line of defense in this, but avast also monitors common attack ports using the Network Shield, ideally the firewall should block it and avast wouldn't know about it, but for whatever reason avast is first in line over your firewall.