Author Topic: DCOM Exploit Attack please help me!  (Read 9668 times)

0 Members and 1 Guest are viewing this topic.

yoonyul009

  • Guest
DCOM Exploit Attack please help me!
« on: May 27, 2011, 05:05:31 AM »
please help me to solve this one.. always appearing. I've used DCOMbobulator and private firewall but it still pops out..


Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37509
  • Not a avast user
Re: DCOM Exploit Attack please help me!
« Reply #1 on: May 27, 2011, 09:34:39 AM »
use forum searc  "DCOM Exploit"  as the forum is full of these

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: DCOM Exploit Attack please help me!
« Reply #2 on: May 27, 2011, 02:35:15 PM »
please help me to solve this one.. always appearing. I've used DCOMbobulator and private firewall but it still pops out..

I have always been of the opinion that dcombobulator is a waste of time as it is a 'local' setting, but that doesn't stop the external source trying to exploit it.

DCOM Attacks are speculative, not targeted and tries to exploit a vulnerability in out of date OS, if your OS is up to date then you aren't vulnerable to the exploit. That doesn't stop them (usually someone from the same ISP with an infected computer) trying to see if it can infect others.
 
Your firewall should be the first line of defence in this, but avast also monitors common attack ports using the Network Shield, ideally the firewall should block it and avast wouldn't know about it, but for whatever reason avast is first in line over your firewall.

What is your firewall ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

yoonyul009

  • Guest
Re: DCOM Exploit Attack please help me!
« Reply #3 on: May 27, 2011, 02:39:00 PM »
BTW, i am using windows 7 home premium..
i used private firewall but then when the DCOM Exploit attacked again while im using Private Firewall, i thought that private firewall is 'useless'. So now.. im just using the default windows firewall..

AdrianH

  • Guest
Re: DCOM Exploit Attack please help me!
« Reply #4 on: May 27, 2011, 02:43:01 PM »
BTW, i am using windows 7 home premium..
i used private firewall but then when the DCOM Exploit attacked again while im using Private Firewall, i thought that private firewall is 'useless'. So now.. im just using the default windows firewall..

I think you are misunderstanding what is happening.  You are visiting a site or sites that have the exploit embedded, you are getting the warning popups because your system has successfully been protected.  You need to avoid the sites with malware.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: DCOM Exploit Attack please help me!
« Reply #5 on: May 27, 2011, 03:11:12 PM »
Your firewall should be the first line of defence in this, but avast also monitors common attack ports using the Network Shield, ideally the firewall should block it and avast wouldn't know about it, but for whatever reason avast is first in line over your firewall.

+1

I think you are misunderstanding what is happening.  You are visiting a site or sites that have the exploit embedded, you are getting the warning popups because your system has successfully been protected.  You need to avoid the sites with malware.

Has nothing to do with visited sites. ;)
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: DCOM Exploit Attack please help me!
« Reply #6 on: May 27, 2011, 03:18:09 PM »
BTW, i am using windows 7 home premium..
i used private firewall but then when the DCOM Exploit attacked again while im using Private Firewall, i thought that private firewall is 'useless'. So now.. im just using the default windows firewall..

I think you are misunderstanding what is happening.  You are visiting a site or sites that have the exploit embedded, you are getting the warning popups because your system has successfully been protected.  You need to avoid the sites with malware.

Well you don't have to be even visiting a site or using your browser for your system to be a) port scanned or b) exploit attempts made, based solely on random IP address generation seeking out open systems. You have a broadband connection which is always on so your IP address must also be available.

The web shield is very hot on these types of exploit and hacked sites in general. This is an external attempt to connect, not whilst browsing or it would likely be the Web Shield alerting and reference to the browser.

A very long time ago when I installed XP I got hit by the Blaster worm (pre-avast days) and the site I was actually on was Windows Updates, getting the latest security updates and I got hit within a minute of being on line. So I rather doubt that MS was serving up exploits on the windows update site.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline davexnet

  • Poster
  • *
  • Posts: 540
Re: DCOM Exploit Attack please help me!
« Reply #7 on: May 27, 2011, 05:51:21 PM »
According to the info at GRC, having a simple home router is enough to stop
the "probes" from getting through to the computer.  Port 135 is closed at the router.
Is this not true?  Secondly the exploit, taking advantage of a buffer overflow,
was supposedly fixed in Windows years ago.
AMD FX-4300 4GB DDR3
avast free 2279 (Windows XP), MBAM free

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: DCOM Exploit Attack please help me!
« Reply #8 on: May 27, 2011, 05:58:48 PM »
Secondly the exploit, taking advantage of a buffer overflow,
was supposedly fixed in Windows years ago.

It was, but it doesn't stop the attacks. ;)
Anyway, any good FW should stop this before avast!...
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

yoonyul009

  • Guest
Re: DCOM Exploit Attack please help me!
« Reply #9 on: May 28, 2011, 06:40:01 AM »
Secondly the exploit, taking advantage of a buffer overflow,
was supposedly fixed in Windows years ago.

It was, but it doesn't stop the attacks. ;)
Anyway, any good FW should stop this before avast!...


whats FW?
then what can i do to close port 135?

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: DCOM Exploit Attack please help me!
« Reply #10 on: May 28, 2011, 08:35:42 AM »
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

yoonyul009

  • Guest
Re: DCOM Exploit Attack please help me!
« Reply #11 on: May 28, 2011, 09:02:03 AM »
how can i remove that pop-up?? and block the attack? ???

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: DCOM Exploit Attack please help me!
« Reply #12 on: May 28, 2011, 09:09:41 AM »
1. how can i remove that pop-up??
2. and block the attack? ???

1. Check: 'Do not show this message again'
2. The attack already gets blocked by avast.
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

yoonyul009

  • Guest
Re: DCOM Exploit Attack please help me!
« Reply #13 on: May 28, 2011, 11:12:17 AM »
1. how can i remove that pop-up??
2. and block the attack? ???

1. Check: 'Do not show this message again'
2. The attack already gets blocked by avast.


---> is that just alright to block the attack? is there a way to remove it?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: DCOM Exploit Attack please help me!
« Reply #14 on: May 28, 2011, 02:35:19 PM »
You simply can't stop the external attempts as I said in my first reply.

Quote from: DavidR
I have always been of the opinion that dcombobulator is a waste of time as it is a 'local' setting, but that doesn't stop the external source trying to exploit it.

Closing port 135 is also a local setting, so it won't stop the speculative external attempts.

The windows 7 firewall has outbound protection disabled by default and even if enabled it isn't very user friendly. So how to close a port in the win7 firewall I don't know. Why it isn't getting in before the avast network shield I don't know as I would have though that it should block this 'silently.'

But there really isn't any way to tell if it just allowed this connection to port 135 or if it is simply the network shield being first in order.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security