Author Topic: DCOM Exploit Attack please help me!  (Read 8179 times)

0 Members and 1 Guest are viewing this topic.

Offline yoonyul009

  • Newbie
  • *
  • Posts: 5
DCOM Exploit Attack please help me!
« on: May 27, 2011, 05:05:31 AM »
please help me to solve this one.. always appearing. I've used DCOMbobulator and private firewall but it still pops out..


Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37106
Re: DCOM Exploit Attack please help me!
« Reply #1 on: May 27, 2011, 09:34:39 AM »
use forum searc  "DCOM Exploit"  as the forum is full of these

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85779
  • No support PMs thanks
Re: DCOM Exploit Attack please help me!
« Reply #2 on: May 27, 2011, 02:35:15 PM »
please help me to solve this one.. always appearing. I've used DCOMbobulator and private firewall but it still pops out..

I have always been of the opinion that dcombobulator is a waste of time as it is a 'local' setting, but that doesn't stop the external source trying to exploit it.

DCOM Attacks are speculative, not targeted and tries to exploit a vulnerability in out of date OS, if your OS is up to date then you aren't vulnerable to the exploit. That doesn't stop them (usually someone from the same ISP with an infected computer) trying to see if it can infect others.
 
Your firewall should be the first line of defence in this, but avast also monitors common attack ports using the Network Shield, ideally the firewall should block it and avast wouldn't know about it, but for whatever reason avast is first in line over your firewall.

What is your firewall ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.8.2487 (build 21.8.6586.697) UI 1.0.666/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline yoonyul009

  • Newbie
  • *
  • Posts: 5
Re: DCOM Exploit Attack please help me!
« Reply #3 on: May 27, 2011, 02:39:00 PM »
BTW, i am using windows 7 home premium..
i used private firewall but then when the DCOM Exploit attacked again while im using Private Firewall, i thought that private firewall is 'useless'. So now.. im just using the default windows firewall..

Offline AdrianH

  • Advanced Poster
  • **
  • Posts: 854
Re: DCOM Exploit Attack please help me!
« Reply #4 on: May 27, 2011, 02:43:01 PM »
BTW, i am using windows 7 home premium..
i used private firewall but then when the DCOM Exploit attacked again while im using Private Firewall, i thought that private firewall is 'useless'. So now.. im just using the default windows firewall..

I think you are misunderstanding what is happening.  You are visiting a site or sites that have the exploit embedded, you are getting the warning popups because your system has successfully been protected.  You need to avoid the sites with malware.
Win8.1 Pro 64Bit  : KIS2014 : CryptoPrevent : Privazer:

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 72274
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: DCOM Exploit Attack please help me!
« Reply #5 on: May 27, 2011, 03:11:12 PM »
Your firewall should be the first line of defence in this, but avast also monitors common attack ports using the Network Shield, ideally the firewall should block it and avast wouldn't know about it, but for whatever reason avast is first in line over your firewall.

+1

I think you are misunderstanding what is happening.  You are visiting a site or sites that have the exploit embedded, you are getting the warning popups because your system has successfully been protected.  You need to avoid the sites with malware.

Has nothing to do with visited sites. ;)
Win 8.1 [x64] - Avast PremSec 21.9.6675.IBC [UI.671] - EEK - Firefox ESR 78.15 [NS/uBO/PB] - TB 91.2.1
Avast-Tools: Secure Browser 94.0 - Cleanup 21.3 - SecureLine 5.13 - Driver Updater 21.3 - CCleaner 5.85
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85779
  • No support PMs thanks
Re: DCOM Exploit Attack please help me!
« Reply #6 on: May 27, 2011, 03:18:09 PM »
BTW, i am using windows 7 home premium..
i used private firewall but then when the DCOM Exploit attacked again while im using Private Firewall, i thought that private firewall is 'useless'. So now.. im just using the default windows firewall..

I think you are misunderstanding what is happening.  You are visiting a site or sites that have the exploit embedded, you are getting the warning popups because your system has successfully been protected.  You need to avoid the sites with malware.

Well you don't have to be even visiting a site or using your browser for your system to be a) port scanned or b) exploit attempts made, based solely on random IP address generation seeking out open systems. You have a broadband connection which is always on so your IP address must also be available.

The web shield is very hot on these types of exploit and hacked sites in general. This is an external attempt to connect, not whilst browsing or it would likely be the Web Shield alerting and reference to the browser.

A very long time ago when I installed XP I got hit by the Blaster worm (pre-avast days) and the site I was actually on was Windows Updates, getting the latest security updates and I got hit within a minute of being on line. So I rather doubt that MS was serving up exploits on the windows update site.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.8.2487 (build 21.8.6586.697) UI 1.0.666/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline davexnet

  • Poster
  • *
  • Posts: 540
Re: DCOM Exploit Attack please help me!
« Reply #7 on: May 27, 2011, 05:51:21 PM »
According to the info at GRC, having a simple home router is enough to stop
the "probes" from getting through to the computer.  Port 135 is closed at the router.
Is this not true?  Secondly the exploit, taking advantage of a buffer overflow,
was supposedly fixed in Windows years ago.
AMD FX-4300 4GB DDR3
avast free 2279 (Windows XP), MBAM free

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 72274
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: DCOM Exploit Attack please help me!
« Reply #8 on: May 27, 2011, 05:58:48 PM »
Secondly the exploit, taking advantage of a buffer overflow,
was supposedly fixed in Windows years ago.

It was, but it doesn't stop the attacks. ;)
Anyway, any good FW should stop this before avast!...
Win 8.1 [x64] - Avast PremSec 21.9.6675.IBC [UI.671] - EEK - Firefox ESR 78.15 [NS/uBO/PB] - TB 91.2.1
Avast-Tools: Secure Browser 94.0 - Cleanup 21.3 - SecureLine 5.13 - Driver Updater 21.3 - CCleaner 5.85
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline yoonyul009

  • Newbie
  • *
  • Posts: 5
Re: DCOM Exploit Attack please help me!
« Reply #9 on: May 28, 2011, 06:40:01 AM »
Secondly the exploit, taking advantage of a buffer overflow,
was supposedly fixed in Windows years ago.

It was, but it doesn't stop the attacks. ;)
Anyway, any good FW should stop this before avast!...


whats FW?
then what can i do to close port 135?

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 72274
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: DCOM Exploit Attack please help me!
« Reply #10 on: May 28, 2011, 08:35:42 AM »
Win 8.1 [x64] - Avast PremSec 21.9.6675.IBC [UI.671] - EEK - Firefox ESR 78.15 [NS/uBO/PB] - TB 91.2.1
Avast-Tools: Secure Browser 94.0 - Cleanup 21.3 - SecureLine 5.13 - Driver Updater 21.3 - CCleaner 5.85
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline yoonyul009

  • Newbie
  • *
  • Posts: 5
Re: DCOM Exploit Attack please help me!
« Reply #11 on: May 28, 2011, 09:02:03 AM »
how can i remove that pop-up?? and block the attack? ???

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 72274
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: DCOM Exploit Attack please help me!
« Reply #12 on: May 28, 2011, 09:09:41 AM »
1. how can i remove that pop-up??
2. and block the attack? ???

1. Check: 'Do not show this message again'
2. The attack already gets blocked by avast.
Win 8.1 [x64] - Avast PremSec 21.9.6675.IBC [UI.671] - EEK - Firefox ESR 78.15 [NS/uBO/PB] - TB 91.2.1
Avast-Tools: Secure Browser 94.0 - Cleanup 21.3 - SecureLine 5.13 - Driver Updater 21.3 - CCleaner 5.85
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline yoonyul009

  • Newbie
  • *
  • Posts: 5
Re: DCOM Exploit Attack please help me!
« Reply #13 on: May 28, 2011, 11:12:17 AM »
1. how can i remove that pop-up??
2. and block the attack? ???

1. Check: 'Do not show this message again'
2. The attack already gets blocked by avast.


---> is that just alright to block the attack? is there a way to remove it?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85779
  • No support PMs thanks
Re: DCOM Exploit Attack please help me!
« Reply #14 on: May 28, 2011, 02:35:19 PM »
You simply can't stop the external attempts as I said in my first reply.

Quote from: DavidR
I have always been of the opinion that dcombobulator is a waste of time as it is a 'local' setting, but that doesn't stop the external source trying to exploit it.

Closing port 135 is also a local setting, so it won't stop the speculative external attempts.

The windows 7 firewall has outbound protection disabled by default and even if enabled it isn't very user friendly. So how to close a port in the win7 firewall I don't know. Why it isn't getting in before the avast network shield I don't know as I would have though that it should block this 'silently.'

But there really isn't any way to tell if it just allowed this connection to port 135 or if it is simply the network shield being first in order.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.8.2487 (build 21.8.6586.697) UI 1.0.666/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security