Author Topic: need help  (Read 15659 times)

0 Members and 1 Guest are viewing this topic.

Rocker

  • Guest
Re:need help
« Reply #15 on: November 16, 2004, 01:29:09 AM »
That just proves my use of English and your response.

By the way, have you looked at your punctuation?  It's input, not imput!

English is not my first language, but I do know that it is  very impolite to pick someone up on there spelling!.

Also as far as punctuation is concerned, in the manner you used them, periods (full stops) would correctly be used in 'three' (...) to form an 'Ellipsis', not any old amount of full stops!.


scousemouse

  • Guest
Re:need help
« Reply #16 on: November 16, 2004, 07:31:18 PM »
 :Doh my you must be an engish teacher oppps

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:need help
« Reply #17 on: November 16, 2004, 07:35:01 PM »
Please stick to the topic. And let's keep this a friendly board. Realize that everyone can read it ;)

scousemouse

  • Guest
Re:need help
« Reply #18 on: November 16, 2004, 08:17:58 PM »
the problem is this  keep getting (dcom exploit  there are numurous ip numbers )
so i can not give you more than that ?
been into windows updates , got the patch from them but the problem is still there  .
hope you have some input that might help me thank you
« Last Edit: November 16, 2004, 08:18:26 PM by scousemouse »

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:need help
« Reply #19 on: November 16, 2004, 08:22:03 PM »
The RPC/DCOM exploit is a vulnerability that allows an attacker to gain access to the destination machine by sending a malformed packet to the DCOM service. It uses the RPC TCP port 135.

And Avast has blocked that access. So, there is no problem.
If you don't want to see the message, you can disable "show warning messages" in the options of the network shield provider.

Rocker

  • Guest
Re:need help
« Reply #20 on: November 16, 2004, 10:14:08 PM »
the problem is this  keep getting (dcom exploit  there are numurous ip numbers )
so i can not give you more than that ?
been into windows updates , got the patch from them but the problem is still there  .
hope you have some input that might help me thank you

scousemouse,


If you trace back those IP addresses, you will most likely discover that it is your ISP who is 'pinging' your machine. Some ISP's will do this to ascertain if the connection is active. All perfectly normal and rarely malicious.

It's good that you have applied the DCOM patch, Avast and/or your firewall can still, quiet correctly, be informing you that a DCOM exploit has occurred, it does not mean that it has got past your protection.

Now wasn't that nice and friendly ;-)

lookbehind

  • Guest
Re:need help
« Reply #21 on: November 16, 2004, 10:39:36 PM »
Sorry to buttin here but I think I am going blind or mad!

I want to start a new thread and "help" tells me to go to "start thread" on "forum index page". For the life of me I cannot see it! Which is the forum index page (sreenshotof?) and where is the "start thread button" located, please?

lookbehind

  • Guest
Re:need help
« Reply #22 on: November 16, 2004, 11:27:42 PM »
Thanks Eddy. I have found the right button on several forums but I had a question re 4.5 and the button does not appear there so I assume that no more is being posted to that forum.

Next question wht is the right forum for 4.5 queries now it is no longer Beta?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:need help
« Reply #23 on: November 17, 2004, 01:30:19 AM »
Next question wht is the right forum for 4.5 queries now it is no longer Beta?

This one: http://forum.avast.com/index.php?board=2
The best things in life are free.

Fast

  • Guest
Re:need help
« Reply #24 on: November 17, 2004, 02:50:24 AM »
Eddy, would it help if the DCOM service is disabled, like with the DCOM-bobulator from Gibson Research ? (http://www.grc.com)
Or would it still be reported ?
Just curious.

Fast.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:need help
« Reply #25 on: November 17, 2004, 09:06:56 AM »
Quote
DCOM (Distributed Component Object Model) is a set of Microsoft concepts and program interfaces in which client program objects can request services from server program objects on other computers in a network. DCOM is based on the Component Object Model (COM), which provides a set of interfaces allowing clients and servers to communicate within the same computer (that is running Windows 95 or a later version).

For example, you can create a page for a Web site that contains a script or program that can be processed (before being sent to a requesting user) not on the Web site server but on another, more specialized server in the network. Using DCOM interfaces, the Web server site program (now acting as a client object) can forward a Remote Procedure Call (RPC) to the specialized server object, which provides the necessary processing and returns the result to the Web server site. It passes the result on to the Web page viewer.

DCOM can also work on a network within an enterprise or on other networks besides the public Internet. It uses TCP/IP and Hypertext Transfer Protocol. DCOM comes as part of the Windows operating systems. DCOM is or soon will be available on all major UNIX platforms and on IBM's large server products. DCOM replaces OLE Remote Automation.

As you can see from the definition, disabling DCOM will only prevent the system from responding to requests, "clients" (infected systems) can still send a request.

husband

  • Guest
Re:need help
« Reply #26 on: November 20, 2004, 03:35:53 PM »
Hi

New to this game, but yes I did do a search:-) I just want to be 100% clear about what's going on with the DCOMs attack messages so I can get on with my life...

1. It happens now because I have updated to 4.5 and my old version couldn't detect it - nothing new has happened to the computor other than that.

2. It does not indicate that there is some nasty file on my computor (spent two days with several programs looking for something - should have come here first). Is quite likely to be my own isp 'pinging' me.

3.Don't worry be happy.

Cheers and thanks in advance

Geoff

whocares

  • Guest
Re:need help
« Reply #27 on: November 22, 2004, 04:10:11 PM »
Hi folks,

this is NOT your ISP pinging you, but PC's in the same ISP-network being infected with Blaster or similar RPC/DCOM-worm -> they're sending it to you as soon as you go online

There IS some info on Blaster/ RPC-DCOM-Exploit even on avast's homepage or here in the board or at microsoft or actually everywhere except at Walmart

 ;)

freya

  • Guest
Re:need help
« Reply #28 on: November 23, 2004, 12:19:53 PM »
I know it sounds silly but i really am bad at this sort of thing, i just wanted some help. i have scanned my comp and a virus was found, it gave me the options on what to do and i think i did the wrong thing. instead of moving my virus to chest i moved and re-named it. is that bad???

Online bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re:need help
« Reply #29 on: November 24, 2004, 12:06:35 AM »
Hi freya
Not if you know where you moved it to and what you called it.
 
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet