Re: Dcom Exploit
- From: LeeG <lee.gorton(removethis)@hotmail.co.uk>
- Date: Sat, 17 May 2008 01:05:01 -0700
Windows firewall is active and I am using the full home edition of Avast.
Also using Spybot S&D and regularily scan with Adaware. I do an AV and
spybot scans about twice a month.
The SP3 was a manual download direct from the Microsoft website and I still
had my resident scanners active when I installed it. I was fully up to date
with sp2 before I installed sp3
I have tried to reverse trace the different ip addresses that are flagged by
avast but no joy.
Here are some of the variations:
88.107.251.156
88.107.115.154
88.107.16.150
88.107.38.82
88.107.146.102
88.107.30.168
Avast flashes this message: dcom exploit 88.107.251.156:135 /tcp
One link I have tried but this solution did not work is
http://www.grc.com/freeware/dcom.htm
I can access and install updates from the windows update site. Just
installed a couple of office updates on thursday.
"PA Bear [MS MVP]" wrote:
[I meant to ask, "Where is Avast finding this?"].
If you can post a few links to pertinent threads in that forum, I'd
appreciate it.
Is the Windows Firewall or a third-party firewall enabled?
What anti-spyware applications might be installed (other than Defender)?
What third-party firewall (if any)? Was Avast and/or any of these other
applications running when you installed SP3?
How did you install SP3 (e.g., manually; via Windows Update)? Was the
machine running WinXP SP1 or WinXP SP2 before SP3 was installed? Was the
machine fully patched before you installed SP3? Had you just reinstalled
Windows prior to installing SP3?
Can you successfully reach and scan for updates at Windows Update website?
Are any updates offered? If so, can you install them successfully?
--
~PA Bear
LeeG wrote:
<paste>
Not yet. This exploit seems to coincide with the installation of SP3. Up</paste>
until now I had never had this exploit happen. I have been running Avast
for quite a while now and this is the first time it has flagged this
exploit.
Forgot to mention. I have already looked at the avast forum and i can
only
find explanations and possible cures and have also tried one and currently
monitoring the solution. I am curious has to why the change?
"PA Bear [MS MVP]" wrote:
/Where/ is Avast find this?
Have you posted about this in Avast User Forums?
http://forum.avast.com/
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/
LeeG wrote:
In addition could this be being caused due to upgrading to SP3? I know
this
type of problem was addressed with sp2 but this seems to coincide with
the
upgrade to sp3! I have tried a couple of ways to close down the DCOM
port
135 but it is still showing as open. Anyone know any answers/solutions.
My Avast online scanner keeps flashing up with a Dcom Exploit
88.107.???.???:135 /tcp (the ???.??? keeps changing. 251.156, 115.154
being two of the combinations.) Am I being targeted by someone.
- Follow-Ups:
- Re: Dcom Exploit
- From: PA Bear [MS MVP]
- Re: Dcom Exploit
- From: MowGreen [MVP]
- Re: Dcom Exploit
- From: Roger Abell [MVP]
- Re: Dcom Exploit
- References:
- Dcom Exploit
- From: LeeG
- RE: Dcom Exploit
- From: LeeG
- Re: Dcom Exploit
- From: PA Bear [MS MVP]
- Re: Dcom Exploit
- From: LeeG
- Re: Dcom Exploit
- From: PA Bear [MS MVP]
- Dcom Exploit
- Prev by Date: Re: Getting bounced emails that I did not send.
- Next by Date: Re: Command for changing file security?
- Previous by thread: Re: Dcom Exploit
- Next by thread: Re: Dcom Exploit
- Index(es):
Relevant Pages
|
