Re: Dcom Exploit

From: "PA Bear [MS MVP]" <PABearMVP@xxxxxxxxx>
Date: Sat, 17 May 2008 13:56:45 -0400

...Could someone unscrupulous be
trying to access my machine and eventually give up?

IMHO, no, it's just normal network pinging, judging from the information you've posted in this thread.

LeeG wrote:

I checked the Dcom setting was unchecked in component services last night
but I am still getting the exploit warning. Could someone unscrupulous be
trying to access my machine and eventually give up? Could this attack be
from someone obtaining my ip address through other sites, for example,
facebook. I only ask because my partner signed up recently to it. I have
run XP home for quite a while now and this has never cropped up before.

"Roger Abell [MVP]" wrote:

You are running XP, and I will assume this is a home machine.
You have no need for DCOM.
Go to Administrative Tools and select Component Services.
When it opens, click into Component Services / Computers
and right click on My Computer and select Properties.
In the My Computer Properties window that opens select
the Default Properties tab and make sure that the checkbox
Enable Distributed COM on this computer is NOT checked.
Avast might detect something coming in from the network but
if DCOM is not enabled it will not get a response.
Make sure you have a firewall enabled and that the exceptions
are all ones that you know about and need.

Roger

"LeeG" <lee.gorton(removethis)@hotmail.co.uk> wrote in message
news:8C507A76-56DC-4FDD-8152-3DDA68BBBFC4@xxxxxxxxxxxxxxxx

Forgot to mention. I have already looked at the avast forum and i can
only
find explanations and possible cures and have also tried one and currently
monitoring the solution. I am curious has to why the change?

"PA Bear [MS MVP]" wrote:

/Where/ is Avast find this?

Have you posted about this in Avast User Forums?
http://forum.avast.com/
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/

LeeG wrote:
In addition could this be being caused due to upgrading to SP3? I know
this
type of problem was addressed with sp2 but this seems to coincide with
the
upgrade to sp3! I have tried a couple of ways to close down the DCOM
port
135 but it is still showing as open. Anyone know any
answers/solutions.

"LeeG" wrote:

My Avast online scanner keeps flashing up with a Dcom Exploit
88.107.???.???:135 /tcp (the ???.??? keeps changing. 251.156,
115.154
being two of the combinations.) Am I being targeted by someone.

References:
- Dcom Exploit
  - From: LeeG
- RE: Dcom Exploit
  - From: LeeG
- Re: Dcom Exploit
  - From: PA Bear [MS MVP]
- Re: Dcom Exploit
  - From: LeeG
- Re: Dcom Exploit
  - From: Roger Abell [MVP]
- Re: Dcom Exploit
  - From: LeeG

Prev by Date: rogue local policy
Next by Date: Re: Dcom Exploit
Previous by thread: Re: Dcom Exploit
Next by thread: Re: Dcom Exploit
Index(es):
- Date
- Thread

Relevant Pages

Re: Dcom Exploit
... LeeG wrote: ... If I send a global message to the friends list on facebook, ... You have no need for DCOM. ... When it opens, click into Component Services / Computers ...
(microsoft.public.security)
Re: Dcom Exploit
... You have no need for DCOM. ... Go to Administrative Tools and select Component Services. ... When it opens, click into Component Services / Computers ... "LeeG" wrote: ...
(microsoft.public.security)
Re: Dcom Exploit
... You have no need for DCOM. ... Go to Administrative Tools and select Component Services. ... When it opens, click into Component Services / Computers ... "LeeG" wrote: ...
(microsoft.public.security)