Re: Dcom Exploit

Is Avast configured to automatically seek updates as least once a day?

Are you now running Avast v4.8.1201? There have been two (2) program updates for Avast v4.8 since 12 May 2008: http://www.avast.com/eng/avast-4-home_pro-revision-history.html

The above notwithstanding, the fact that you installed SP3 without having first disabled all real-time protections may be related to the reports you're seeing from Avast now. I'd recommend posting about this in a new thread in the appropriate Avast Support Forum before doing anything else about it: http://forum.avast.com/index.php?board=2.0
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/


LeeG wrote:
Windows firewall is active and I am using the full home edition of Avast.
Also using Spybot S&D and regularily scan with Adaware. I do an AV and
spybot scans about twice a month.

The SP3 was a manual download direct from the Microsoft website and I still
had my resident scanners active when I installed it. I was fully up to date
with sp2 before I installed sp3

I have tried to reverse trace the different ip addresses that are flagged by
avast but no joy.

Here are some of the variations:

88.107.251.156
88.107.115.154
88.107.16.150
88.107.38.82
88.107.146.102
88.107.30.168

Avast flashes this message: dcom exploit 88.107.251.156:135 /tcp

One link I have tried but this solution did not work is

http://www.grc.com/freeware/dcom.htm

I can access and install updates from the windows update site. Just
installed a couple of office updates on thursday.

"PA Bear [MS MVP]" wrote:

[I meant to ask, "Where is Avast finding this?"]

If you can post a few links to pertinent threads in that forum, I'd
appreciate it.

Is the Windows Firewall or a third-party firewall enabled?

What anti-spyware applications might be installed (other than Defender)?
What third-party firewall (if any)? Was Avast and/or any of these other
applications running when you installed SP3?

How did you install SP3 (e.g., manually; via Windows Update)? Was the
machine running WinXP SP1 or WinXP SP2 before SP3 was installed? Was the
machine fully patched before you installed SP3? Had you just reinstalled
Windows prior to installing SP3?

Can you successfully reach and scan for updates at Windows Update website?
Are any updates offered? If so, can you install them successfully?
--
~PA Bear


LeeG wrote:
<paste>
Not yet. This exploit seems to coincide with the installation of SP3. Up
until now I had never had this exploit happen. I have been running Avast
for quite a while now and this is the first time it has flagged this
exploit.
</paste>
Forgot to mention. I have already looked at the avast forum and i can
only
find explanations and possible cures and have also tried one and currently
monitoring the solution. I am curious has to why the change?

"PA Bear [MS MVP]" wrote:
/Where/ is Avast find this?

Have you posted about this in Avast User Forums?
http://forum.avast.com/
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/


LeeG wrote:
In addition could this be being caused due to upgrading to SP3? I know
this
type of problem was addressed with sp2 but this seems to coincide with
the
upgrade to sp3! I have tried a couple of ways to close down the DCOM
port
135 but it is still showing as open. Anyone know any answers/solutions.

My Avast online scanner keeps flashing up with a Dcom Exploit
88.107.???.???:135 /tcp (the ???.??? keeps changing. 251.156, 115.154
being two of the combinations.) Am I being targeted by someone.

.

Relevant Pages

  • Re: Dcom Exploit
    ... Windows firewall is active and I am using the full home edition of Avast. ... I can access and install updates from the windows update site. ... applications running when you installed SP3? ...
    (microsoft.public.security)
  • Re: More critical updates
    ... employee responsible for weaving fake silk from discarded swabs in an AIDS ... surely all these updates most make the code of Windows very fragmented, which could explain why my computer is starting to run slow. ... 09/11/2005 Tested on: 10/11/2005 20:04:03 avast! ...
    (alt.os.windows-xp)
  • Re: More critical updates
    ... chrisv wrote: ... surely all these updates most make the code of Windows very fragmented, which could explain why my computer is starting to run slow. ... 09/11/2005 Tested on: 10/11/2005 20:07:02 avast! ...
    (alt.os.windows-xp)
  • Re: Is there SP2 or SP3 in my computer?
    ... > From what I can tell - you have Windows XP Service Pack 3 Release ... Maybe that occurred silently because I never installed SP3 and never received request for such update. ... As I told ALL updates disappeared from 'Add or Remove Programs'. ...
    (microsoft.public.windowsxp.general)
  • Re: Cant install updates
    ... I set up auto updates and got SP3. ... Since i installed SP3, though I have a load of updates downloaded nothing ... will install. ... "Updates are not installed successfully from Windows Update, ...
    (microsoft.public.windowsupdate)