Re: Dcom Exploit

Is Avast configured to automatically seek updates as least once a day?

Are you now running Avast v4.8.1201? There have been two (2) program updates for Avast v4.8 since 12 May 2008: http://www.avast.com/eng/avast-4-home_pro-revision-history.html

The above notwithstanding, the fact that you installed SP3 without having first disabled all real-time protections may be related to the reports you're seeing from Avast now. I'd recommend posting about this in a new thread in the appropriate Avast Support Forum before doing anything else about it: http://forum.avast.com/index.php?board=2.0
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/


LeeG wrote:
Windows firewall is active and I am using the full home edition of Avast.
Also using Spybot S&D and regularily scan with Adaware. I do an AV and
spybot scans about twice a month.

The SP3 was a manual download direct from the Microsoft website and I still
had my resident scanners active when I installed it. I was fully up to date
with sp2 before I installed sp3

I have tried to reverse trace the different ip addresses that are flagged by
avast but no joy.

Here are some of the variations:

88.107.251.156
88.107.115.154
88.107.16.150
88.107.38.82
88.107.146.102
88.107.30.168

Avast flashes this message: dcom exploit 88.107.251.156:135 /tcp

One link I have tried but this solution did not work is

http://www.grc.com/freeware/dcom.htm

I can access and install updates from the windows update site. Just
installed a couple of office updates on thursday.

"PA Bear [MS MVP]" wrote:

[I meant to ask, "Where is Avast finding this?"]

If you can post a few links to pertinent threads in that forum, I'd
appreciate it.

Is the Windows Firewall or a third-party firewall enabled?

What anti-spyware applications might be installed (other than Defender)?
What third-party firewall (if any)? Was Avast and/or any of these other
applications running when you installed SP3?

How did you install SP3 (e.g., manually; via Windows Update)? Was the
machine running WinXP SP1 or WinXP SP2 before SP3 was installed? Was the
machine fully patched before you installed SP3? Had you just reinstalled
Windows prior to installing SP3?

Can you successfully reach and scan for updates at Windows Update website?
Are any updates offered? If so, can you install them successfully?
--
~PA Bear


LeeG wrote:
<paste>
Not yet. This exploit seems to coincide with the installation of SP3. Up
until now I had never had this exploit happen. I have been running Avast
for quite a while now and this is the first time it has flagged this
exploit.
</paste>
Forgot to mention. I have already looked at the avast forum and i can
only
find explanations and possible cures and have also tried one and currently
monitoring the solution. I am curious has to why the change?

"PA Bear [MS MVP]" wrote:
/Where/ is Avast find this?

Have you posted about this in Avast User Forums?
http://forum.avast.com/
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/


LeeG wrote:
In addition could this be being caused due to upgrading to SP3? I know
this
type of problem was addressed with sp2 but this seems to coincide with
the
upgrade to sp3! I have tried a couple of ways to close down the DCOM
port
135 but it is still showing as open. Anyone know any answers/solutions.

My Avast online scanner keeps flashing up with a Dcom Exploit
88.107.???.???:135 /tcp (the ???.??? keeps changing. 251.156, 115.154
being two of the combinations.) Am I being targeted by someone.

.

Relevant Pages

  • Re: What is this infection" reported by Cyber Defender
    ... I used AVG for years w/o problems, recently switched to Avast on ... Daily I run AdAware, have Windows Defender ON, and everything's up ... Download, install, run, update and perform a full scan ... updates and install it. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: What is this infection" reported by Cyber Defender
    ... I used AVG for years w/o problems, recently switched to Avast on ... Daily I run AdAware, have Windows Defender ON, and everything's up ... Download, install, run, update and perform a full scan ... select just _ONE_ of the high priority updates ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: What is this infection" reported by Cyber Defender
    ... I used AVG for years w/o problems, recently switched to Avast on ... Daily I run AdAware, have Windows Defender ON, and everything's up ... Download, install, run, update and perform a full scan ... updates and install it. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: What is this infection" reported by Cyber Defender
    ... I used AVG for years w/o problems, recently switched to Avast on ... Daily I run AdAware, have Windows Defender ON, and everything's up ... Download, install, run, update and perform a full scan ... updates and install it. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Dcom Exploit
    ... Windows firewall is active and I am using the full home edition of Avast. ... I can access and install updates from the windows update site. ... applications running when you installed SP3? ...
    (microsoft.public.security)