Re: Dcom Exploit



Good, then what they are trying, IF Avast is accurately
reporting, will not work. There was a remote DCOM
exploit some years back that someone's infected machine
might be using, among other things, in attempt to spread
itself. If I were you I would not be thinking this is at all
related to XP SP3 but I would be looking at my firewall
to see why the packets got that far.

Roger

"LeeG" <lee.gorton(removethis)@hotmail.co.uk> wrote in message
news:9977061E-DD51-41A1-94BF-A2067C4EEDDA@xxxxxxxxxxxxxxxx
I checked the Dcom setting was unchecked in component services last night
but
I am still getting the exploit warning. Could someone unscrupulous be
trying
to access my machine and eventually give up? Could this attack be from
someone obtaining my ip address through other sites, for example,
facebook.
I only ask because my partner signed up recently to it. I have run XP
home
for quite a while now and this has never cropped up before.

"Roger Abell [MVP]" wrote:

You are running XP, and I will assume this is a home machine.
You have no need for DCOM.
Go to Administrative Tools and select Component Services.
When it opens, click into Component Services / Computers
and right click on My Computer and select Properties.
In the My Computer Properties window that opens select
the Default Properties tab and make sure that the checkbox
Enable Distributed COM on this computer is NOT checked.
Avast might detect something coming in from the network but
if DCOM is not enabled it will not get a response.
Make sure you have a firewall enabled and that the exceptions
are all ones that you know about and need.

Roger

"LeeG" <lee.gorton(removethis)@hotmail.co.uk> wrote in message
news:8C507A76-56DC-4FDD-8152-3DDA68BBBFC4@xxxxxxxxxxxxxxxx
Forgot to mention. I have already looked at the avast forum and i can
only
find explanations and possible cures and have also tried one and
currently
monitoring the solution. I am curious has to why the change?

"PA Bear [MS MVP]" wrote:

/Where/ is Avast find this?

Have you posted about this in Avast User Forums?
http://forum.avast.com/
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/


LeeG wrote:
In addition could this be being caused due to upgrading to SP3? I
know
this
type of problem was addressed with sp2 but this seems to coincide
with
the
upgrade to sp3! I have tried a couple of ways to close down the
DCOM
port
135 but it is still showing as open. Anyone know any
answers/solutions.

"LeeG" wrote:

My Avast online scanner keeps flashing up with a Dcom Exploit
88.107.???.???:135 /tcp (the ???.??? keeps changing. 251.156,
115.154
being two of the combinations.) Am I being targeted by someone.







.



Relevant Pages

  • Re: Dcom Exploit
    ... As far as I can tell Avast is stopping the attempts (therefore I am ... "looking at my firewall to see why the packets got that far." ... You have no need for DCOM. ... When it opens, click into Component Services / Computers ...
    (microsoft.public.security)
  • Re: Keyboard Locks Up!
    ... Gerry Cornell wrote: ... On re-reading I forgot to mention a few things: ... 'DCOM' is set to automatic and is currently running. ... Also Avast is set to automatic updates for both definitions and the program itself. ...
    (microsoft.public.windowsxp.general)
  • Re: Dcom Exploit
    ... You have given the most plausible explanation so ... If I send a global message to the friends list on facebook, ... You have no need for DCOM. ... When it opens, click into Component Services / Computers ...
    (microsoft.public.security)
  • Re: How to Disable MMC.EXE acting as a server? (Microsoft Management Console)
    ... If you've got DCOM disabled, ... "DCOMbobulator" allows any Windows user ... if I click Start -> Run -> type DCOMCNFG and hit OK. ... > Microsoft Management Console opens, I click on "Components" but then ...
    (microsoft.public.windowsxp.network_web)
  • Re: How to Disable MMC.EXE acting as a server? (Microsoft Management Console)
    ... If you've got DCOM disabled, ... "DCOMbobulator" allows any Windows user ... if I click Start -> Run -> type DCOMCNFG and hit OK. ... > Microsoft Management Console opens, I click on "Components" but then ...
    (microsoft.public.windowsxp.setup_deployment)