What is a DCOM Exploit?

  • Thread starter Thread starter Jack Barrett
  • Start date Start date
J

Jack Barrett

I have a warning that Avast keeps blocking "DCOM Exploit" from accessing my
ip.
What the hell is this and how do I get rid of it?
I ran a Avast full scan and it's still there!
Suggestions welcome.

Thanks,

Jack Barrett
Web Site: http://windsurf_2.tripod.com
 
I have a warning that Avast keeps blocking "DCOM Exploit" from accessing my
ip.
What the hell is this and how do I get rid of it?
I ran a Avast full scan and it's still there!
Suggestions welcome.

Thanks,

Jack Barrett
Web Site: http://windsurf_2.tripod.com
Click to expand...
apply the security patches from Windows Update
--
Post presented in its original aspect ratio of 1.78:1 - scrollbars at
the sides of the screen are normal in this format. This high-definition
digital message was created on a run-of-the-mill PC from the restored
35mm negative. To further enhance it, many grammar and spelling errors
and other inaccuracies have been removed using the DB EBD-TC system.
 
from the wonderful person said:
I have a warning that Avast keeps blocking "DCOM Exploit" from accessing my
ip.
What the hell is this and how do I get rid of it?
I ran a Avast full scan and it's still there!
Suggestions welcome.
Click to expand...

1) Google is your friend .. try a search on 'DCOM exploit windows' or
similar.

2) I'm not an Avast expert but I'd guess that it is actually trapping an
attempt to access this exploit coming in from outside your PC (are you
using Avast as a firewall or something?).
 
I have downloaded all the current critical updates for Windows 2000.
Just went to the update page and there aren't any new ones.
thanks,

jack
 
It is basically an "attempt" to take advantage of the vulnerabilities that exist in Win2K
and WinXP in reference to RPC/RPCSS and DCOM (Distributed Communication) that are addressed
by Microsoft Security Bulletin MS04-012 - KB828741
http://support.microsoft.com/default.aspx?scid=kb;en-us;828741 and finally
http://www.microsoft.com/technet/security/bulletin/ms04-012.mspx

Also please read: http://www.microsoft.com/security/incident/blast.asp

So Avast is blocking an attempt to take advantage of a possible vulnerability, through TCP
port 135. If you have patched the OS. That's GREAT. If not you should apply the above
referenced patch. In either case Avast blocked the exploit from doing its dirty deed.

Dave



| I have downloaded all the current critical updates for Windows 2000.
| Just went to the update page and there aren't any new ones.
| thanks,
|
| jack
|
|
| | > I have a warning that Avast keeps blocking "DCOM Exploit" from accessing
| my
| > ip.
| > What the hell is this and how do I get rid of it?
| > I ran a Avast full scan and it's still there!
| > Suggestions welcome.
| >
| > Thanks,
| >
| > Jack Barrett
| > Web Site: http://windsurf_2.tripod.com
| >
| >
|
|
 
GSV said:
1) Google is your friend .. try a search on 'DCOM exploit windows' or
similar.

2) I'm not an Avast expert but I'd guess that it is actually trapping an
attempt to access this exploit coming in from outside your PC (are you
using Avast as a firewall or something?).
Click to expand...
The new version of avast has IDS now,they call it "Network Shield"
See: http://www.avast.com/eng/whats_new_in_avast_v.html
Avast just gets better and better.
-max

--
To help you stay safe see: http://www.geocities.com/maxpro4u/madmax.html
Virus cleaning +fixes see: http://www.geocities.com/maxpro4u/TechPros
Change nomail.afraid.org to neo.rr.com so you can reply by e-mail
(nomail.afraid.org has been set up specifically for
use in Usenet. Feel free to use it yourself.)
 
Max said:
The new version of avast has IDS now,they call it "Network Shield"
See: http://www.avast.com/eng/whats_new_in_avast_v.html
Avast just gets better and better.
-max
Click to expand...

the old DCOM exploit was a series (two or three?) of buffer overflows
that attacked the DCOM service. Blaster, for instance, used this method
as did thousands of script kiddies developing botnets. it's been
patched out of existence, although there may be more unknown holes in DCOM.

it's probably triggering on worm traffic. easy solution to DCOM, etc,
is just to disable services you don't need.

i think the original hole was posted on Bugtraq by LSD in July of 2003.

michael
 
Max said:
The new version of avast has IDS now,they call it "Network Shield"
See: http://www.avast.com/eng/whats_new_in_avast_v.html
Avast just gets better and better.
-max
Click to expand...

i don't know why BlackIce and others keep using the term IDS. IDS
typically is an alarm system that doesn't take direct action, or
interacts with another program to take action. IPS flag on exploits and
do take action to drop the packets or block further traffic. obviously
firewalls do that as well, so there is some grey area in the terms. for
obvious reasons NIDS/NIPS can be run on secure boxes and theoretically
are going to be better than the host-based variants e.g. HIDS/HIPS.
however, setting up a good NIPS is either expensive or time-consuming,
so most home users don't bother.

so BlackIce, et. al, are IPS or firewall/IDS combos.

HIPS get a lot of flack on antivirus forums simply because most people
don't even know how they work.

michael
 
Should I install a firewall even though I am using dial up while on
vacation?
Sounds like Avast is doing a great job.

Thanks for all your help & advice!

Happy Thanksgiving,
Jack Barrett
Web Site: http://windsurf_2.tripod.com
 
Jack said:
Should I install a firewall even though I am using dial up while on
vacation?
Click to expand...

Yes. Dialup does not make you immune to probing from the outside.
There are as many (more?) infected users on dialup as there are on
broadband.
Sounds like Avast is doing a great job.
Click to expand...

...but it's not a firewall. <g>
 
Jack Barrett said:
I have a warning that Avast keeps blocking "DCOM Exploit" from accessing my
ip.
What the hell is this and how do I get rid of it?
I ran a Avast full scan and it's still there!
Suggestions welcome.

Thanks,

Jack Barrett
Web Site: http://windsurf_2.tripod.com
Click to expand...


1. Double-click the Avast icon in the system tray.
2. Double-click on 'Network Shield' on the left of page.
3. Under 'settings' uncheck 'Show warning messages', then 'OK'.
 
Back
Top