DCOM Exploit message

Hey all

I get many messages from the Network Shield of avast that says that :

http://i35.tinypic.com/v3esyr.jpg

What does it mean ?
How do i fix it ?
Could it be a bug ?

I got like 10 messages today with the same IP in it .

It means that your firewall didn’t block this attempted exploit.

What is your Operating System ?
What is your firewall ?

DCOM attacks are speculative, not targeted and tries to exploit a vulnerability in out of date OS, if your OS is up to date then you aren’t vulnerable to the exploit. That doesn’t stop them (usually someone from the same ISP with an infected computer) trying to see if it can infect others.

Your firewall should be the first line of defence in this, but avast also monitors common attack ports using the Network Shield, ideally the firewall should block it and avast wouldn’t know about it, but for whatever reason avast is first in line over your firewall.

Operating System = Windows XP SP3
Firewall = Comodo Firewall latest version

There’s nothing to worry about. Comodo or avast Network Shield detects these exploits and block them. It doesn’t mean, the firewall should block this packet (exploit) as first. It depends which network driver (comodo or avast) is loaded earlier. Then network packets are firstly examined by that driver, if they’re ok, it passes them to the next network driver, etc.

You may ignore these warnings, but if you have access to the computer with 79.117.125.135 address (e.g. you have home network) then you know that computer is infected.