dcom exploit

attaques permanentes "DCOM exploit"venant de 212.169.160.8:135/tcp

de plus:

j’ai un popup rouge en bas à droite de l’écran:

"
avast! information

une erreure est
survenue lors d’une
tentative de mise à
jour!

cliquez ici pour plus
"

ça semble être un leurre qui valide jjeuskie.exe ou jax8064c

Messages like that are due to the RPC/DCOM exploit, which is a vulnerability that allows an attacker to gain access to the destination machine by sending a malformed packet to the DCOM service. It uses the RPC TCP port 135.
Too technical…

Well, you need:

  1. Fully update your Windows installation.
  2. Use a firewall.

This message is from Network Shield of avast, a protection against known Internet worms/attacks. It analyses all network traffic and scans it for malicious contents. It can be also taken as a lightweight firewall (or more precisely, an IDS (Intrusion Detection System). But it’s not enough, you need a real firewall…

Don’t know if you can read English, but you can test your DCOM patch at Steve Gibson’s site (GRC.com). Some of MicroSoft’s patches left DCOM running. There’s a small downloadable program (29K) that will test your installation and Finally turn DCOM off.

Here’s a link with background and instructions:
http://www.grc.com/freeware/dcom.htm