I started getting DCOM Exploit threat detections from avast (whatever that is) within the last couple of hours (quite recent) about every 10 or so minutes (roughtly from what i’ve noticed from the 2 I have seen)
What exactly is it and what can I do about it? I don’t have a firewall (apart from the windows one which is off…) and I have no idea if my computer/os is up to date (used to get messages telling me or not but ain’t recently)
What’s the best thing I can do? If I need a firewall where/what one should I use?
The first thing would have been a forum search for DCOM Exploit and you will see many such posts and there is nothing needed to do.
DCOM Attacks are speculative, not targeted and tries to exploit a vulnerability in out of date OS, if your OS is up to date then you aren't vulnerable to the exploit. That doesn't stop them (usually someone from the same ISP with an infected computer) trying to see if it can infect others.
Your firewall should be the first line of defence in this, but avast also monitors common attack ports using the Network Shield, ideally the firewall should block it and avast wouldn’t know about it, but for whatever reason avast is first in line over your firewall.
What is your Operating System ?
Whilst the windows XP firewall is usually good at keeping your ports stealthed (hidden) it provides no outbound protection and you should consider a third party firewall. So in theory it too should be able to block this, why it doesn’t I don’t know.
If Vista or win7, their firewall has outbound protection, but it is disabled by default and when enabled not very user friendly.
Many forum users are using these:
PC Tools Firewall seems to have the least user headaches as it doesn’t seem to be constantly asking the user questions about this and that.
Online Armor for the most parts fine but it has caused some users grief after avast program updates and that is something you have to watch out for.
Forum loads veeeery slow which times out in the end, so I decided to post instead
My OS is Vista 64bit
Thanks for links.
I asked a friend and he said that my ip might have been used by someone who got infected before I got it as my ISP gives me the choice between 2 ip ranges (you will see my 2 ranges if you compare the ip from this post to my first one). So I changed my IP back to my old one and havn’t had a threat detection yet, unless it’s doing something to my computer but i’m sure Avast would have detected it.
He said I shouldn’t really worry about them as Avast is blocking them so no harm is being done.
Should I consider paying for the Avast intener security suite, as it has a silent firewall plus I love Avast, best AV out there.
Is your system behind a router, at least? Or, are you familiar how to disable unneeded services? Otherwise, you’re asking for problems.
I don’t know if it’s something you know, but communication done from your computer to the Internet, and vice-versa, such is done through something called ports. For example, for you to be able to use your web browser, ports 80 (HTTP) and 443 (HTTPS) are used, generally speaking. One other could be 21 (for FTP), for example.
Most of times, if you got a clean system, outbound is not a problem; I’m having in mind a controlled environment of what gets installed, etc. This is not the same as saying outbound protection is useless. It would depend on the user’s knowledge.
The problem would be inbound traffic. Since you got no firewall, your system is letting the Internet know about your presence, and is doing it by letting the Internet aware you got open ports. When I mean the Internet, I actually mean hackers, script kiddies…
Your OS isn’t actually vulnerable to the DCOM attack, but that doesn’t stop the ‘speculative’ attempts to exploit an old vulnerability,
It is unlikely to have been related to someone having used it before that was infected. As that would require that the infection was a) passing information and b) opening a backdoor to bypass your firewall. Since it is your system not theirs the backdoor wouldn’t be present and it would be unlikely that they would be using port 135.
Personally, unless you have a need for a fixed IP address I would opt for a dynamically assigned IP address. This means every time you reconnect to the internet the ISP would assign you an IP that is unlikely to be the same as last time. So whilst having two that you can switch between is better than a fixed IP for things like this dynamically assigned is better. Most ISPs actually charge more for a fixed IP or a limited number (2 in your case) than they do for a dynamically assigned IP.
the Vista firewall if you had it on should have blocked these attempts silently, rather than the shock of the network shield.
I can’t really suggest a firewall as I have been using Outpost Firewall Pro for over 7 years, so don’t have any personal experience of the others.
Of course you could opt for the AIS, which provides avast Pro, avast firewall and an anti-spam function. These are on a 3PC license which provided good value as it is much cheaper than 3 Pro licenses, so if you have multiple systems that would be a great option.
Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so personally I feel outbound protection is essential.
If you are using the Outpost Firewall then it should have turned off the windows firewall, if it hasn’t then you should stop it so that they don’t conflict.
As I said earlier the attacks are speculative, so they could disappear as quickly as they appeared.