dcom exploit

While on the internet I got a message saying that my network shield had blocked a DCOM Exploit from 204.145.104.145:135/tcp

When things are blocked are they saved somewhere in the avast files? And is there a way to find out where it came from?

I use xp sp3/avast internet security and malwarebytes (once a week)

Hi s.h.,

Since avast blocked this, no worry. Run Windows Worms Doors Cleaner to be downloaded here: http://www.firewallleaktester.com/wwdc.htm,
and close the 5 ports including that for DCOM (135)
The attack came from this computer 204.145.104.145
Some infected zombie computer on: isp.belgacom.be

polonus

Since avast blocked it, should I still run the Windows Worms Doors Cleaner? And how do I close the 5 ports? Is it done through that website or is that something I need to do to the computer? Thanks for the info.

Yep, you download and install the free windows worm door cleaner tool onto your desktop and with a few clicks given in you are good to go, see the attached picture where worm doors all are safely disabled,

polonus

Just one more question-I promise. The pop up I got from avast telling me it was blocked, there was a link on it (to tell me more about the block). I clicked it and it sent me to avast safezone and how to use it. Is it ok that I clicked on the link? And why does the shield catch it but not the firewall?

Hi s.h.

No problem, the safezone will keep you well “safe”, and the block means that whatever was blocked could not enter your computer via that abused windows worm door, port 135, read here why you do not want this port open to the Internet: http://www.grc.com/port_135.htm
Good you ask these questions, I learned most things from asking questions, thanks for posting,

polonus

Apparently firewallleaktester.com is not running for the next couple of months due to lack of funds. Any other ideas?

Since avast did block this, is there anything I really need to do? Should I be worried about the port thing. I mean that’s why I got the avast internet security. Should I change any of the settings?

The avast firewall should get in before the network shield, why it isn’t is somewhat strange. I have seen this happen with many other firewalls but not with the avast firewall, being integrated I would have thought there would be less chance of the network shield alerting first.

However, we don’t know what your current avast firewall settings are and the one that might make a difference is what Risk Zone you are using; Home, Work or Public.

I can’t be a great deal of practical help as I don’t use the AIS version.

The wwdc program can still be downloaded from here: http://www.programosy.pl/program,windows-worms-doors-cleaner-1-4-1.html

polonus

I’d like to point out that by closing TCP/UDP 135-139, 445 you make file and printer sharing nonfunctional. Not exactly what many people want for “fixing” an exploit that has been irrelevant for years on any decently updated system. UPnP and Messenger can be safely closed, but that’s even the default from XP SP3 at least.

Well, anyways the tool gives you the possibility to enable/disable these services towards the Internet whatever your situation or desire. If you have need of these services then it goes without saying that you do not disable them,

polonus

I have it set to work even though it’s a home computer. Should I change it to public? If I change it to public, what applications/programs will that prevent me from accessing?

File and printer sharing mainly.

Is that what I should do? I don’t do any file sharing. I got the DCOM exploit message again last night from network shield (in a popup). I noticed when I double click on the avast icon and click on network shield there isn’t anything blocked on the chart though.

Geez, it’s just a popup. No infection. Yeah if you don’t share files etc. with other computers on your network, public profile should work just fine.