Since avast blocked this, no worry. Run Windows Worms Doors Cleaner to be downloaded here: http://www.firewallleaktester.com/wwdc.htm,
and close the 5 ports including that for DCOM (135)
The attack came from this computer 204.145.104.145
Some infected zombie computer on: isp.belgacom.be
Since avast blocked it, should I still run the Windows Worms Doors Cleaner? And how do I close the 5 ports? Is it done through that website or is that something I need to do to the computer? Thanks for the info.
Yep, you download and install the free windows worm door cleaner tool onto your desktop and with a few clicks given in you are good to go, see the attached picture where worm doors all are safely disabled,
Just one more question-I promise. The pop up I got from avast telling me it was blocked, there was a link on it (to tell me more about the block). I clicked it and it sent me to avast safezone and how to use it. Is it ok that I clicked on the link? And why does the shield catch it but not the firewall?
No problem, the safezone will keep you well “safe”, and the block means that whatever was blocked could not enter your computer via that abused windows worm door, port 135, read here why you do not want this port open to the Internet: http://www.grc.com/port_135.htm
Good you ask these questions, I learned most things from asking questions, thanks for posting,
Since avast did block this, is there anything I really need to do? Should I be worried about the port thing. I mean that’s why I got the avast internet security. Should I change any of the settings?
The avast firewall should get in before the network shield, why it isn’t is somewhat strange. I have seen this happen with many other firewalls but not with the avast firewall, being integrated I would have thought there would be less chance of the network shield alerting first.
However, we don’t know what your current avast firewall settings are and the one that might make a difference is what Risk Zone you are using; Home, Work or Public.
I can’t be a great deal of practical help as I don’t use the AIS version.
I’d like to point out that by closing TCP/UDP 135-139, 445 you make file and printer sharing nonfunctional. Not exactly what many people want for “fixing” an exploit that has been irrelevant for years on any decently updated system. UPnP and Messenger can be safely closed, but that’s even the default from XP SP3 at least.
Well, anyways the tool gives you the possibility to enable/disable these services towards the Internet whatever your situation or desire. If you have need of these services then it goes without saying that you do not disable them,
I have it set to work even though it’s a home computer. Should I change it to public? If I change it to public, what applications/programs will that prevent me from accessing?
Is that what I should do? I don’t do any file sharing. I got the DCOM exploit message again last night from network shield (in a popup). I noticed when I double click on the avast icon and click on network shield there isn’t anything blocked on the chart though.