Hijackthis (new)

hi dear friends,
please, help to me,
i see dcom attack on system by avast! antivirus and outpost firewall! :-\

yes, my english (lan) is very bad, sorry. :wink:

You are running a vulnerable level of Sun Java C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll so go to Add/Remove programs and un-install all Sun Java installs.

Install the latest Sun Java:
http://www.java.com/en/download/manual.jsp <== latest is Version 6 Update 15

You should install User Profile Hive Cleanup Service to help with slow log off and unreconciled profile problems:
http://www.microsoft.com/DOWNLOADS/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en

Run Secunia Online Software Inspector to see what other applications are vulnerable to infection:
http://secunia.com/vulnerability_scanning/online

You can avoid DCOM attacks disabling DCOM with DCOMbobulator.

First there really is no need for this tool, as an up to date OS (which Hya is XP SP3) protects against DCOM exploits. That doesn’t stop the random attempts to try on a DCOM exploit and DCOMbobulator won’t stop these attempts.

Second in this case both the firewall and avast appear to have blocked the DCOM attack.

I have a different perceiving and experience. When Avast alert to a DCOM attack I test the status of open ports; port 135 is open; DCOMbobulator allows me to close it (also the excellent WWDC). After that there aren’t anymore Avast’alerts about.

The firewall and Avast did the work. DCOMbobulator does their work also: Closing 135 port there aren’t DCOM attacks; it is what DCOMbobulator allows to do easily (WWDC also). To me these two tools are very useful and very good.

If you have an open port (DCOM exploit attempt on port 135) then your firewall isn’t doing its job as all ports should be stealthed. That should be confirmed at shields up of grc.com if your ports are stealthed as it tries to get a response from your system on a range of ports depending on what range you select when you run shields up.

Hi Hya & MajoMo,

Install this onto your desktop WWDC from here: http://www.firewallleaktester.com/wwdc.htm
It is a little tool to disable DCOM, Locator, NetBIOS, UPNP, and MESSENGER

polonus