Network Shield: blocked "DCOM" Exploit

Hi there ive just installed and activated avast, i keep getting the following message appear in the bottom right,

Network Shield: blocked “DCOM Exploit” - attack from xxx.xx.xxx.xxx:135/tcp (x being the attackers IP)
I get this message every few minutes, which has me concerned because i didnt have my pc firewalled initially.

What is the risk of this attack and what does the attack achieve by doing it?

Thanks

Andy

You have two problems:

  1. Your Windows is not updated.
  2. You’re not using a firewall.

Network Shield is a protection against known Internet worms/attacks. It analyses all network traffic and scans it for malicious contents. It can be also taken as a lightweight firewall (or more precisely, an IDS (Intrusion Detection System).

Messages like:
Network Shield: blocked “DCOM Exploit” - attack from 81.178.115.162:135/tcp
are due to the RPC/DCOM exploit, which is a vulnerability that allows an attacker to gain access to the destination machine by sending a malformed packet to the DCOM service. It uses the RPC TCP port 135. Basically, it could be infected by Internet worms such as Win32.CodeRed, Win32.SQLSlammer, Win32.Blaster, in32.Welchia (Nachi) and Win32.Sasser.

Im only on SP1 because my copy of XP isnt genuine so i cant receive updates :-X

Am i protected now that avast is installed? what other measures could i take?

Install a free firewall…
For instance: Comodo, Kerio, Jetico, ZoneAlarm.
http://forum.avast.com/index.php?topic=22742.0;topicseen :slight_smile:

Use WindizUpdate:

http://img.photobucket.com/albums/v190/bob3160/ShellFTP/Windiz.png

Go HERE for full instructions. You’ll need to install FireFox or another non IE based browser.

thanks for the program bob…works well with netscape 8.1 browser 8)

You should probably go here and get DCOMbobulator.

http://www.grc.com/freeware/dcom.htm