Yesterday when I connect internet I get a message “17.05.2008 08:33:55 DCOM Exploit attack from 61.94.218.166:135” from avast network shield, and after I got that message I always difficult to connect internet. I am using avast 4.8-1201 now
-what “17.05.2008 08:33:55 DCOM Exploit attack from 61.94.218.166:135” means? It is a virus or not?
-Why after I got that message I always difficult to dial up my modem(often fail to connect internet)?
please help me and thanks for your attention
It is an attempt to gain access to your computer using the DCOM port, hoping that your computer was vulnerable to the DCOM exploit, this The Network Shield blocked. What is your OS and is it up to date ?
If so then even though this is an attempt to exploit a vulnerability, if up to date the attempt would have failed, but the network shield didn’t let it get that far. The 61.94.218.166 is the IP address from where the attact came and the last bit :135 is the port (the DCOM port) used in the attack. This IP belongs to PT TELKOM INDONESIA and they aren’t doing the attack one of there users is likely to be infected and his system is trying to infect others.
However, your firewall really should have been on the case first, what is your firewall ?
This shouldn’t make any difference to your dial-up connection as nothing got on to your system as the network shield intercepted/blocked the attack. What you should do is when you connect by dial-up is check the phone number being used isn’t a premium rate number but more importantly it is the more for your ISP.
You can also schedule a boot-time scan or do a thorough scan with avast.
If you have XP, vista32bit or Win2k, you could enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, Menu, ‘Schedule boot-time scan…’ Or see http://www.digitalred.com/avast-boot-time.php.
hei thanks for your answer, my firewall is comodo and i running xp sp2. i think now i don’t get difficulty to connect internet again, but i still get a warning message from network shield “18.05.2008 11:14:31 DCOM Exploit attack from 61.94.218.32:135
and 18.05.2008 11:16:47 LSASS Exploit (SXP) attack from 61.94.218.32:445” again. but if it is not a virus i don’t worry about this message because my firewall is active
You’re welcome.
I didn’t say it wasn’t a virus, just that I don’t know what is attempting to get through as it is still an attempt to exploit your system. I could be a worm or a virus or spyware, the exploit could if established (if your OS wasn’t up to date and not detected by avast) it could go on to download many different pieces of malware.
The fact that the network shield blocks it is a saving grace but I’m surprised that the firewall doesn’t catch it before the network shield as I believe it should.
This is the same sort of attack, plus this time also trying to exploit a different vulnerability LSASS but this time using a different port, :445.
XP SP2 should have security updates that close both the DCOM and LSASS vulnerabilities, so even if it did get through it shouldn’t be able to exploit your system.