|
Posted by MowGreen [MVP] on May 17, 2008, 1:13 pm
If you were Registered and logged in, you could reply and use other advanced thread options
http://www.dnsstuff.com/tools/whois.ch?ip=88.107.38.82
> inetnum: 88.104.0.0 - 88.107.255.255
> netname: DSL-TISCALI-UK
> descr: Tiscali UK Ltd
> descr: Dynamic DSL
Is Tiscali your ISP ?
MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============
LeeG wrote:
> Windows firewall is active and I am using the full home edition of Avast.
> Also using Spybot S&D and regularily scan with Adaware. I do an AV and
> spybot scans about twice a month.
>
> The SP3 was a manual download direct from the Microsoft website and I still
> had my resident scanners active when I installed it. I was fully up to date
> with sp2 before I installed sp3
>
> I have tried to reverse trace the different ip addresses that are flagged by
> avast but no joy.
>
> Here are some of the variations:
>
> 88.107.251.156
> 88.107.115.154
> 88.107.16.150
> 88.107.38.82
> 88.107.146.102
> 88.107.30.168
>
> Avast flashes this message: dcom exploit 88.107.251.156:135 /tcp
>
> One link I have tried but this solution did not work is
>
> http://www.grc.com/freeware/dcom.htm
>
> I can access and install updates from the windows update site. Just
> installed a couple of office updates on thursday.
>
> "PA Bear [MS MVP]" wrote:
>
>
>>[I meant to ask, "Where is Avast finding this?"]
>>
>>If you can post a few links to pertinent threads in that forum, I'd
>>appreciate it.
>>
>>Is the Windows Firewall or a third-party firewall enabled?
>>
>>What anti-spyware applications might be installed (other than Defender)?
>>What third-party firewall (if any)? Was Avast and/or any of these other
>>applications running when you installed SP3?
>>
>>How did you install SP3 (e.g., manually; via Windows Update)? Was the
>>machine running WinXP SP1 or WinXP SP2 before SP3 was installed? Was the
>>machine fully patched before you installed SP3? Had you just reinstalled
>>Windows prior to installing SP3?
>>
>>Can you successfully reach and scan for updates at Windows Update website?
>>Are any updates offered? If so, can you install them successfully?
>>--
>>~PA Bear
>>
>>
>>LeeG wrote:
>><paste>
>>
>>>Not yet. This exploit seems to coincide with the installation of SP3. Up
>>>until now I had never had this exploit happen. I have been running Avast
>>>for quite a while now and this is the first time it has flagged this
>>>exploit.
>>
>></paste>
>>
>>>Forgot to mention. I have already looked at the avast forum and i can
>>>only
>>>find explanations and possible cures and have also tried one and currently
>>>monitoring the solution. I am curious has to why the change?
>>>
>>>"PA Bear [MS MVP]" wrote:
>>>
>>>>/Where/ is Avast find this?
>>>>
>>>>Have you posted about this in Avast User Forums?
>>>>http://forum.avast.com/
>>>>--
>>>>~Robear Dyer (PA Bear)
>>>>MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
>>>>AumHa VSOP & Admin http://aumha.net
>>>>DTS-L http://dts-l.net/
>>>>
>>>>
>>>>LeeG wrote:
>>>>
>>>>>In addition could this be being caused due to upgrading to SP3? I know
>>>>>this
>>>>>type of problem was addressed with sp2 but this seems to coincide with
>>>>>the
>>>>>upgrade to sp3! I have tried a couple of ways to close down the DCOM
>>>>>port
>>>>>135 but it is still showing as open. Anyone know any answers/solutions.
>>>>>
>>>>>
>>>>>>My Avast online scanner keeps flashing up with a Dcom Exploit
>>>>>>88.107.???.???:135 /tcp (the ???.??? keeps changing. 251.156, 115.154
>>>>>>being two of the combinations.) Am I being targeted by someone.
>>
>>
| 
XML site map