|
Posted by Roger Abell [MVP] on May 20, 2008, 9:24 pm
If you were Registered and logged in, you could reply and use other advanced thread options > Thank you for your reply. You have given the most plausible explanation
> so
> far. If I send a global message to the friends list on facebook, (someone
> on
> the friends list seems like the most obvious source,) can you tell me the
> most likely virus name to inform them to look for?
No, I cannot. This may have nothing whatsoever to do with
emails or websites you have visited. It can be some machine
on the network that "decided" to try at your current IP address,
with no prior awareness of who you are, that you or your comp
exist, etc..
Lee, this stuff happens all the time. It is the source of the personal
firewall, and of the anti-malware industries.
>
> "Roger Abell [MVP]" wrote:
>
>> > As far as I can tell Avast is stopping the attempts (therefore I am
>> > protected). So far it has not happened today. What exactly do you
>> > mean
>> > by
>> > "looking at my firewall to see why the packets got that far." Could
>> > someone
>> > be deliberately trying to access my computer this way?
>>
>> Someone could, but more likely someone's machine is via some
>> infection that the owning someone is not even aware is there
>>
>> >
>> > "Roger Abell [MVP]" wrote:
>> >
>> >> Good, then what they are trying, IF Avast is accurately
>> >> reporting, will not work. There was a remote DCOM
>> >> exploit some years back that someone's infected machine
>> >> might be using, among other things, in attempt to spread
>> >> itself. If I were you I would not be thinking this is at all
>> >> related to XP SP3 but I would be looking at my firewall
>> >> to see why the packets got that far.
>> >>
>> >> Roger
>> >>
>> >> >I checked the Dcom setting was unchecked in component services last
>> >> >night
>> >> >but
>> >> > I am still getting the exploit warning. Could someone unscrupulous
>> >> > be
>> >> > trying
>> >> > to access my machine and eventually give up? Could this attack be
>> >> > from
>> >> > someone obtaining my ip address through other sites, for example,
>> >> > facebook.
>> >> > I only ask because my partner signed up recently to it. I have run
>> >> > XP
>> >> > home
>> >> > for quite a while now and this has never cropped up before.
>> >> >
>> >> > "Roger Abell [MVP]" wrote:
>> >> >
>> >> >> You are running XP, and I will assume this is a home machine.
>> >> >> You have no need for DCOM.
>> >> >> Go to Administrative Tools and select Component Services.
>> >> >> When it opens, click into Component Services / Computers
>> >> >> and right click on My Computer and select Properties.
>> >> >> In the My Computer Properties window that opens select
>> >> >> the Default Properties tab and make sure that the checkbox
>> >> >> Enable Distributed COM on this computer is NOT checked.
>> >> >> Avast might detect something coming in from the network but
>> >> >> if DCOM is not enabled it will not get a response.
>> >> >> Make sure you have a firewall enabled and that the exceptions
>> >> >> are all ones that you know about and need.
>> >> >>
>> >> >> Roger
>> >> >>
>> >> >> > Forgot to mention. I have already looked at the avast forum and
>> >> >> > i
>> >> >> > can
>> >> >> > only
>> >> >> > find explanations and possible cures and have also tried one and
>> >> >> > currently
>> >> >> > monitoring the solution. I am curious has to why the change?
>> >> >> >
>> >> >> > "PA Bear [MS MVP]" wrote:
>> >> >> >
>> >> >> >> /Where/ is Avast find this?
>> >> >> >>
>> >> >> >> Have you posted about this in Avast User Forums?
>> >> >> >> http://forum.avast.com/
>> >> >> >> --
>> >> >> >> ~Robear Dyer (PA Bear)
>> >> >> >> MS MVP-IE, Mail, Security, Windows Desktop Experience - since
>> >> >> >> 2002
>> >> >> >> AumHa VSOP & Admin http://aumha.net
>> >> >> >> DTS-L http://dts-l.net/
>> >> >> >>
>> >> >> >>
>> >> >> >> LeeG wrote:
>> >> >> >> > In addition could this be being caused due to upgrading to
>> >> >> >> > SP3?
>> >> >> >> > I
>> >> >> >> > know
>> >> >> >> > this
>> >> >> >> > type of problem was addressed with sp2 but this seems to
>> >> >> >> > coincide
>> >> >> >> > with
>> >> >> >> > the
>> >> >> >> > upgrade to sp3! I have tried a couple of ways to close down
>> >> >> >> > the
>> >> >> >> > DCOM
>> >> >> >> > port
>> >> >> >> > 135 but it is still showing as open. Anyone know any
>> >> >> >> > answers/solutions.
>> >> >> >> >
>> >> >> >> > "LeeG" wrote:
>> >> >> >> >
>> >> >> >> >> My Avast online scanner keeps flashing up with a Dcom Exploit
>> >> >> >> >> 88.107.???.???:135 /tcp (the ???.??? keeps changing.
>> >> >> >> >> 251.156,
>> >> >> >> >> 115.154
>> >> >> >> >> being two of the combinations.) Am I being targeted by
>> >> >> >> >> someone.
>> >> >> >>
>> >> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>
| 
XML site map