AVAST

[pomoc]

siema niedawno wesłem na kompa i avast mi wyswietla komunikaty

26.lipiec Zablokowano: Attack DCOM Exploit ip xxxxxxxxxxxxxxx

i tak ciąle co to jest i skąd sie wzieło powiecie

[blue555]

Napisz ten post jakoś porządnie i nie wysyłaj do wszystkich wiadomości, bo uznają Cię za spamera!

[pomoc]

odpowiecie musze wiedzieć

[tazman]

Możliwe że to wirus Saser, sprawdź sobie tu :

http://www.grc.com/freeware/dcom.htm

[Dziniu]

ja radziłbym zmienić antywirusa i zainstalować firewalla daj logi tu masz opis jak to zrobić CatchMe sprawdzi czy masz czysto w kompie

[CatchMe]

Atak zablokowano więc jest ok. Wklej logi z HijackThis i ComboFix.

[pomoc]

Logfile of HijackThis v1.99.1

Scan saved at 07:44:39, on 2007-07-27

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

C:Program FilesAlwil SoftwareAvast4ashServ.exe

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSSystem32nvsvc32.exe

C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe

C:WINDOWSExplorer.EXE

C:WINDOWSSOUNDMAN.EXE

C:WINDOWSSystem32RUNDLL32.EXE

C:PROGRA~1ALWILS~1Avast4ashDisp.exe

C:Program FilesD-Toolsdaemon.exe

C:PROGRA~1NEOSTR~1CnxMon.exe

C:Program FilesThomsonSpeedTouch USBDragdiag.exe

C:PROGRA~1NEOSTR~1TaskbarIcon.exe

C:Program FilesMSN AppsUpdater01.02.3000.1001pl-plmsnappau.exe

C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe

C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe

C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe

C:Program FilesAlwil SoftwareAvast4ashWebSv.exe

C:Program FilesCommon FilesTeleca SharedCapabilityManager.exe

C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe

C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe

C:Program FilesCommon FilesTeleca SharedGeneric.exe

C:Program FilesSony EricssonMobile2Mobile Phone Monitorepmworker.exe

C:PROGRA~1NEOSTR~1NeostradaTP.exe

C:PROGRA~1NEOSTR~1ComComp.exe

C:PROGRA~1NEOSTR~1Watch.exe

C:WINDOWSSystem32wuauclt.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:WINDOWSSystem32wuauclt.exe

C:Program FilesWinRARWinRAR.exe

C:DOCUME~1UKASZ~1USTAWI~1TempRar$EX00.454HijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://szukaj.wp.pl

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.neostrada.pl

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada TP

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:PROGRA~1NEOSTR~1SEARCH~1.DLL

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:Program FilesMSN AppsST01.03.0000.1005en-xustmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesMSN AppsMSN Toolbar01.02.5000.1021pl-plmsntb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesMSN AppsMSN Toolbar01.02.5000.1021pl-plmsntb.dll

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL

O4 - HKLM..Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit

O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe

O4 - HKLM..Run: [DAEMON Tools-1033] "C:Program FilesD-Toolsdaemon.exe" -lang 1033

O4 - HKLM..Run: [WooCnxMon] C:PROGRA~1NEOSTR~1CnxMon.exe

O4 - HKLM..Run: [speedTouch USB Diagnostics] "C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon

O4 - HKLM..Run: [WOOWATCH] C:PROGRA~1NEOSTR~1Watch.exe

O4 - HKLM..Run: [WOOTASKBARICON] C:PROGRA~1NEOSTR~1TaskbarIcon.exe

O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe

O4 - HKLM..Run: [msnappau] "C:Program FilesMSN AppsUpdater01.02.3000.1001pl-plmsnappau.exe"

O4 - HKLM..Run: [bearShare] "d:Program FilesBearShareBearShare.exe" /pause

O4 - HKLM..Run: [sony Ericsson PC Suite] "C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" /startoptions

O4 - HKCU..Run: [AlcoholAutomount] "C:Program FilesAlcohol SoftAlcohol 120axcmd.exe" /automount

O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1183546842312

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/...ash/swflash.cab

O17 - HKLMSystemCCSServicesTcpip..{AC0CD291-4C35-4F29-981D-73E5D9260DD4}: NameServer = 194.204.152.34 217.98.63.164

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe

O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe

[wojtek.ziomek2]

Witam. Dzisiaj ja również spotkałem się z tym problemem (Zablokowano "DCOM Exploit" - atak z ip. xx.x.xxx.xxx.:135/tcp) i mimo wszystko jestem ciekaw czy wszystko w porządku. Z góry dziękuję za pomoc .

EDIT BY CatchMe: Załóż nowy temat.

[CatchMe]

pomoc, Do kasacji w HijackThis wpisy, pogrubiony usuń z dysku:

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL

:arrow: Wklej log z ComboFix.