20-03-2010, 14:35 #1 jayteecork Banned   Join Date: Sep 2007 Location: The Mushroom Kingdom Posts: 5,941 DCOM exploit constant attacks Hi, evey few minutes emmingly my avast gives me notice that it has blocked a "DCOM exploit". This is becoming very annoying as it keeps popping up. This is on my desktop only - my laptop which shares the same connection does not suffer this problem. Could anyone know how I might get this stopped? Thanks.
 21-03-2010, 18:32 #2 endasmail Registered User     Join Date: Nov 2008 Location: royal county Posts: 1,140 am getting the same on my laptop would also appreciate some help on the matter
 21-03-2010, 21:32 #3 ASJ112 Banned   Join Date: Jan 2010 Posts: 1,155 enda make your own topic for it, be easier then Please download DDS and save it to your desktop. Disable any script blocking protection Double click dds.pif to run the tool. When done, two DDS.txts will open. Save both reports to your desktop. --------------------------------------------------- Please include the contents of the following in your next reply: DDS.txt Attach.txt.
 Thanks from:
 22-03-2010, 17:50 #5 ASJ112 Banned   Join Date: Jan 2010 Posts: 1,155 can you post DDS.txt again seems some of it is missing
22-03-2010, 23:04   #7
jayteecork
Banned

Join Date: Sep 2007
Location: The Mushroom Kingdom
Posts: 5,941
also, the file from gmer here:
Attached Files
 root.txt (23.2 KB, 22 views)

 22-03-2010, 23:20 #8 ASJ112 Banned   Join Date: Jan 2010 Posts: 1,155 hi Please download OTM Save it to your desktop. Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): Code: :Processes :Services :Reg :Files c:\windows\system32\browserchoice.exe :Commands [purity] [resethosts] [emptytemp] [CREATERESTOREPOINT] [EMPTYFLASH] [Reboot] Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. Click the red Moveit! button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTM and reboot your PC. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. Download ComboFix here : Link 1 Link 2 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on. Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
 Thanks from:
23-03-2010, 18:28   #9
jayteecork
Banned

Join Date: Sep 2007
Location: The Mushroom Kingdom
Posts: 5,941
OTM crashed when I tried it.

This is what I got from combofix:
Attached Files
 combo.txt (23.1 KB, 21 views)

24-03-2010, 10:50   #11
jayteecork
Banned

Join Date: Sep 2007
Location: The Mushroom Kingdom
Posts: 5,941
Quote:
 Originally Posted by ASJ112 delete this file c:\windows\system32\browserchoice.exe
How to delete?

Even though I am admin it says i need permission to delete file.

 24-03-2010, 12:40 #12 ASJ112 Banned   Join Date: Jan 2010 Posts: 1,155 boot into safe mode and delete the file do the other steps if you cant