Firewall blocking madness

d-rkerd-rker UK
edited September 2003 in Science & Tech
today i ran NortonAV (updated) and found :
The compressed file VerifierBug.class within C:\Documents and Settings\d@rker\JPI_CA~1\jar\1.0\counter.jar-32ba6ee6-784019b6.zip is infected with the Trojan Horse virus.
The file was quarantined.
the file couldn't be repaired ,so after quarantined Norton deleted it .i re-ran Norton and Trend Micro on-line scanner to be sure .after this ,Sygate Firewall Pro started blocking like crazy - every 5-10min it blocks something .

this file is involved :

svchost.exe :
F30002 DCE/RPC DCOM buffer overflow exploit attempt detected .

the trojan horse virus has something to do with this but how can i pinpoint the problem ?

Comments

  • d-rkerd-rker UK
    edited September 2003
    installed Spybot and it found several "DSO exploit: Data source object exploit" entries in registry .i also set Sygate to block an acess permission for "port 135 (EPMAP - Location service - Dynamically assign ports for RPC)" and the security log has been quiet .i'm also testing NOD32 antivirus for a change .

    port 135 seems to be quite popular :
    Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN worm.
    more info can be found on Dshield site .
Sign In or Register to comment.