I'm gettin hit like crazy...

By yehti6969 ยท 9 replies
Jun 22, 2005
Post New Reply
  1. Every nite (seems to be mainly in the evenings) I've been getting pop up window from my antivirus stating it just blocked an attempt on my pc. The nasty thats hittin me is... MS_RPC_DCOM_BUFFER_Overflow My antivirus seems to be catching it effectively, but this happens every night at least a dozen times and it's gettin frustrating. I copied down IP address and contacted my internet provider, but I dont know if they can do anything about it. What is this thing, is there anything I can do to lessen the attacks, or should I be worried? I'm lost here and I feel I've run out of options...
  2. Spike

    Spike TS Evangelist Posts: 2,168

    This tool should help by disabling DCOM. Most people have no use for it, and if it's not there, it can't be exploited.


    You can also run a WHOIS on the IP adress to find information about it.

    Please note that this post is more suitable for the WindowsOS or Misc. Software forums :)
  3. yehti6969

    yehti6969 TS Rookie Topic Starter

    just as I thought...

    I ran the IP address through the site you sent me, and as i thought, it came back stating it originated from my IP.....any suggestions?
  4. yehti6969

    yehti6969 TS Rookie Topic Starter


    I downloaded that tool you sent me (haven't run it yet) I noticed it said something tp the effect that if you have downloaded service pack 2, you won't have this problem. I have downloaded service pack 2, but I'm still gettin hit. Maybe I'm not understanding something....I'm not too computer savy......
  5. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Downloading alone is not enough, you also need to INSTALL SP2....
  6. Masque

    Masque TechSpot Chancellor Posts: 1,058


    Sorry....some days his humour seems to hit home. ;)
  7. yehti6969

    yehti6969 TS Rookie Topic Starter

    reply to realblackstuff...

    Maybe I'm missin something, I've allready installed service pack 2 several months ago, I double checked under add/remove programs, it's there. I still havent run DCOMBOB program yet (got someone who wants to check it out first) Last nite i got hit with a new one... MS RDC LSASS DS Request (TPC). What are these things, worms? trojans?
  8. Spike

    Spike TS Evangelist Posts: 2,168

    It does sound like two different worms trying to find theiir way on to your macjine, but rest assured - if you're seeing these essages, then you're not getting the worms.

    I can assure you that the DCOMBOB program is perfectly safe, and 'does exactly what it says on the tin', and no more. I've used it myself, and it was actually recommended to me a long time back by one of the more experienced members here on Techspot (I just can't remember which!)
  9. yehti6969

    yehti6969 TS Rookie Topic Starter

    back at ya spike...

    I'm confused, I opened that DCOMBOB tool and started to read, says if I have service pack 2, I am not vunerable. I have service pack 2 yet I'm still gettin hit nightly. I went to add/remove programs and I see Windows XP service pack 2. If I click on it, it asks me if I wanna remove it, I'm thinkin if it's askin me if I wanna remove it, it must allready be in there. I downloaded service pack 2 quite awhile ago, so I'm not sure whats goin on. I appreciate the info, and sorry, I'm a little slow at this and am not very computer savy.... Any sugestions? Don't quite understand if it says Windows XP service pack 2 is not vunerable, and I have service pack 2, why I'm still gettin hit?
  10. Mictlantecuhtli

    Mictlantecuhtli TS Evangelist Posts: 4,345   +11

    If your computer is not on a network where you want to share your files and/or printers with others (or vice versa), you could disable services related to sharing, making the machine less vulnerable.

    So, run services.msc and stop & disable the following:

    Computer Browser
    TCP/IP NetBIOS Helper

    If your firewall / antivirus service can deal with (ie. block) such attacks, can't you set it not to nag about them all the time?

    You're still getting hit because there are other computers in the Internet. (well, I know it's a generalization)

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...