September 5th, 2002, 08:24 AM
RPCSS.exe listening to my ports
I was viewing my firewall status and noticed rpcss.exe was conected to localhost on port 1028.
It was never there before, imediately I used AVG antivirus to scan it, no virus found, so I used TFAK (anti-trojan scanner) to scan it and nothing found. I then used google and:
"WAIT JUST A MINUTE," you scream as your face turns red. "You mean ANY program can ask ANY OTHER program on MY MACHINE to do something for it WITHOUT MY KNOWLEDGE?"
As quoted by the artivle at the url provided above. But is there some way I can tell it to stop conecting to my ports and leave me alone? I did not recieve any message asking permision for it to conect to my ports.
Please help me put a stop to this horifing monster.
Note: I have windows 98 SE, not NT, acording to that site it is only nessisary for NT.
ok i am getting very woryed now, it is also listeining to port 135. Upon doing further research I dicovered Bo2k uses rpcss on port 135. I found more details at:
and am now in the process of killing this beast.
How I fixed it
I found a fix for this problem, thought I would post how I did it.
Start REGEDIT.EXE, go to HKLM\Software\Microsoft\OLE and change both EnableDCOM and EnableRemoteConnect to 'N'. Reboot. Optional: delete C:\WINDOWS\SYSTEM\RPCSS.EXE.
Next I made a rule in my firewall so that it blocks all outgoing and incomeing TCP and UDP conections to port 135
Note that it apears if you use Windows NT or above RPCSS might be needed in your system, but for Win 9x, from what I have read you dont need it.
I hope this has helped someone else who may have had the same problem.
In snatches, they learn something of the wisdom
which is of good, and more of the mere knowledge which is of evil. But must I know what must not come, for I shale become those of knowledgedome. Peace~
September 6th, 2002, 11:23 PM
RPC (Remote Procedure Call) is closley related to NetBIOS, so if you dont use NetBIOS it is a very good idea to disable RPC