I was viewing my firewall status and noticed rpcss.exe was conected to localhost on port 1028.

It was never there before, imediately I used AVG antivirus to scan it, no virus found, so I used TFAK (anti-trojan scanner) to scan it and nothing found. I then used google and:

http://www.cexx.org/rpc.htm

"WAIT JUST A MINUTE," you scream as your face turns red. "You mean ANY program can ask ANY OTHER program on MY MACHINE to do something for it WITHOUT MY KNOWLEDGE?"

As quoted by the artivle at the url provided above. But is there some way I can tell it to stop conecting to my ports and leave me alone? I did not recieve any message asking permision for it to conect to my ports.

Please help me put a stop to this horifing monster.

Note: I have windows 98 SE, not NT, acording to that site it is only nessisary for NT.

ok i am getting very woryed now, it is also listeining to port 135. Upon doing further research I dicovered Bo2k uses rpcss on port 135. I found more details at:

http://www.pcflank.com/art20.htm

and am now in the process of killing this beast.

=====================
How I fixed it
+++++++++++++++++++++

I found a fix for this problem, thought I would post how I did it.

First

Start REGEDIT.EXE, go to HKLM\Software\Microsoft\OLE and change both EnableDCOM and EnableRemoteConnect to 'N'. Reboot. Optional: delete C:\WINDOWS\SYSTEM\RPCSS.EXE.

Next I made a rule in my firewall so that it blocks all outgoing and incomeing TCP and UDP conections to port 135

Note that it apears if you use Windows NT or above RPCSS might be needed in your system, but for Win 9x, from what I have read you dont need it.

I hope this has helped someone else who may have had the same problem.