@SHIF community

DOWNLOAD

Detects the enabled services by checking registry entries, the local open ports and the running services

Nowadays most of the worms, in particular the most famous, use known vulnerabilities in Windows services which are enabled by default and that often can't be disabled via the operating system's configuration.

Even with these services patched with Microsoft security fixes, they are still exposed to the Internet at large ready to be exploited by the next exploit.

Windows Worms Doors Cleaner will detect the enabled services by checking registry entries, the running services and the local open ports.

To disable something, it only modifies existing registry entries, it doesn't install anything nor modify any files.

Here are some key features of "Windows Worms Doors Cleaner":

· disabling the critical windows services used by the worms
· closing so indirectly the critical ports
· displays the local opened ports
· runnable with command line parameters
· check at start the name of running processes (to detect famous worms)
· check svchost memory usage

What's New in This Release: [ read full changelog ]

· website link on the GUI updated
· email link on the GUI updated
· 'DLLHOST.EXE' removed from the worm checking, beeing a legitimate executable

Tech Tip: This is how You Disable Dcom & close Down Port 135
________________________________________
Is port 135 flapping in the wind ?

Possibly being a security risk if your firewall is not blocking this port.
Even if your firewall is blocking this port. Just the thought of this port
being left open by the Microsoft operating system annoys you and you would
like that port 135 closed once and for all

Check to see what ports are currently open. This is best done when you first
boot in to windows and have not connected to the net

1)open command prompt - start > run > cmd

2)type in the following command:

netstat -an

-a this switch lists all listening ports
-n lists all addresses & ports in numerical order

You will see port 135 listening

Note: Before making any registry changes or continuing with this procedure.

- Create a system restore point, Backup your computer & export each registry
path before modifying any Registry entries.


....This is how you disable Dcom & Close Port 135

Disable Dcom

1) Start Registry Editor - start > run > regedt32

2) Navigate to the following registry Key

- HKEY_LOCAL_MACHINE \ Software \ Microsoft \ OLE

3) Located at the right side. Select the item named EnableDCOM and modify
the value to N


This next step Will Close Port 135

4) Open registry editor & navigate to this registry key

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Rpc

5) Right click on & Modify the value named DCOM Protocols

6) Under the Value Data, you will see values like
DCOM Protocols

Value Data:

ncacn_ip_tcp REG_SZ rpcrt4.dll
ncacn_nb_tcp REG_SZ rpcrt4.dll
ncacn_np REG_SZ rpcrt4.dll
ncacn_ip_udp REG_SZ rpcrt4.dll
ncacn_http REG_SZ rpcrt4.dll

Any value attached to DCOM Protocols is what keeps the Port 135 / epmap
(endpoint mapper)

7) Under Value Data highligt Everything listed and DELETE All by using your
Delete key or your Backspace key.

DCOM Protocols

Value Data:



Click ok

All there should be is DCOM Protocols with no values

8) Done with registry editor ..exit or close registry editor

9) Open Control Panel > Administrative Tools > double click Services

Disable the following services since DCOM has also disabled


- COM+ Event System
- COM+ System Application
- System Event Notification

10) Finally Restart the computer...

For verification when your computer has restarted open the command prompt.

Type netstat -an and for certain you will see port 135 closed.

Then you can celebrate... yippee!, dance around the room,scream out your
window.. and say bye bye port 135!

Hope this has Helped you in finally closing the Pesky Port 135.

Have a Good One