What is this?

Zone Alarm intercepts an outgoing request that comes up whenever I boot up to desktop, before going on the net:

Distributed COMM Services
source: IP 0.0.0.0 Port 135
application RPCSS.EXE
Version 4.71.3328

What is it?

edit: also, I just downloaded MRU Blaster: ques:

How to donate by snail mail?

Donn

 

Hi Donn

Welcome to Wilders.

U are asking 2 questions about very different subjects so i moved your post over here to Other Firewalls for your Zone Alarm question.

For your second question u may want to edit your post and ask this question again back in the MRU Blaster forum.




snowbound

 

Remote Procedure Call. Required by windows for programs to communicate with each other on networks/different machines. Originally for NT only but now installed with Win98/98se. Under Win98/98se, a program may need it to communicate with other components of itself. You could delete the program but if any abnormalities occur soon after then reinstall. Under NT, deleting this critical system component will disable the OS. For a more detailed explanation see:

http://www.cexx.org/rpc.htm

 

Hi Donn,

You may want to install the Microsoft patch to the DCOM RPC vulnerability.

See the following link:

http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx

 

It is normal to see this service establishing a listening connection on local service/port 135. Inbound connections to this service from the WAN (Internet) is something that should be blocked with your firewall. If you are on a LAN, this is something that could be allowed for those systems (Local Zone).

Do the logs indicate any destination IP?

Regards,

CrazyM

 

Hi,

DCOMbobulator
Tame Windows insecure DCOM facility

Ever since Windows 98, a powerful, but unnecessary and rarely used facility known as DCOM (Distributed Component Object Model) has been an integral part of Windows. The DCOMbobulator checks the effectiveness of Microsoft's security patches and allows the user to increase the security of their system by simply turning DCOM off.

You can download this little prog here:

http://www.grc.com/freepopular.htm

Greetings,

Gerard

 

Thanks for the info and downlds. I have WinMe, so howcom I have this program, are there some parts of Win NT and 98 in Me? With tht in mind should I let it live or delete it?

Iwill be dwnldg the patch that was supplied, thanks for that, but I really do NOT like dwnlding from M$, I swear it makes me feel like one of those kids on Fear Factor that has to lay ina glass box full of scorpions or tarantulas.

thanks//Donn

 

D O N O T D E L E T E


deletion may make you sysytem UN-USEABLE........on win98 or 98se.....how can I be so sure.....CAUSE I ONCE DELETED IT LOL


Its harmless.......CrazyM covered it all.
As Gerard said DCOM can be dis-able..I disable vie the registry.....but use the program G referred you too....safer

 

CORRECTION:

Come to think of it I didn't delete it...I just locked it up preventing it from running an just that slammed the computer

 

Ok, so if it is safe to disable, then it is safe to just leave it alone (my favorite action) and just put on the firewall on permanent block? Long as it is broad, right?

But since I have WinMe and not NT or 2000, why is it there and asking for access, also, what is Win32 kernel.dll. Sygate is asking me permission to allow it access --core component, right? why should it be suspect enough to ask?

//Donn

 

Donn


Don't delete...don't disable...just leave it alone......an block...if you are on a home pc

 

Yep, home pc, ok I'll just let it run then, and teh Win 32 Kernell.dll?

//donn

 

ok,,,Donn may be confused..hows this:


DCOM = disable

rpcss = leave alone..block

 

Oh, now I am rally confused. As I read the Sygate notice it told me that Distributed COMM Services was asking for permission to access the internet with a file named:
RPCSS.EXE.

It also is asking for permission to let Win32 Kernell.dll have access. I know tht's a core component, I am wondering why it is aksing me to allow/disallow access.

We cool now?

//Donn

 

Donn ..sorry,,we are cross posting at the same time...


""Yep, home pc, ok I'll just let it run then, and teh Win 32 Kernell.dll?

//donn """



Yes, thats correct

 

DONN

Just Block...........nothing else....just block


--------------------------------

This confuses lots of people...would take awhile to explain....just enjoy your surfing instead........

 

Ok, we got it. I let Win32 Kernel.Dll run and kept the block on DCOM. I recall that mjc mentioned in regard to this file that it goes through port 135, and that port 135 should not be exposed to the net. But it kept coming at me and my thought was, maybe there is more to this than meets the eye, so..when in doubt communicate..as a famous man once said.

Best//donn

 

DONN..you are doing just fine....the confusion came from us cross posting.....

Ok.....on my computer..

rpcss = blocked

DCOM =disabled

yes 135 is a netbios port an should be blocked if file sharing is not used.....an yes rpcss wants to use that port.....blocking rpcss wont do any harm to your computer...nor to rpcss........
A firewall rule could be made for rpcss..but Donn that may be alittle much for you just now.........easier on you to just block BOTH DCOM and RPCSS..................you don't have to disable DCOM as I do.....just blocking it works ok.......so where are we.

DCOM =block

rpcss = block

That should keep it simple.......an I sure believe in keeping life simple LOL
Nice having met you Donn........

was just thinking to myself that if javacool doesn't fix spywareblaster soon....I'll have to become a member here....posting left and right ..lol

 

that's interesting --I just dwldd spywareblaster today, it is the newest version, what should I be on the lookout for?

//Donn

 

Donn

SB does not install correctly on win 98 and winME......javacool is working on solving the issue......
Since we are on the subject......spywareblaster will need to be allowed out for updates.....only OUT......

 

uhmm, sorry if it's a distraction from your regular duties, but I am not familiar with the terms "allowed out" "only OUT" what does that mean to me with Win Me (looked like an ok dwld to me, noprobs, smooth as silk...)

//Donn

 

Donn

Duties.....got none.....I am just visting here an offering a helping hand to those I can.
SB...yeah, thats the thing it installs for some but not for all........which OS are you using..if you don't mind saying....somehow I thought it was win98 ( oh, your os wont change what we already talked about = rpcss/dcom/)
Hey, notice in another thread you stated being hit by a trojan.....Donn, you do have a trojan and anti-virus scanner ?
Now as for the IN/OUT term

internet explorer needs to be allowed OUT...but does not need to be allowed IN
This simple means that you can allow programs OUT of your system(pass the firewall)......but you don't need to allow programs INTO your system(blocked by firewall..........your anti-virus allowed OUT for updates.....but not IN for any reason....just apply that respectively to all your programs....
THINGYS can piggyback into a system on the back of honest programs...or an open port can be hacked if its being kept out because of an improper Rule or no RULE.......you don't need to FULLY understand thing at this point but you do need to make your your ports are stealted.......so, before doing anything else go over to the WILDERS free services page an the look for PCFLANK....go there an take both the stealth test and the advaced test.....there is also a like in free services to the sygate scanning site.......take them both..if you have time......do PCFLANK first if you will.....an don't worry the scans are ok......no danger.....
let us know if you don't have anti-virus/trojan scanners...ok.......
P.S. lets get you nervous LOL...if you have a port OPEN....thats bad news...

 

With all those typos in my last post I hope you can wade through the mistakes and understand what I said.....