NOD32 and port 135

Discussion in 'NOD32 version 2 Forum' started by Mele20, Aug 6, 2003.

Thread Status:
Not open for further replies.
  1. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Does NOD32 version 2 use require that port 135 be open? That port has always been closed on my box until recently. The only change I have made is installing NOD32 ver.2. If I disable DCOM will that affect NOD32?
     
  2. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    I use NOD32 V2 and GRC shows port 135 is closed on my machine.
     
  3. jsurfers

    jsurfers Registered Member

    Joined:
    Mar 30, 2003
    Posts:
    9
    Hello Mele20. Disabling DCOM (port 135) will not affect NOD32 v.2. The updates should not be affected. Rest Assured. If you have a Firewall, try to close port 135.
     
  4. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Thank you for the quick replies. I uninstalled NOD just to see and went and tested at GRC and PCFlank and port 135 is still open so it isn't NOD32. I haven't used a firewall in over a year but test regularly and all ports have always been closed (even testing large numbers at Hackerwhacker) until now. At least I know it isn't NOD and that if I disable DCOM it won't affect NOD updates.
     
  5. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    That's really odd especially since you''re on W98 unbound, etc. Have you run a netstat to see what may be holding the port open? Is it DCOM? That's weird. Mine never had that happen that I recall.
     
  6. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,617
    Location:
    Canada
    It would be possible that you have a Trojan that keeps your Port 135
    open.
    Make a scan online with a AT.
     
  7. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    I downloaded Trojan Hunter and ran a full scan. Nothing. It is DCOM that is holding the port open. I don't understand though why it suddenly is doing this and wasn't before. I know it is DCOM holding it open because I used the process viewer in TH to terminate RPCss.exe which closed W95 RPC Windows Message Service and after I did that, I used GRC to see if port 135 was still open. It was closed.

    Microsoft says to change the values for the registry keys to disable DCOM and incoming remote connections by using the OLE/COM Object Viewer with the File.System Configuration dialog box to make the change. I get a very strange error message though when I try to access the viewer. So, I wonder if it is ok to just change the values in the registry itself rather than using this indirect method that Microsoft recommends.

    I vaguely remember some discussion about a year? ago about DCOM and W98 at DSLR and I did whatever the fix was....now I can't remember that but I think it had to do with disabling DCOM. If so, what reenabled it?

    Anyhow, I know it isn't a trojan or NOD32 which is good!
     
Thread Status:
Not open for further replies.