Unwanted services or how to get rid of it...

Discussion in 'privacy technology' started by Born23, Jun 25, 2016.

  1. Born23

    Born23 Registered Member

    Joined:
    Apr 12, 2016
    Posts:
    12
    Hi everybody,
    I am on windows 7,
    I made a virus scan of my network and I got this:

    1/ for my computer:
    services: 135- RPC
    49152 - UNKNOWN
    2/ for my box (router):
    services: 53- DNS
    80- HTTP
    139- NETBIOS
    443- HTTPS
    445- SMB
    I have read every where (also on the good website of grc.com) that the 135 port should be closed for security and that DCOM service should be deactivated.What should I do?
    What could be the UNKNOWN SERVICE on port 49152 and should deactivated and how to do it?
    Are the services on my router are legitimates?
    Thank you for your help and your explanations.
    Have a pretty good week end.
    Born
     
  2. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
  3. Born23

    Born23 Registered Member

    Joined:
    Apr 12, 2016
    Posts:
    12
    Hi TairikuOkami,

    Thank you for your answer but you don't answer to my questions.
    This product Windows Worms Doors Cleaner didn't get any update since 2008 I won't downloaded.
    Have a good day.
    Any one has an idea??
    Born
     
  4. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,078
    Did you scan your network from within or from outside? What tool or which online service did you use?
    "virus scan" - I guess you are talking about portscan?
    If you don't have server on your network you can close all those ports on router for incoming connection attempts.
    I don't have DCOM disabled as it would probably cause too much problems (RPC also depends on it).
    To find out what is using that random port number you can use TCPView and Process Explorer to check it out.
     
  5. Born23

    Born23 Registered Member

    Joined:
    Apr 12, 2016
    Posts:
    12
    Hi Minimalist,

    On my antivirus I have a predefined scan called "Analysis of network threats" and I activated it and got the results I wrote in my post.
    This is a scan inside my network. I don't use any server.
    If I close port 135 how DCOM will work if it can cause too much troubles.
    I found a list of critical ports to close what do you think about it?

    Service-------------------------- Port(s)-------------------- Service(s) Windows

    Protocole IKE........................ 500/udp................................... IPSEC Policy Agent
    Protocole NTP.........................123/udp......................................Windows Time
    UPnP .......................... 5000/tcp, 1900/udp ......................... SSDP Discovery Service
    Cache DNS...................dynamique >1024/udp .............................. DNS Client
    NetBIOS sur TCP ........ 137/udp, 138/udp, 139/tcp ............... TCP/IP NetBIOS Helper Service
    CIFS/SMB ..................... 139/tcp, 445/tcp............................ Server, Workstation
    Portmapper RPC...............135/tcp, 135/udp...................... Remote Procedure Call (RPC)
    Tâches programmées......dynamique >1024/tcp...............................Schedule
    Messenger.................... dynamique >1024/udp ......................... Messenger
    Service .................................1025....................................... Services

    Thank you for your interest.
    Have a good day.
    Born
     
  6. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,078
    Here is how I got those services configured:
    IPSEC Policy Agent - Manual
    Windows Time - Disabled (I manually synchronize time every now and then)
    SSDP Discovery Service - Disabled
    DNS Client - Automatic (I use CCleaner to flush DNS cache)
    TCP/IP NetBIOS Helper Service - Automatic
    Server, Workstation - Automatic
    Remote Procedure Call (RPC) - Automatic
    Task Scheduler - Automatic
    Messenger - removed
    I have no problems with my setup. I never left service enabled and blocked port it was listening on, so I can't give you any info about how it would behave.
    Have a nice day :)
     
  7. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    1,180
    what does a netstat -a show?
     
Loading...