Port 135 still open after patch applied on Win2k pc

C

CB

I did not know if this was the best way to find out a
work around or not. I have a Win2k SP3 PC with the
Blaster patch fix installed (I verifed that files from
the patch did update), Cleaned the Regestry, and used the
ms utility to verify that the machine was patched. Here
is the problem, As soon as I put this PC back on the
network it starts brodcasting on port 135, I verified
this by snooping all ports from that IP. I have checked
other news groups but seems that this is not a normal
thing. My virus defs are up to date and virus protection
is enabled. Thanks for the help in advance.

C
 
V

Voice of the Mysterons

CB said:
I did not know if this was the best way to find out a
work around or not. I have a Win2k SP3 PC with the
Blaster patch fix installed (I verifed that files from
the patch did update), Cleaned the Regestry, and used the
ms utility to verify that the machine was patched. Here
is the problem, As soon as I put this PC back on the
network it starts brodcasting on port 135, I verified
this by snooping all ports from that IP. I have checked
other news groups but seems that this is not a normal
thing. My virus defs are up to date and virus protection
is enabled. Thanks for the help in advance.

C
Click to expand...

Have you tried the DCOM bobulator?

http://www.grc.com/dcom/

HTH
 
M

Marc Reynolds [MSFT]

Hi,

The patch does not block TCP 135, it fixes a bug in RPC.

823980 MS03-026: Buffer Overrun in RPC May Allow Code Execution
http://support.microsoft.com/?id=823980


Thanks,
Marc Reynolds
Microsoft Technical Support

This posting is provided "AS IS" with no warranties, and confers no rights.
 
H

howard

I had similar problems at my work. I would clean machines
and the virus would come back. In my case it was Welchia.
dllhost.exe and svchost.exe were infected in
windows\system32\wins.

I finaly got rid of the virus by taking the machine of the
network and cleaning it with Stinger.exe 1.8.4 from
McAfee's site. Kind of disappointed since we are a
Symantec shop, but that is how we got most of our machines
clean and back on the network. Still have a few that
refused to show the patch as being installed even though
it has been multiple times. I am going to stop all
services and clean again on those few. If that does not do
it then I am getting real close to reformatting the hard
drive and reload.

Hope some of this is useful.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

install win2k on formatted hard drive without cd-rom support? 3
What is up with port 135? 3
Port 135 3
RPC over HTTP requires port 135 Initial Configuration? 2
SP2 and Port 135 4
What is port 135, and how do I find out if it's open? 3
Too many connection on port 135 and some security questions 4
blaster problem 2

Top