I decided to write this entry for the sake of those ppl who want to get their computer back to normal. All you’ve got to do is to close port 135 and 445. So here’s what you’ve got to do:
How to close port 445
Start Registry Editor (Regedit.exe) by clicking Start menu, and then click the Run icon.
In the small box that Opens, type: regedit then click the OK button.
The Registry Editor will now have opened…
Locate the following key in the registry:
HKLM\System\CurrentControl
In the right-hand side of the window find an option called TransportBindName.
Double click that value, and then delete the default value, thus giving it a blank value.
The you must now navigate to the following registry key:
HKEY_LOCAL_MACHINE\Softwar
You will see there is a String Value called: EnableDCOM
Set the value to: N (it should currently be Y)
Close the Registry Editor.
Shutdown and Restart your computer.
You could also disabled NETbios. But I’ve found that by disabling these two, my computer get back to normal without re-formatting my computer etc. Hope you can get rid of this faulting application “svchost exe” problem. Good Luck!!
Main Topics
Browse All Topics





by: fivewavesPosted on 2009-07-27 at 01:46:22ID: 24949698
Blaster is a v old worm which spread by exploiting a buffer overflow and only spread on systems running Win 2000 or XP (32 bit) it can cause instability in the RPC service on systems running NT, XP (64 bit), and Win Server 2003. It creates the following registry entry so that it is launched every time Windows starts: HKEY_LOCAL_MACHINE\SOFTWAR E\Microsof t\Windows\ CurrentVer sion\Run\w indows auto update = msblast.exe
blast-exe. html)
curity_res ponse/writ eup.jsp? do cid=2003-0 81113-0229 -99&tabid= 2
One symptom is that it could display the Remote Procedure Call (RPC) display box (titled System Shutdown), informing that system will shutdown in for e.g. 60 sec.
The worm attempts to infect both Windows 2000 and Windows XP systems. One of the functions used by the worm must be different for each of these operating systems, in order for the exploit it uses to work. Since the worm does not know what operating system the target machine is running, it guesses. There is an 80% chance it will attempt to exploit Windows XP, and a 20% chance it will attempt to exploit Windows 2000. If the worm guesses incorrectly and the remote machine is vulnerable, the process svchost.exe on the target machine will crash. The system may become unstable, but the infection will fail. When svchost.exe crashes, a message like this may appear on Windows XP:
"Generic Host Process for Win32 Services" error report...
When svchost.exe crashes, Windows may create memory dumps of the process. These files are usually called user.dmp, svchost.exe.hdmp, or svchost.exe.mdmp.
Because these files contain the exploit code that caused the crash, they may be detected as DcomRpc.exploit or MS03-026 Exploit.Trojan. These files are harmless, and can safely be deleted.
However, the existence of these files indicates that the system is vulnerable and may still need to be patched. (From - http://www.updatexp.com/ms
Some tech details from Symantec website:
http://www.symantec.com/se