Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 570
  • Last Modified:

dcom exploit rpc- winit.exe--- it keeps returning- how to stop it?

recently i noticed the file 'winit.exe' asked Zone Alarm for permission to enter the internet. I gave it a -yes. but that file bothered me. a little while later, i decided to check for trojans and it discovered a trojan in memory- dcom exploit rpc. I deleted it. then i took my av and double checked everything. i looked at win updates and nothing was needed. so i was satisfied.

i also took the precaution of zone alarm- not allowing winit.exe to enter the internet. so i thought i covered everything.

wrong- a day later- i looked at my registry this morning and saw winit.exe was still in the registry, i deleted it. so i did a registry scan for the words - winit.exe and found 7 places it existed. it was located in 'RunServices' which i deleted yesterday. 4 places it was located in the spy programs (possibly as a cautionary description) and the other two places was located in MS\OLE directory.

i will now delete the 'Run Services' and reboot- but i am sure it will return.

what am i overlooking?
0
cityman12000
Asked:
cityman12000
  • 4
  • 3
1 Solution
 
cityman12000Author Commented:
i think it is gone. i rebooted 2 times and did a registry search and found - winit.exe- did not return to the registry.

i did find a - winitN.exe in the registry but i left it alone.

any other ideas?
0
 
kitisakCommented:
If you don't need to use RPC DCOM, you should disble it.
Follow this Microsoft's artical : How to disable DCOM support in Windows (http://support.microsoft.com/default.aspx?kbid=825750)
0
 
cityman12000Author Commented:
Good idea. I will try it out for a few days... but i am not sure i really know what to do- the instructions are... daunting. also i used a wireless network.  i wonder if it will block the connection?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
kitisakCommented:
OK, you should try and let me know the result please.
0
 
cityman12000Author Commented:
i look over the instructions and i am relunctant to do it. because i am aftaid to do it so...right now i have scanned several times - virus and trojan and did registry scan and it is not there nor repeating itself.

i also went to grc.com and my ports were closed and in stealth mode. also activated a trojan program for continual surveillance.

this i think will be a good alternative.. i hope

cm
0
 
kitisakCommented:
Maybe I used to test infected by Blaster before. I use TCPView to check the connection from my PC. You can make sure that you don't have any Blaster in you PC. And use RPC Scanner to scan your PC for vulner.

TCPView : http://www.sysinternals.com/ntw2k/source/tcpview.shtml
Retina RPC Scanner : http://www.eeye.com/html/resources/downloads/download.asp?file=RetinaRPCDCOM

Try it !!!
0
 
cityman12000Author Commented:
i used retina and all is good. the pcpview is a little confusing but.. it is fine and i am willing to learn.

thanks kitisak
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now