Solved

dcom exploit rpc- winit.exe--- it keeps returning- how to stop it?

Posted on 2004-10-08
7
533 Views
Last Modified: 2013-12-04
recently i noticed the file 'winit.exe' asked Zone Alarm for permission to enter the internet. I gave it a -yes. but that file bothered me. a little while later, i decided to check for trojans and it discovered a trojan in memory- dcom exploit rpc. I deleted it. then i took my av and double checked everything. i looked at win updates and nothing was needed. so i was satisfied.

i also took the precaution of zone alarm- not allowing winit.exe to enter the internet. so i thought i covered everything.

wrong- a day later- i looked at my registry this morning and saw winit.exe was still in the registry, i deleted it. so i did a registry scan for the words - winit.exe and found 7 places it existed. it was located in 'RunServices' which i deleted yesterday. 4 places it was located in the spy programs (possibly as a cautionary description) and the other two places was located in MS\OLE directory.

i will now delete the 'Run Services' and reboot- but i am sure it will return.

what am i overlooking?
0
Comment
Question by:cityman12000
  • 4
  • 3
7 Comments
 

Author Comment

by:cityman12000
ID: 12259390
i think it is gone. i rebooted 2 times and did a registry search and found - winit.exe- did not return to the registry.

i did find a - winitN.exe in the registry but i left it alone.

any other ideas?
0
 
LVL 2

Expert Comment

by:kitisak
ID: 12264884
If you don't need to use RPC DCOM, you should disble it.
Follow this Microsoft's artical : How to disable DCOM support in Windows (http://support.microsoft.com/default.aspx?kbid=825750)
0
 

Author Comment

by:cityman12000
ID: 12270801
Good idea. I will try it out for a few days... but i am not sure i really know what to do- the instructions are... daunting. also i used a wireless network.  i wonder if it will block the connection?
0
New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

 
LVL 2

Expert Comment

by:kitisak
ID: 12273691
OK, you should try and let me know the result please.
0
 

Author Comment

by:cityman12000
ID: 12275048
i look over the instructions and i am relunctant to do it. because i am aftaid to do it so...right now i have scanned several times - virus and trojan and did registry scan and it is not there nor repeating itself.

i also went to grc.com and my ports were closed and in stealth mode. also activated a trojan program for continual surveillance.

this i think will be a good alternative.. i hope

cm
0
 
LVL 2

Accepted Solution

by:
kitisak earned 100 total points
ID: 12278936
Maybe I used to test infected by Blaster before. I use TCPView to check the connection from my PC. You can make sure that you don't have any Blaster in you PC. And use RPC Scanner to scan your PC for vulner.

TCPView : http://www.sysinternals.com/ntw2k/source/tcpview.shtml
Retina RPC Scanner : http://www.eeye.com/html/resources/downloads/download.asp?file=RetinaRPCDCOM

Try it !!!
0
 

Author Comment

by:cityman12000
ID: 12283675
i used retina and all is good. the pcpview is a little confusing but.. it is fine and i am willing to learn.

thanks kitisak
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
OfficeMate Freezes on login or does not load after login credentials are input.
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now