This should make you chuckle wargand
I'm in trouble with my registry. I'v recently done a clean install and while doing a security check on my ports found that one was open port 135. I followed the links to these instuctions


Q1 How do I enable or disable DCOM?

A. The HKEY_LOCAL_MACHINE\Software\Microsoft\OLE registry key has "EnableDCOM" as a named value. By default this value is set to "Y." To disable DCOM, change this value to "N." You can do this in the OLE/COM Object Viewer with the File.System Configuration dialog box. Changing this value requires you to restart your computer.

If EnableDCOM is not set to "Y," then all cross-computer calls are rejected (the caller, typically, receives an RPC_S_SERVER_UNAVAILABLE return code).

Now I foolishly tried
only I dont think i got it right. My pc came up with a message saying probs with RCP and it restarted
HELP anyone know of a good reg fixer

Just got RegistryFix V1.03 free download
Is it any good . It say I got 264 problems (but the bitch aint one)
Free my ass only fixed 51 probs need to pay for rest

anybody got any ideas, i got reg mechanic full ran it, said it fixed all probs
hour later system shutdown says
windows is restarting because RCP remote call procedure was terminated unexpectedly

Never trust those reg fix progs!!!!!!!!!!!!!!!!!!!!

RCP Remote IS NEEDED to run XP properly.

Just close the services you don't need manually and you should be OK.

You'll need to do some research depending on your setup.

This means you got one of these sasser/blaster worms that multiply using open port 135. Any firewall is enough to be protected against those things, you don't need to fix your registry or change anything manually. From my experience - no use trying to close port 135, it simply doesn't work on some machines (tried everything, from dedicated registry tools to manual edit). This, however, does not affect your security as long as you keep your firewall running.

If your machine got infected by sasser, this means yor actions must have left it unprotected.

Yes a friend suggested it might b sasser worm. Thing is i know that what i messed with in the reg was connected with RCP. I have since been into Services and under the properties for the RCP I changed the setting to Take no action instead of restart. The thing about the worm is I have tried three different AV the 1 i normally run Symantec AV client fully updated, I downloaded the Stinger from Mc Cafree and i tried onother recomended (FH) AV all found nothing :-o
I did update the firewall (Sygate pro) whem I did the clean install. Also 2what is new is that i cant stop those f**Kin messenger pop ups unless i run Tweak XP all the time.
Begining to wish I hadn't bothered with the install now only did it cus i found a sp2 intg copy . This will make u laugh it was dutch ( fumbled my way thru the format ect thinking i could change the language later
U CANT DO THAT
So im back to square 1 or rather my pc was runnin sweet as a nut now its pi**ing me off :-o
anyway thank 4 ur time

Sorted out the pop up prob with win update
Really dont think its sasser worm as went to here
http://vil.nai.com/vil/content/v_125007.htm
alltho i got the system shutdown warning none of the mentioned files,reg entries are there
got the removal kit from microsoft and it didn't find anything
anyway this may be connected. I have something called a "defragfat40.exe" trying to connect to "ciberlinkcommunity.kick-ass.net "
The address doesn't exist and defragfat40.exe returns no results in google
anyone know what it is ?

Removal kit from microsoft doesn't necessarily have to work, I had sasser once or twice and removal tools didn't help. The best way is to try and remove it manually, there should be a description on how to do this on the net.

There is on the link above but I cant see the files or reg entries to do it manually

Boot into safe mode then do it.

Manual Removal Instructions
To remove this virus "by hand", follow these steps:

1. Reboot the system into Safe Mode (hit the F8 key as soon as the Starting Windows text is displayed, choose Safe Mode.
2. Delete the file AVSERVE.EXE from your WINDOWS directory (typically c:\windows or c:\winnt)
3. Edit the registry
* Delete the "avserve" value from
o HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
4. Reboot the system into Default Mode


There is no avserve.exe there is no reg entry :-o
I really dont think i have this worm
the "defragfat40.exe" is the 1 ive deleted it was running at start up and kept trying to connect so i dumped it. No results from google on this one. PC runnin fine at mo

AFAIK there are many mutations of this worm, each of them uses a different filename of the executable.

Think I got it .Got update to av ran scan and it found WIN32.IRCBOT
It was in c: recycler, that was where i dumped the defarfat40.exe when i started in safe mode . It was named Dc1.exe,my system runs fine without it and a friend checked his syst 32 and he does not have it on his system. So fingers crossed i got the ba****d