On 24 Nov 2002, at 9:34, Dave Jones wrote:
> It's a Remote Procedure Call.. Everything about it is here
> http://www.cexx.org/rpc.htm
>
> Dave Jones
> http://www.airmemories.com
> http://www.fwbac.com
>
> > I keep having a problem with this file. It keeps trying to
> > access the internet and identifies itself on my firewall as
> > "Distributed COM Services."
I think the most telling point on that page is the second from the bottom:
> What could an exploit using rpcss.exe do? On Windows 9x, if the author
> could plant a program that registers itself with the portmapper
> (rpcss.exe) and communicate with it remotely, it would have unlimited
> access to the machine. In other words, you'd have a full-blown Trojan
> horse on your hands, albeit one that would be very easy to detect.
Note that the only reason this program would be trying to access the Internet is
that something on the machine that uses it has asked it to do so. If you don't
know what asked, or why, then I would not allow the communication to proceed, and
I'd investigate to try to determine what client program has asked for it, and why.
David Gillett
"Hold No Punches.." Rode brings you great shareware/freeware
programs with his honest opinions in this weekly column.
http://freepctech.com/rode
|