nosuchemail
Wed Aug 13 13:23:21 CDT 2003
1st of all, I was not asking about the virus.
I was asking if rpcss is the same as rpc?
They both stand for remote procedure call
Also, According to Mow Green's reply to shown below it is
the same
Also According to Mow it can be used to transmit a virus.
I have notice alot of post clamming to have trouble with Me,
in the last day or so.
I do read other post. I know people claim you can't get the virus if
you have 98se or windows me. But, I was just asking that person to
see if he could find msblast on the computer. That way we would know
for sure.
I said all I need to say. In this thread.
Greg P Rozelle
>On Wed, 13 Aug 2003 06:48:56 -0700, Mow Green <mowgreen@nowandzen.com> wrote:
>Greg,
>
><<<< rpcss on port 1025 >>>>>
>
>What is RPCSS.EXE ?
>
http://cexx.org/rpc.htm
>
>" Is rpcss.exe a Trojan horse? No. It's a server that provides RPC
>capabilities to the Windows operating system.
>Is rpcss.exe a security hole? The program itself is not known to be a
>security threat. However, like its UNIX brethren, it does provide a
>gateway through which security holes in programs that use it can be
>exploited. RPC, like most other IPC protocols, is only as safe as the
>programs that utilize it.
>Can rpcss.exe be exploited by a malicious software author? Yes, but
>again, this has nothing to do with the program and more to do with what
>it does (namely, providing an IPC service). However, a smart author
>won't use it and will instead use "quieter" and lower bandwidth methods
>to keep his software hidden. A dumb author will probably be unaware of
>its existence. Either way, its abuse potential is pretty low.
>What could an exploit using rpcss.exe do? On Windows 9x, if the author
>could plant a program that registers itself with the portmapper
>(rpcss.exe) and communicate with it remotely, it would have unlimited
>access to the machine. In other words, you'd have a full-blown Trojan
>horse on your hands, albeit one that would be very easy to detect. On
>Windows NT/2000, the program would probably have to be a service and its
>powers would be limited based on the account under which it runs. In all
>likelihood, it would have to be installed by a member of the
>Administrators group to have any effect at all, although a lesser
>program (spyware, perhaps) could load itself for each user and register
>itself with the portmapper. In the end, RPC simply provides a conduit by
>which clients can execute predefined code on a server. Of course, a
>nasty programmer could conceive of a way to execute arbitrary code using
>RPC, but that's an exercise left to the reader (hint: think assembly
>language).
>Should rpcss.exe be deleted? No. Under Windows 9x, a program may need it
>to communicate with other components of itself. Of course, you could
>delete the program, but various unpleasantries could result. Under
>Windows NT/2000, deleting this critical system component will disable
>your OS (although I believe Windows 2000's system file protection
>service will automatically replace it with a backup). "
>
>MowGreen
>*-343-*
>Never Forgotten
>
>Greg P Rozelle wrote:
>
>> My firewall show both 98se, me showing
>> rpcss listen on port 1025 which is called
>> which called remote procedure call sub system
>>
>> The other is just called
>> which called remote procedure call
>>
>>
>> Disclaimer
>> My advice is as-is. It could trash your system.
>>
>
Disclaimer
My advice is as-is. It could trash your system.