Windows Worms Door Cleaner
The little freeware application Windows Worms Door Cleaner has a very strange name if you ask me. It's purpose is to disable certain services that worms rely on to attack your system. You can check your computer for open ports in a number of ways, including the excellent CurrPorts program. The program is free to use and displays all open ports on your system that were either opened by programs running on it, or by the operating system.
Most of the worms, in particular the most famous, use known vulnerabilities in Windows services which are enabled by default and that often can't be disabled via the OS's configuration.
Even with these services patched with Microsoft security fixes, they are still exposed to the Internet at large ready to be exploited by the next exploit.
Update: The website the program was originally published on is no longer available on the Internet. You still find the program listed on download portals such as Softpedia, and while it is likely that it will still work fine on supported operating systems, the lack of updates might be an issue.
Instead of using a program to close the ports, Windows users can also close the ports using a firewall, either software or hardware, or native Windows settings.
Please note that the following applies to Windows XP only. While it may work with newer versions of Windows, there is no guarantee that it does.
- Check with netstat -an on the command line to see if the ports are open
- Set EnableDCOM to N under HKEY_LOCAL_MACHINE\Software\Microsoft\OLE
- Delete all existing DCOM Protocols keys under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RPC
- Add the Registry Dword SMBDeviceEnabled under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters and set its value to 0.
- Disable Netbios by right-clicking on your local area connection and selecting Properties. Find Internet Protocol (TCP/IP), and select Properties.Â Click Advanced, then WINS tab.
The methods above disable the following ports on your system: Port 135, 137, 138, 139 and port 445.Advertisement