You might want to give this app by gkweb a try: Windows Worms Doors Cleaner v1.1, available from here:
http://perso.wanadoo.fr/jugesoftware...r/eng/wwdc.htm

From the author:

Little tool to disable DCOM, Locator, and NetBIOS
Hi there,

I have done a small app because I needed it, as well as friends.
Everyone know that current worms uses Windows vulnerabilities, but these services patched are still accessible and ready to be exploited by the next exploit.
The simplest is to disable them, and so, even without firewalls those worms can't hurt you anymore via the Internet.

You can so switch on/off DCOM (listening on 135), 445 port, and 137/138/139 ports.

Even if you know to dig into the registry and modify values, it is more convenient to have a GUI, I think.

It has been deeply tested on both XP and 2000, but if however you find a problem or simply have suggestion or ideas, please post them

I hope it will be useful for some.

To see results after a reboot, type in command line :
netstat -ano

Ports closed should not appear.
However, DCOM even when disabled, does not close port 135 but simply stops listening on it.

Q. Just a question: What would be - if any - the downside of disabling ports 137-139? Would that have any impact in, say, files and printer sharings in a LAN?

A.
Yes indeed, if you are using file sharing in LAN, disabling NetBT service to run will make you unable to get into your workgroup and share files.

This option is for users which aren't in LAN and has just an Internet connection, and so, these ports opened are useless and are unnecessary risks.

Q.What about the other two settings? DCOM RPC listening and RPC locator? Would it have any impact on something else disabling them?

A.I have never seen a home user using them.
It is absolutley harmless and is strongly advised to disable them.

Those services *can* be used in corporate networks, but even there, I have never seen them used anyway (I haven't worked in big corporations though).

Microsoft details about DCOM RPC :

quote:
Remote Procedure Call (RPC) is a protocol used by the Windows operating system. RPC provides an inter-process communication mechanism that allows a program running on one computer to seamlessly execute code on a remote system. The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol, but with the addition of some Microsoft specific extensions.

Even Steve Gibson advises to disable it.

RPC Locator :

quote:
The Microsoft Locator service is a name service that maps logical names to network-specific names. It ships with Windows NT 4.0, Windows 2000, and Windows XP. By default, the Locator service is enabled only on Windows 2000 domain controllers and Windows NT 4.0 domain controllers; it is not enabled on Windows NT 4.0 workstations or member servers, Windows 2000 workstations or member servers, or Windows XP.

another quote from Jean-Baptiste Marchand :

quote:
Before Windows 2000, the CIFS protocol was typically transported in NetBIOS over
TCP/IP (NetBT), using TCP port 139. Starting with Windows 2000, CIFS can be
transported directly in TCP/IP, without an intermediary NetBT layer. In that
case, TCP port 445 is used (see »www.ubiqx.org/cifs/SMB.html#SMB.1.2
for more information).

notice the link :
»www.ubiqx.org/cifs/SMB.html#SMB.1.2

All of that is Microsoft stuff and is not needed for home users. It didn't have any impact on all computers where they was disabled.

Personally even on LAN, I have disabled all of them, and do a 'net start netbt' when I need file sharing, it is very rare I use it.

If however you fear any problems on your computer, the prog allows you to revert back to original settings and to enable them again (once something is disable, buttons will display "ENABLE xxx" instead of "Disable xxx").

Also note this note at the bottom of the page linked to:

" Note : Seems that Kerio firewall 4.x has a bug and don't like disabling Locator or NetBIOS, it is not in anyway a Windows Worms Doors Cleaner bug but rather a Kerio one, issue under investigation."

Pete

*Note: I cleaned up some spelling and such-like mistakes when c&p'ing this stuff - English isn't his first language.