1. Look over the local shared resources
When running CMD and typing “net share”, if you see something shared unusual, you should turn it off. But sometimes you power it on the next time they appear there again after you turn the shared off, then you should think it over that whether your machine has been controlled by a hacker or a virus.
2. Remove shared (input one each time)
net share admin $ / delete
net share c $ / delete
net share d $ / delete (if there are e, f, ... ... you can continue to delete)
3. Delete ipc $ null connection
You can type “regedit” in “Run”, find the data named “RestrictAnonymous” of “HKEY_LOCAL_MACHINE_SYSTEM_Current ControSet_Control_LSA” in the registry and change the value data from 0 to 1.
4. Turn off our 139 port, ipc and RPC vulnerability exists here.
The way to turn off 139 port is that in the "local connection" of the "Network and Dial-up Connections" , you can select "Internet Protocol (TCP / IP)" Properties, enter the "WinS Settings" in the "Advanced TCP / IP Settings" where there’s "Disable the TCP / IP-NETBIOS ", tick it off so that the 139 port is turned off.
5. Prevent rpc vulnerability
You can open the Administrative Tools - Services - find RPC (Remote Procedure Call (RPC) Locator) service - set the first failure, second failure, subsequent failures in the recovery to no operation.
There is no existence of this vulnerability in XP SP2 and 2000 pro sp4.
6.445 port closed