Ransomware virus WannaCry, or Wana Decryptor, affected tens of thousands of computers around the world. While those who came under attack are waiting for a solution to the problem, users who have not yet been affected should use all possible lines of defense. One of the ways to rid yourself of virus infection and protect yourself from the spread of WannaCry is to close ports 135 and 445, through which not only WannaCry, but also most Trojans, backdoors and other malicious programs enter your computer. There are several means to cover these loopholes.

Method 1. Protection from WannaCry - using Firewall

A firewall, also known as a firewall, in the classical sense is a wall that separates sections of buildings to protect them from fire. A computer firewall works in a similar way - it protects a computer connected to the Internet from unnecessary information by filtering incoming packets. Most firewall programs can be fine-tuned, incl. and close certain ports.

There are many types of firewalls. The simplest firewall is a standard Windows tool that provides basic protection and without which the PC would not last 2 minutes in a “clean” state. Third-party firewalls - such as those built into antivirus programs - are much more effective.

The advantage of firewalls is that they block all connections that do not comply with a specified set of rules, i.e. work according to the principle “everything that is not permitted is prohibited.” Because of this, when using a firewall to protect against the WannaCry virus, you are more likely to have to open the necessary ports rather than close unnecessary ones. You can make sure that the Windows 10 firewall is working by opening the program settings through search and going to additional options. If ports are open by default, you can close 135 and 445 by creating appropriate rules through the firewall settings in the incoming connections section.

However, in some cases the firewall cannot be used. Without it, it will be more difficult to provide protection against the WannaCry malware, but closing the most obvious holes will be possible without much difficulty.

An effective method of protection against Wana Descrypt0r is illustrated in the video!

Method 2. Block the spread of the virus with Windows Worms Doors Cleaner

Windows Worms Doors Cleaner- this simple program weighs only 50 KB and allows you to close ports 135, 445 and some others in one click from the WannaCry virus.

You can download Windows Worms Doors Cleaner from the link: http://downloads.hotdownloads.ru/windows_worms_doors_cleaner/wwdc.exe

The main window of the program contains a list of ports (135–139, 445, 5000) and brief information about them - for which services they are used, whether they are open or closed. Next to each port there is a link to official Microsoft security statements.

1. To close ports using Windows Worms Doors Cleaner from WannaCry, you need to click on the Disable button.
2. After this, the red crosses will be replaced by green checkmarks, and messages will appear indicating that the ports have been successfully blocked.
3. After this, the program must be closed and the computer restarted.

Method 3. Closing ports by disabling system services

It is logical that ports are needed not only by viruses such as WannaCry - under normal conditions they are used by system services that most users do not need and are easily disabled. After this, there will be no need for ports to be opened, and malware will not be able to penetrate the computer.

Closing port 135

Port 135 is used by the service DCOM (Distributed COM), which is needed to connect objects on different machines on the local network. The technology is practically not used in modern systems, so the service can be safely disabled. This can be done in two ways - using a special utility or through the registry.

Using the utility, the service is disabled as follows:

On Windows Server 2003 and older systems, you need to perform a number of additional operations, but since the WannaCry virus is only dangerous for modern versions of the OS, there is no point in touching on this point.

The port from the WannaCry virus program is closed through the registry as follows:

1. 1. The registry editor starts (regedit in the Run window).
2. 2. The key is looked for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole.
3. 3. EnableDCOM parameter changes from Y to N.
4. 4. The computer restarts.

You can only edit the registry from an administrator account.

Closing port 445

Port 445 is used by the service NetBT- a network protocol that allows older programs that rely on the NetBIOS API to work on modern networks TCP/IP. If there is no such ancient software on the computer, the port can be safely blocked - this will close the front door for the spread of the WannaCry virus. This can be done through the network connection settings or the registry editor.

First way:

1. 1. The properties of the connection being used open.
2. 2. TCP/IPv4 properties open.
3. 3. Click the “Advanced...” button
4. 4. On the WINS tab, check the “Disable NetBIOS over TCP/IP” checkbox.

This must be done for all network connections. Additionally, it is worth disabling the file and printer access service if it is not used - there are known cases when WannaCry hit a computer through it.

Second way:

1. 1. The Registry Editor opens.
2. 2. Search for NetBT parameters in the ControlSet001 section of system entries.
3. 3. The TransportBindName parameter is removed.

The same should be done in the following sections:

• ControlSet002;
• CurrentControlSet.

After editing is completed, the computer restarts. Please note that if NetBT is disabled, the DHCP service will stop working.

Conclusion

Thus, to protect yourself from the spread of the WannaCry virus, you need to make sure that vulnerable ports 135 and 445 are closed (you can use various services for this) or enable a firewall. In addition, you must install all Windows system updates. To avoid future attacks, it is recommended to always use the latest version of antivirus software.