jdynan
asked on
LOST THE ABILITY TO COPY, PASTE OR DELETE.
I lost the ability to copy files then paste them somewhere else in the system. I also can't delete files. If I can delete a file it is one at a time then the system stalls then the desktop refreshes then I can continue.
I have not added any drivers or programs but did let Norton do an Optization (sp) and noticed this a couple of days later.
I run XP Pro.
Thanks
John
I have not added any drivers or programs but did let Norton do an Optization (sp) and noticed this a couple of days later.
I run XP Pro.
Thanks
John
ASKER
Thanks for getting back. I will try what you say tomorrow as my email goes home and the problem is at work.
I have only one question on your directions and of course it's the first set of directions:
Start > Run services
Double Click on Remote Procedure Call (RPC)
Click the Recovery tab
Set all three failure boxes to "Take No Action"
I don't understand the Run services and can't find the RPC.
The rest of the instructions seem fine.
Thanks again.
I have only one question on your directions and of course it's the first set of directions:
Start > Run services
Double Click on Remote Procedure Call (RPC)
Click the Recovery tab
Set all three failure boxes to "Take No Action"
I don't understand the Run services and can't find the RPC.
The rest of the instructions seem fine.
Thanks again.
Umm disregard that for now and we will revist it if need be.
HI
1. First of all its Start->Run->Services.msc and not Run services
2. do these steps:
start->Run->MSCONFIG
click selective startup
uncheck load startup items
Hit Apply and Close
Reboot
If problem goes away, it means one of the startup items which U disabled was the culprit
I know one such program and it is QuickFind Manager
ASKER
Thanks to Crazy One and Alex J.
Following the directions I did not find the MsBlaster.exe on the system. Tired the start up Alex suggested by unchecking the 4 blocks but it had no effect.
Sorry to be a bother but I am trying my best not to reboot the system to correct.
Following the directions I did not find the MsBlaster.exe on the system. Tired the start up Alex suggested by unchecking the 4 blocks but it had no effect.
Sorry to be a bother but I am trying my best not to reboot the system to correct.
Did you apply the patch though? You will have to reboot to see any of this stuff works. So how do you know AlexJ's suggestion didn't work? You won't know until you reboot.
ASKER
I did not run the patch but with your prompting I just completed the process.
I turned Sys Restore offDownloaded and ran fixblast.exe and none were found.
During this and the following procedures the sys was rebooted several times.
I reinstalled Norton System Works 2003 and ran all the live updates.
I also ran Anti-Virus and none were found.
Ran Win Doctor and no errors were found.
I have always installed the MS updates when available.
I just ran the latest update after turning System Restore back on.
It really is a strange problem. I am able to do some copy and pasting but after any, say deleting of files, if I were to try to copy or do another delete the hour glass cursor shows up and after about 20 sec the screen refreshes but I still can't move say programs. I tried to move fixblast.exe from My Documents to another folder as a test and the problem shows up.
I hope that this is more helpful.
Thanks again for listening
I turned Sys Restore offDownloaded and ran fixblast.exe and none were found.
During this and the following procedures the sys was rebooted several times.
I reinstalled Norton System Works 2003 and ran all the live updates.
I also ran Anti-Virus and none were found.
Ran Win Doctor and no errors were found.
I have always installed the MS updates when available.
I just ran the latest update after turning System Restore back on.
It really is a strange problem. I am able to do some copy and pasting but after any, say deleting of files, if I were to try to copy or do another delete the hour glass cursor shows up and after about 20 sec the screen refreshes but I still can't move say programs. I tried to move fixblast.exe from My Documents to another folder as a test and the problem shows up.
I hope that this is more helpful.
Thanks again for listening
Umm perhaps we are dealing with some spyware
Check for adware and sypware
spybot here
http://spybot.safer-networking.de/
Download
http://spybot.safer-networking.de/index.php?lang=en&page=download
AdAware
http://www.lavasoftusa.com/
Spycop:
http://www.spycop.com/
BHODemon and Hijack This and Browser Hijack Blaster
http://www.spywareinfo.com/downloads.php?cat=sp#det
BHODemon | Think of BHODemon as a guardian for your Internet browser: it protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. This program is my choice for BHO detection and is highly recommended.
Browser Hijack Blaster | Running silently in the background, Browser Hijack Blaster only springs into action when an attempt is made. It watches and protects the following items: IE Homepage, IE Default Page, IE Search Page, BHOs. Whenver one of the above items is changed, or a BHO is added, you are immediately provided with information on the item, along with the option to keep the change, or revert to your previous settings.
Hijack This | Written by a member of our support forums and based on our Hijacked! article, this program scans the locations in your computer system that may be modified by browser hijackers and fixes any problems found. An easy-to-understand tutorial is available at TomCoyote.org.
General and overall information about Spy/Adware
http://www.cexx.org/adware.htm
Check for adware and sypware
spybot here
http://spybot.safer-networking.de/
Download
http://spybot.safer-networking.de/index.php?lang=en&page=download
AdAware
http://www.lavasoftusa.com/
Spycop:
http://www.spycop.com/
BHODemon and Hijack This and Browser Hijack Blaster
http://www.spywareinfo.com/downloads.php?cat=sp#det
BHODemon | Think of BHODemon as a guardian for your Internet browser: it protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. This program is my choice for BHO detection and is highly recommended.
Browser Hijack Blaster | Running silently in the background, Browser Hijack Blaster only springs into action when an attempt is made. It watches and protects the following items: IE Homepage, IE Default Page, IE Search Page, BHOs. Whenver one of the above items is changed, or a BHO is added, you are immediately provided with information on the item, along with the option to keep the change, or revert to your previous settings.
Hijack This | Written by a member of our support forums and based on our Hijacked! article, this program scans the locations in your computer system that may be modified by browser hijackers and fixes any problems found. An easy-to-understand tutorial is available at TomCoyote.org.
General and overall information about Spy/Adware
http://www.cexx.org/adware.htm
ASKER
You're a trooper to stick with this.
I ran Ad-Aware yesterday and it found 26 "somethings" so they were quarantiened and deleted. No change.
I did just download and install two of your choices BHO and Hack Blaster.
Neither one suggested any changes and BHO only found three items and all were for normal programs I run.
Sorry no smoking gun.
I am starting to feel that my only choice is a reinstall of xp but I always dread that since, even though I partition my drive it's a pain to get back to where I was.
John
I ran Ad-Aware yesterday and it found 26 "somethings" so they were quarantiened and deleted. No change.
I did just download and install two of your choices BHO and Hack Blaster.
Neither one suggested any changes and BHO only found three items and all were for normal programs I run.
Sorry no smoking gun.
I am starting to feel that my only choice is a reinstall of xp but I always dread that since, even though I partition my drive it's a pain to get back to where I was.
John
Try this first
Start > Run sfc /scannow
Start > Run sfc /scannow
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks I'll try it on Friday and let you know.
ASKER
Thanks to Crazy One.
I tried all the suggestions but I fear that whatever caused the condition was above repair. In desperation I rebooted XP which, of course wiped the C drive. It was not a big loss thanks to Partition Magic. At least now I can move files around, good t hing since I have a budget due on Monday that I could not transfer to a floppy to work on this weekend.
You were a trooper and I just wanted to let you know how much I apperciated your attention.
Alex J did his part and I also extend my thanks to his input.
I tried all the suggestions but I fear that whatever caused the condition was above repair. In desperation I rebooted XP which, of course wiped the C drive. It was not a big loss thanks to Partition Magic. At least now I can move files around, good t hing since I have a budget due on Monday that I could not transfer to a floppy to work on this weekend.
You were a trooper and I just wanted to let you know how much I apperciated your attention.
Alex J did his part and I also extend my thanks to his input.
What You Should Know About the Blaster Worm and Its Variants
http://www.microsoft.com/security/incident/blast.asp
first do this
Start > Run services
Double Click on Remote Procedure Call (RPC)
Click the Recovery tab
Set all three failure boxes to "Take No Action"
Then open the task manager Start > Run taskmgr and under the Processes tab look for msblaster.exe and if you find it end the task.
then
Removal tool
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
Download
http://securityresponse.symantec.com/avcenter/FixBlast.exe
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html
W32.Blaster.Worm is a worm that will exploit the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp using TCP port 135. It will attempt to download and run the file Msblast.exe.
You should block access to TCP port 4444 at the firewall level, and block the following ports, if they do not use the applicaitons listed:
TCP Port 135, "DCOM RPC"
UDP Port 69, "TFTP"
The worm also attempts to perform a Denial of Service on windowsupdate.com. This is an attempt to disable your ability to patch you computer against the DCOM RPC vulnerability.
Click here http://securityresponse.symantec.com/avcenter/security/Content/8205.html for more information on the vulnerability being exploited by this worm and to find out which Symantec products can help mitigate risk from this vulnerability
Restarting the computer in Safe mode or ending the Worm process
Restart the computer in Safe mode. All the Windows 32-bit operating systems, except for Windows NT, can be restarted in Safe mode. For instructions on how to do this, read the document, "How to start the computer in Safe Mode."
Windows NT/2000/XP
To end the Trojan process:
Press Ctrl+Alt+Delete once.
Click Task Manager.
Click the Processes tab.
Double-click the Image Name column header to alphabetically sort the processes.
Scroll through the list and look for msblast.exe.
If you find the file, click it, and then click End Process.
Exit the Task Manager.
5. Reversing the changes made to the registry
CAUTION: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry, http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/199762382617 " for instructions.
Click Start, and then click Run. (The Run dialog box appears.)
Type regedit
Then click OK. (The Registry Editor opens.)
Navigate to the key:
HKEY_LOCAL_MACHINE\Softwar
In the right pane, delete the value:
"windows auto update"="msblast.exe"
Exit the Registry Editor.
Now apply the patch