Solved

LOST THE ABILITY TO COPY, PASTE OR DELETE.

Posted on 2003-11-12
13
2,284 Views
Last Modified: 2008-03-06
I lost the ability to copy files then paste them somewhere else in the system. I also can't delete files. If I can delete a file it is one at a time then the system stalls then the desktop refreshes then I can continue.
I have not added any drivers or programs but did let Norton do an Optization (sp) and noticed this a couple of days later.
I run XP Pro.
Thanks
John
0
Comment
Question by:jdynan
  • 6
  • 6
13 Comments
 
LVL 44

Expert Comment

by:CrazyOne
ID: 9733045
It is a worm that causes this problem

What You Should Know About the Blaster Worm and Its Variants
http://www.microsoft.com/security/incident/blast.asp

first do this

Start > Run services
Double Click on Remote Procedure Call (RPC)
Click the Recovery tab
Set all three failure boxes to "Take No Action"

Then open the task manager Start > Run taskmgr and under the Processes tab look for msblaster.exe and if you find it end the task.

then

Removal tool
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html
Download
http://securityresponse.symantec.com/avcenter/FixBlast.exe

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

W32.Blaster.Worm is a worm that will exploit the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp using TCP port 135. It will attempt to download and run the file Msblast.exe.

You should block access to TCP port 4444 at the firewall level, and block the following ports, if they do not use the applicaitons listed:

TCP Port 135, "DCOM RPC"
UDP Port 69, "TFTP"

The worm also attempts to perform a Denial of Service on windowsupdate.com. This is an attempt to disable your ability to patch you computer against the DCOM RPC vulnerability.

Click here http://securityresponse.symantec.com/avcenter/security/Content/8205.html for more information on the vulnerability being exploited by this worm and to find out which Symantec products can help mitigate risk from this vulnerability

Restarting the computer in Safe mode or ending the Worm process
Restart the computer in Safe mode. All the Windows 32-bit operating systems, except for Windows NT, can be restarted in Safe mode. For instructions on how to do this, read the document, "How to start the computer in Safe Mode."

Windows NT/2000/XP
To end the Trojan process:
Press Ctrl+Alt+Delete once.
Click Task Manager.
Click the Processes tab.
Double-click the Image Name column header to alphabetically sort the processes.
Scroll through the list and look for msblast.exe.
If you find the file, click it, and then click End Process.
Exit the Task Manager.

5. Reversing the changes made to the registry

CAUTION: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry, http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/199762382617 " for instructions.

Click Start, and then click Run. (The Run dialog box appears.)
Type regedit

Then click OK. (The Registry Editor opens.)

Navigate to the key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

In the right pane, delete the value:

"windows auto update"="msblast.exe"

Exit the Registry Editor.


Now apply the patch
0
 

Author Comment

by:jdynan
ID: 9735915
Thanks for getting back. I will try what you say tomorrow as my email goes home and the problem is at work.
I have only one question on your directions and of course it's the first set of directions:
Start > Run services
Double Click on Remote Procedure Call (RPC)
Click the Recovery tab
Set all three failure boxes to "Take No Action"

I don't understand the Run services and can't find the RPC.

The rest of the instructions seem fine.
Thanks again.
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 9735925
Umm disregard that for now and we will revist it if need be.
0
 
LVL 7

Expert Comment

by:AlexJ
ID: 9735990

HI
1. First of all its Start->Run->Services.msc   and not Run services

2. do these steps:
  start->Run->MSCONFIG
  click selective startup
  uncheck load startup items
  Hit Apply and Close
  Reboot

If problem goes away, it means one of the startup items which U disabled was the culprit
I know one such program and it is QuickFind Manager

0
 

Author Comment

by:jdynan
ID: 9739477
Thanks to Crazy One and Alex J.

Following the directions I did not find the MsBlaster.exe on the system. Tired the start up Alex suggested by unchecking the 4 blocks but it had no effect.

Sorry to be a  bother but I am trying my best not to reboot the system to correct.
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 9740384
Did you apply the patch though? You will have to reboot to see any of this stuff works. So how do you know AlexJ's suggestion didn't work? You won't know until you reboot.
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 

Author Comment

by:jdynan
ID: 9741071
I did not run the patch but with your prompting I just completed the process.
I turned Sys Restore offDownloaded and ran fixblast.exe and none were found.
During this and the following procedures the sys was rebooted several times.
I reinstalled Norton System Works 2003 and ran all the live updates.
I also ran Anti-Virus and none were found.
Ran Win Doctor and no errors were found.
I have always installed the MS updates when available.
I just ran the latest update after turning System Restore back on.

It really is a strange problem.  I am able to do some copy and pasting but after any, say deleting of files, if I were to try to copy or do another delete the hour glass cursor shows up and after about 20 sec the screen refreshes but I still can't move say programs. I tried to move fixblast.exe from My Documents to another folder as a test and the problem shows up.

I hope that this is more helpful.
Thanks again for listening
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 9741208
Umm perhaps we are dealing with some spyware

Check for adware and sypware

spybot here
http://spybot.safer-networking.de/
Download
http://spybot.safer-networking.de/index.php?lang=en&page=download

AdAware
http://www.lavasoftusa.com/

Spycop:
http://www.spycop.com/

BHODemon and Hijack This and Browser Hijack Blaster
http://www.spywareinfo.com/downloads.php?cat=sp#det
BHODemon | Think of BHODemon as a guardian for your Internet browser: it protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. This program is my choice for BHO detection and is highly recommended.

Browser Hijack Blaster | Running silently in the background, Browser Hijack Blaster only springs into action when an attempt is made. It watches and protects the following items: IE Homepage, IE Default Page, IE Search Page, BHOs. Whenver one of the above items is changed, or a BHO is added, you are immediately provided with information on the item, along with the option to keep the change, or revert to your previous settings.

Hijack This | Written by a member of our support forums and based on our Hijacked! article, this program scans the locations in your computer system that may be modified by browser hijackers and fixes any problems found. An easy-to-understand tutorial is available at TomCoyote.org.

General and overall information about Spy/Adware
http://www.cexx.org/adware.htm
0
 

Author Comment

by:jdynan
ID: 9741446
You're a trooper to stick with this.
I ran Ad-Aware yesterday and it found 26 "somethings" so they were quarantiened and deleted. No change.
I did just download and install two of your choices BHO and Hack Blaster.
Neither one suggested any changes and BHO only found three items and all were for normal programs I run.
Sorry no smoking gun.
I am starting to feel that my only choice is a reinstall of xp but I always dread that since, even though I partition my drive it's a pain to get back to where I was.

John
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 9743766
Try this first

Start > Run sfc /scannow
0
 
LVL 44

Accepted Solution

by:
CrazyOne earned 250 total points
ID: 9743776
And if that doesn't work instead of doing a fesh install try this instead

Repair
How to Perform an In-Place Upgrade (Reinstallation) of Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;315341

Visual aid to the above procedure
http://www.webtree.ca/windowsxp/repair_xp.htm
Click on How To Run a Repair Install

You May Lose Data or Program Settings After Reinstalling, Repairing, or Upgrading Windows XP
http://support.microsoft.com/default.aspx?scid=kb;EN-US;312369

Data Loss May Occur After Reinstalling, Repairing, or Upgrading Windows XP
http://support.microsoft.com/default.aspx?scid=kb;EN-US;312368
0
 

Author Comment

by:jdynan
ID: 9744015
Thanks I'll try it on Friday and let you know.

0
 

Author Comment

by:jdynan
ID: 9751832
Thanks to Crazy One.
I tried all the suggestions but I fear that whatever caused the condition was above repair. In desperation I rebooted XP which, of course wiped the C drive. It was not a big loss thanks to Partition Magic. At least now I can move files around, good t hing since I have a budget due on Monday that I could not transfer to a floppy to work on this weekend.
You were a trooper and I just wanted to let you know how much I apperciated your attention.

Alex J did his part and I also extend my thanks to his input.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Functional Level 2012 R2 and XP 3 139
Dell Latitude D610 will not boot up. 71 190
Backup Window XP mode 6 119
Which browser works with XP 16 103
Disclosure: Use this tutorial only when no other options helps to get Windows XP running without any problems and you don't want to format the drive. The back up of the data is the responsible of the user, however there is a description of how t…
If your system is showing symptoms of browser hijacks or 'google search redirects' check out my other article (http://rdsrc.us/u3GP7A) first and run the tool TDSSKiller (http://rdsrc.us/GDBBs4) to get rid of the infection. Once done, and if the …
Concerto provides fully managed cloud services and the expertise to provide an easy and reliable route to the cloud. Our best-in-class solutions help you address the toughest IT challenges, find new efficiencies and deliver the best application expe…
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now