I lost the ability to copy files then paste them somewhere else in the system. I also can't delete files. If I can delete a file it is one at a time then the system stalls then the desktop refreshes then I can continue.
I have not added any drivers or programs but did let Norton do an Optization (sp) and noticed this a couple of days later.
I run XP Pro.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

It is a worm that causes this problem

What You Should Know About the Blaster Worm and Its Variants

first do this

Start > Run services
Double Click on Remote Procedure Call (RPC)
Click the Recovery tab
Set all three failure boxes to "Take No Action"

Then open the task manager Start > Run taskmgr and under the Processes tab look for msblaster.exe and if you find it end the task.


Removal tool


W32.Blaster.Worm is a worm that will exploit the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp using TCP port 135. It will attempt to download and run the file Msblast.exe.

You should block access to TCP port 4444 at the firewall level, and block the following ports, if they do not use the applicaitons listed:

TCP Port 135, "DCOM RPC"
UDP Port 69, "TFTP"

The worm also attempts to perform a Denial of Service on windowsupdate.com. This is an attempt to disable your ability to patch you computer against the DCOM RPC vulnerability.

Click here http://securityresponse.symantec.com/avcenter/security/Content/8205.html for more information on the vulnerability being exploited by this worm and to find out which Symantec products can help mitigate risk from this vulnerability

Restarting the computer in Safe mode or ending the Worm process
Restart the computer in Safe mode. All the Windows 32-bit operating systems, except for Windows NT, can be restarted in Safe mode. For instructions on how to do this, read the document, "How to start the computer in Safe Mode."

Windows NT/2000/XP
To end the Trojan process:
Press Ctrl+Alt+Delete once.
Click Task Manager.
Click the Processes tab.
Double-click the Image Name column header to alphabetically sort the processes.
Scroll through the list and look for msblast.exe.
If you find the file, click it, and then click End Process.
Exit the Task Manager.

5. Reversing the changes made to the registry

CAUTION: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry, http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/199762382617 " for instructions.

Click Start, and then click Run. (The Run dialog box appears.)
Type regedit

Then click OK. (The Registry Editor opens.)

Navigate to the key:


In the right pane, delete the value:

"windows auto update"="msblast.exe"

Exit the Registry Editor.

Now apply the patch
jdynanAuthor Commented:
Thanks for getting back. I will try what you say tomorrow as my email goes home and the problem is at work.
I have only one question on your directions and of course it's the first set of directions:
Start > Run services
Double Click on Remote Procedure Call (RPC)
Click the Recovery tab
Set all three failure boxes to "Take No Action"

I don't understand the Run services and can't find the RPC.

The rest of the instructions seem fine.
Thanks again.
Umm disregard that for now and we will revist it if need be.
The Five Tenets of the Most Secure Backup

Data loss can hit a business in any number of ways. In reality, companies should expect to lose data at some point. The challenge is having a plan to recover from such an event.


1. First of all its Start->Run->Services.msc   and not Run services

2. do these steps:
  click selective startup
  uncheck load startup items
  Hit Apply and Close

If problem goes away, it means one of the startup items which U disabled was the culprit
I know one such program and it is QuickFind Manager

jdynanAuthor Commented:
Thanks to Crazy One and Alex J.

Following the directions I did not find the MsBlaster.exe on the system. Tired the start up Alex suggested by unchecking the 4 blocks but it had no effect.

Sorry to be a  bother but I am trying my best not to reboot the system to correct.
Did you apply the patch though? You will have to reboot to see any of this stuff works. So how do you know AlexJ's suggestion didn't work? You won't know until you reboot.
jdynanAuthor Commented:
I did not run the patch but with your prompting I just completed the process.
I turned Sys Restore offDownloaded and ran fixblast.exe and none were found.
During this and the following procedures the sys was rebooted several times.
I reinstalled Norton System Works 2003 and ran all the live updates.
I also ran Anti-Virus and none were found.
Ran Win Doctor and no errors were found.
I have always installed the MS updates when available.
I just ran the latest update after turning System Restore back on.

It really is a strange problem.  I am able to do some copy and pasting but after any, say deleting of files, if I were to try to copy or do another delete the hour glass cursor shows up and after about 20 sec the screen refreshes but I still can't move say programs. I tried to move fixblast.exe from My Documents to another folder as a test and the problem shows up.

I hope that this is more helpful.
Thanks again for listening
Umm perhaps we are dealing with some spyware

Check for adware and sypware

spybot here



BHODemon and Hijack This and Browser Hijack Blaster
BHODemon | Think of BHODemon as a guardian for your Internet browser: it protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. This program is my choice for BHO detection and is highly recommended.

Browser Hijack Blaster | Running silently in the background, Browser Hijack Blaster only springs into action when an attempt is made. It watches and protects the following items: IE Homepage, IE Default Page, IE Search Page, BHOs. Whenver one of the above items is changed, or a BHO is added, you are immediately provided with information on the item, along with the option to keep the change, or revert to your previous settings.

Hijack This | Written by a member of our support forums and based on our Hijacked! article, this program scans the locations in your computer system that may be modified by browser hijackers and fixes any problems found. An easy-to-understand tutorial is available at TomCoyote.org.

General and overall information about Spy/Adware
jdynanAuthor Commented:
You're a trooper to stick with this.
I ran Ad-Aware yesterday and it found 26 "somethings" so they were quarantiened and deleted. No change.
I did just download and install two of your choices BHO and Hack Blaster.
Neither one suggested any changes and BHO only found three items and all were for normal programs I run.
Sorry no smoking gun.
I am starting to feel that my only choice is a reinstall of xp but I always dread that since, even though I partition my drive it's a pain to get back to where I was.

Try this first

Start > Run sfc /scannow
And if that doesn't work instead of doing a fesh install try this instead

How to Perform an In-Place Upgrade (Reinstallation) of Windows XP

Visual aid to the above procedure
Click on How To Run a Repair Install

You May Lose Data or Program Settings After Reinstalling, Repairing, or Upgrading Windows XP

Data Loss May Occur After Reinstalling, Repairing, or Upgrading Windows XP

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jdynanAuthor Commented:
Thanks I'll try it on Friday and let you know.

jdynanAuthor Commented:
Thanks to Crazy One.
I tried all the suggestions but I fear that whatever caused the condition was above repair. In desperation I rebooted XP which, of course wiped the C drive. It was not a big loss thanks to Partition Magic. At least now I can move files around, good t hing since I have a budget due on Monday that I could not transfer to a floppy to work on this weekend.
You were a trooper and I just wanted to let you know how much I apperciated your attention.

Alex J did his part and I also extend my thanks to his input.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows XP

From novice to tech pro — start learning today.