here's how I get rid of it :

disconnect internet
kill blast.exe process
remove windows/system32/msblast.exe
run symantec fixblast.exe
reboot
don't connect to the net !!

Then install sygate personnal firewall (free). blast come on port 135 via svchost service, just block it !

While waiting for final ms patch.hotfix :thumbsdow

Kib

yup

The slippery Little Bugger has got me.

My whole company is infected.

We killed msblast.exe using a removal tool. Then ran the windows patch. It's all ok now, and max runs fine. No file corruption.

Windows 2000, SP3
Max 5.1

Removed worm from system using: "Fixblast.exe"

Windows update: "Windows2000-KB823980-x86-ENU.exe"

Thought i'd mention that, as I was about to poop a brick on this one.

-3DZ

:D

3d zealot...be careful with that hotfix...you wont notice it on systems with it but if you try and transfer the max files from systems with that fix to ones that dont have it then you will have problems...this is the hotfix that causes problems with max files...which is why i didnt have it installed.

we only installed the fix on machines that had net access and didnt use max files, and made sure any max machines didnt access the net

there is a patch to the patch but MS distribute it by phone request, and their phones are swamped at the moment..(suprise)

the good news is it does little or no damage, its just an annoyance...

more info:

PROBLEM:

The Microsoft Hotfix 823980 which has been made available through Windows Update to all Windows 2000 and XP operating systems and service packs causes the corruption of gmax (.gmax) files.

As a result, all .gmax files saved with the Windows Hotfix 823980 installed will no longer load in gmax on systems without the fix.

WHO IS AFFECTED:

The following operating systems configurations will experience gmax file corruption:
Windows 2000 Service Pack 4 Hotfix KB 823980 under XP Hotfix KB 823980 under Win2K SP3 or lower Note: we previously thought this problem extended to Windows NT 4 SP6 but have found under further testing that it does not affect users on that Windows version.
RESOLUTION:

According to Microsoft, Hotfix 823980 addresses potential security issues in its operating system. As such, if you anticipate picking up Hotfix 823980 some time in the future - either manually or via automatic Windows updates through WinUpdate, you may consider updating to Hotfix 823980 now, and ALSO IMMEDIATELY follow the instructions below for adding the latest Hotfix described to address the .gmax file corruption issue.

For those of you who have updated to Hotfix 823980 or Windows 2000 Service Pack 4 and encounter the problem described above, Microsoft has a new, early-version Hotfix available.

For access to this early Hotfix, customers can call 800-936-4900 and request Hotfix - Q824136 for Windows 2000 or Windows XP.

You will be asked to provide your Name, Email and Zip Code, then the ~1Mb Hotfix will be sent to you via email attachment within about 10-15 minutes. The fix will only install if you have previously installed one of the affected hotfixes or service packs listed above in the "Who is Affected" section.

WARNING - be sure to back-up any critical data on your system before installing the new MS Hotfix.

After installation of the new Hotfix Q824136, you should open and resave any affected files.

This Hotfix is expected to be fully tested and officially released through Microsoft within a couple of months.

This new Hotfix is also available for some localized language versions of Windows. When requesting the Q824136 Hotfix, make sure to request the language that matches your installation of Windows.

We are actively working with Microsoft to provide contact information outside of the U.S. and Canada. Check the Discreet gmax Support site at http://www.discreet.com/products/gmax/, for more information when it becomes available.

WARNING - be sure to back-up any critical data on your system before installing the new MS Hotfix, or implementing any alternative work-arounds.

:rolleyes:

You can check if your system is vulnerable to it with this site , it runs a test and gives you the result.

Open : BAD
Stealth,Closed : GOOD

http://grc.com/x/portprobe=135


greets

I used the removal tool and it didn't find it. But I know I got the reboot message the other day, altho since I turned the modem off maybe it didn't infect me. Whatever the case, everything seems fine for now.

It's a good thing Microsoft doesn't make airplanes, because they would crash.

Originally posted by Phil "Osirus"
It's a good thing Microsoft doesn't make airplanes, because they would crash.
Muahahaha...lol..:beer:

This thread has been automatically closed as it remained inactive for 12 months. If you wish to continue the discussion, please create a new thread in the appropriate forum.