PCA Forums

The funnyest thing started happening today! I was minding my own buisness when svchost.exe crashed!!!! after the anouying little error message went away I thought nothing more of it, until my connection started boogering up as usual, so I tried to press the F1 key (used as a shortcut key to open up the ISP dialup account I created) and it wouldn't show up! I then noticed other strange things, like the control pannel menu was on the wrong side of the window and I couldn't copy files over to another directory. finding this all very strange, I rebooted with a few profaine words going out to mr. M$ -bill gateS everything worked fine, until I was connected for about 10 minutes, again svchost crashes! I now belive someone has found an exploit (Not hard to do!) and is trying to get my face red with anger. I reinstalled windows just to see if that would solve things, and it didn't....

Any resons for windows 2K pro to behave in this manner would be nice to know. any solutions, would be better!

thanks as always everyone for the help!

I think good sir your search should start and end in this thread,


http://www.pcabusers.net/forums/showthr ... adid=28960




Good ol FP has your medicine.

once ur infected most likely it wont allow you to install the patch.

i know i have a box thats infacted...

I belive your correct, port 139 is blocked at the moment, so it wont give me problems for now. it didn't quite behave in the manner discribed by FP eather way, I still have it! removal will be swift and painless, thanks for the information.

Once infected you can't use Windows Update, but you can still download the patch manually. I have a link in the main thread.

The virus is easy to disable, but you need to install the patch first to keep from being r-enfected. Also you may need to enable the XP firewall to keep your system from rebooting while online (it blocks the port 135 attacks).

To remove the virus go to taskmanager, stop the process MSBLAST and then uncheck MSBLAST.EXE from the startup tab in MSCONFIG. Find the MSBLAST.EXE file (it's in \windows\system32) and delete it.

Reboot and check MSCONFIG again to make sure it's still unchecked.

Wouldn't hurt to do a full virus scan afterwards to make sure it's all gone and that some other virus didn't piggy-back.

NOTE: On servers it seems to do a lot more damage - replacing several services.

Our company got hit with this yesterday and today. Hard to believe that this fix was released several weeks in advance, yet our company IS department never installed it.