MSBLAST virus and Gmax - WARNING

[Guest]

Hello to all,a quick warning to all GMax users, as of today, installing the security hotfix from MS number 823980, that blocks the exploit on the TCP port 135, makes GMax and 3DS Max totally unusable, corrupting .gmax and .max files, as explained here, on Discreet website:http://www.discreet.com/products/gmax/gmax_alert.htmlit seems MS and Discreet are working on a fix for this, but in the meantime, Discreet suggest not installing the fix.I verified this, if you install the fix, and just create an object in Gmax ( even a simple box ), and save it in a new file, you will not be able to load it back, and Gmax will say the file is corrupted, as all your previous Gmax files as well. As soon as you uninstall the fix, Gmax will work again.I don't know if Microsoft has already replaced this fix with a new one with the same name that doesn't corrupt .gmax files, or there will be a new fix for this, I tested this a couple of weeks ago, and I did have the problem.For those concerned with security: if you have a firewall that block the TCP port 135, there's no really need to install the security patch, because the exploit works only if the port is open, so it shouldn't affect users with correctly configured firewalls.

[Guest emergency_pants]

Thanks for the heads up. I'm a 3DMax designer by trade and have had some bad trouble in the last couple of weeks with corrupt files and explorer crashes with *.max file operations, move, rollover, etc. As I'm working on some heavy deadlines here, this has been proving an absolute nightmare. I've spent all this morning re-working files I was working on last week and yesterday!!!!!Looks like you found the answer.I checked out your link to the discreet pages and found the article. This also affects 3ds Max and Viz and probably some autodesk products too.Thanks for the info.Simon.

[Guest Barney1]

Don't you think that Discreet could be a little less discrete and tell us _why_ said fix causes the Gmax file corruption in the first place???? Why are only their files so affected from the MS fix?? What possible connection is there between Gmax files and the RPC fix? Can anyone suggest a reason? I find this more cause for alarm than the potential for RPC attack, quite frankly.

[Guest crashing_pilot]

>Don't you think that Discreet could be a little less discrete>and tell us _why_ said fix causes the Gmax file corruption in>the first place???? Why are only their files so affected from>the MS fix?? What possible connection is there between Gmax>files and the RPC fix? Can anyone suggest a reason? I find>this more cause for alarm than the potential for RPC attack,>quite frankly.uh...sure ....maybe they made the worm??dooh!

[Guest]

Barney,I don't have the slightest idea, but I've just received an e-mail from Discreet support ( I think it should reach all Gmax registered users as well ), that there's a temporary "fix for the fix", there's also a new web page for this:http://www.discreet.com/products/gmax/gmax_interim_fix.htmlquite annoying that one has to call Microsoft to download a fix (!), and this put we Europeans and everyone else outside US out of reach, because we surely can't call an 800 number from here.I wonder why they didn't put it on Windows Update, maybe this one breaks even more things than it fixes...brdgs,

[Guest Barney1]

As long as their computer is functioning, its no wonder that a lot of folks are reluctant to accomodate MS by d/l updates every time MS suspects a security hole, or for whatever reason. Like you say, if it fixes one thing and screws up another, what's the point??

[robert young 2,897]

In the meantime you can manually remove the virus by finding Msblaster.exe on your system and removing it, then to make sure open up the registry and delete all entries with "MSblaster" in it. You can also open Control Panel/Admin Tools/Service and find REMOTE PROCEDURE CALL, double click on it and in the "Recovery" dialogue menu choose "Take No Action". This will stop the virus closing Windows, but make sure you delete the virus anyway.Regards,Rob Young

[Guest JC2]

The reason that Microsoft requires you to call for this fix is because the fix has not yet been regression tested. Therefore, Microsoft records all people who receive it in case problems surface prior to the completion of testing.Jim

[ShezA 176]

Being a user of GMAX I have been following the developments of the 823980 patch at the Discreet forums, since I downloaded it last month and found the problem with GMAX file saving. I removed the patch and sure enough two days ago Mr MSBlaster paid a visit to my computer. I removed the virus with the Symantec fix. Went to the windowsupdate site and they said put in place the 823980 patch. I did (again) thinking the latest would have resolved the incompatibilty issue with GMAX but no...same issue. So I removed the patch again and everything was fine, but with a difference...(this is what I picked up for XP users), with the XP Firewall turned on there is no possibility of the virus infection as it closes the ports which the RPC uses and is the cause for MSBlaster to activate. I checked this and sure enough the virus had entered at the time when for some reason my firewall was deactivated. So there is a solution. This is just for XP users BTW.Just FYI.Shez

[Guest JC2]

If you don't have Windows XP, you can use any personal firewall product. If you're a broadband user and have a router installed on your network, you can block ports from there.Also, if you're using Windows Me, you are not affected.Jim