verclsid.exe - MS Verify Class ID

On my Windows 2000 machine at home, until a week ago I could navigate to a web page by entering "www", etc. Suddenly I had to start preceding "www" with "http://" in order to go to the desired page. Not that it was a big deal to type those few extra characters, but it was certainly strange behavior. After reading your posts today I uninstalled KB 908531. Now I no longer have to enter "http://". Thanks everyone.

On my XP machine at work, I have noticed in the last few days that it takes "forever" using the "Save" or "Save Attachments" options in Outlook to navigate to a desired location. The computer just sits there for about a minute each time I change drive letters, folders, etc. From what Microsoft is reporting about 908531 I may just try uninstalling this patch from that machine as well to see if it resolves this problem.

 

This is interesting...

http://virusinfo.prevx.com/pxparall.asp?PXC=76a216915734

VERCLSID.EXE
POTENTIAL MALWARE PROFILE, ANALYSIS, REMOVAL AND SIGNATURE INFORMATION:
DEFINITION OF: VERCLSID.EXE
Safety Rating: Possible Malware, exercise extreme caution
Malware Family: Possibly part of Malware group - Haxdoor RootKit
VIRTUALLYJENNA-2.017.002-CRACKED.EXE(153)

bktII

 

Hi
I have had this ton start up PG asked me if I wanted to let it run. As it was new I denied and the PC would not open IE. Said there was not enough resources to do so. I went to system 32 looked at properties saw it was MS and allowed it to run and rebooted and the PC works OK. I think it is legit file but I will be watching this thread. Thanks for all the posts and info
Regards
perrywynkles

 

Hi again
Having read this link I am not so sure. Could it be ,malware and have Microsoft as vendor in properties. Could MS be faked? What to do?

 

I started a thread on the CastleCops Prevx1 forum on this analysis of verclsid.exe:

http://castlecops.com/t152437-Microsoft_verclsid_exe_Prevx_Virus_Info.html

bktII

 

No direct response from anyone at CastleCops, but the Prevx safety rating of verclsid.exe was changed as follows:

"Safety Rating: Safe"

at this same link:

http://virusinfo.prevx.com/pxparall.asp?PXC=76a216915734

Good to have the conflicting information removed. Also good to get a completely clean analysis.

bktII

 

I too have experence this. But I just removed the update and all the problems were solved.

 

I have recently been rolling out the problematic update over the last few days and have had no reports of problems untill today when a user reported he could not open documents in office using the "open " option....word/excel would simply hang.

I checked his running processes and found verclsid.exe was running about 10 times so on ending that it worked fine.

I did a search and someone suggested renaming the file in c:\windows\system32\ which I have done....now why would one person be getting this issue...are there any issues with me renaming the file?

Cheers all

 

Davooo,

Don't know about issues associated with renaming verclsid.exe (try a Google search), but Microsoft has issued a support document regarding this issue, "Problems in Windows Explorer or the Windows shell after you install security update MS06-015" located here:

http://support.microsoft.com/kb/918165

In this document, they recommend a registry modification to resolve the issue, which I have not tried either.

I have had no problems with this particular update and I have 2 HP PCs (1 desktop and 1 notebook) and use Kerio Personal Firewall (licensed) on both. However, I do not have HP's Share-to-Web software running on either PC.

bktII

 

Good thanks bktII and well done all for the rapid response to the potential threat. And well done to PG for alerting me

 

Several days ago I encountered a problem where ANY MS Office application or any app ties to it would stop responding during a SAVE or opening a folder. I wrestled with the problem for hours and hours trying to determine a cause. I finally broke down and called MS. They had the problem fixed in less than 60 seconds with the following file named: KB908531_allfix-XP.reg

I have attached the file in this message. I would list the contents but I fear an in-experienced user may try a straight cut and paste which could have devistating results.

 

Microsoft playing the blame game again? Well I have one person who has the update on her PC and has about three HP network printers mapped on her PC who does not have a problem and I have another with a HP printer mapped who also has the update and his PC freezes when he is in word and tries to open another word document using file --> open. He is able to open it if he uses windows explorer. He also has this issue when openning any Microsoft Office products only.

 

I would recommend applying the .reg file and everything should be ok. Microsoft is not charging for support calls on this issue. If you call in you will be put through the normal per-incident support charge ($35) but it can be reversed so you won't get charged.

I don't think its a blame game at all. I think most people fail to realize how interconnected operating systems are between the hardware to OS to Software and the infinite combinations therein.

15 years professionally in IT has taught me that end users are the ultimate AND final beta testers. Any OEM from MS, Novell, Sun, Oracle, Cisco, IBM or so on will tell you that.

Not that MS isn't without its flaws...

 

See this new thread/post by ronjor:

"Microsoft to Re-Issue Windows Security Patch" here:

https://www.wilderssecurity.com/showthread.php?t=128670

This reissue is for the original patch that included verclsid.exe.

The link in ronjor's post references the reg script provided by Kermit.

bktII

 

I have received the same update without any issues. Should I worry for any issues in future. Thanks.

 

aigle,

From the link in ronjor's post (see above):

bktII

 

But I have auto-update and I think it will install itself. BTW what is the harm to install it.

 

"Microsoft's automatic update services will be able to detect whether or not users require the revised patch and will only offer the software to users who need it. "If you have already installed MS06-015 and are not having the problem, there's no action here for you," Toulouse says."

http://www.pcworld.com/news/article/0,aid,125507,00.asp

 

Understand that the problem is GENERALIZED by saying "A problem with HP software". The full story is that it is specific HP software pertaining to their scanners and cameras. In my case I have both scanner and camera software that falls square into the affected line. Again, note that it is the software that goes with the hardware, not the (HP) hardware itself. Unfortunatly, I don't have the link handy that lists the software to include in this post. If anyone has it could you post a reply with it.

As annoying as this problem is, it still doesn't beat the MS/Compaq CPQARRY.SYS debacle that occured with NT4 Server and SP4 that occured in the late 90's. That one torpedpoed THOUSANDS of NT4 servers and left them unable to boot until the file was replaced. The file was buried in the SYSTEM32 directory and if you had an NTFS boot partition you were screwed. This was back before anyone had an NTFS boot floppy program.

 

Well, I recieved the latest new updates from MS Autoupdate, and I'm getting the same old verclsid.exe problem again (not as frequent though) where Kerio 4 keeps bugging me for permissions. Previously, I removed the update, but I think it has been renamed and changed now, so I can't seem to get rid of it! Just curious, but is anyone else experiencing the same problem? Also, should I start making several permits for Kerio and verclsid or try removing it again?

 

SwordOfSecurity,

Have a look at "You may experience problems in Windows Explorer or in the Windows shell after you install security update MS06-015" (the original patch) here:

http://support.microsoft.com/kb/918165

Just check the Kerio application alert to automatically allow verclsid.exe when its gets executed the next time. Or go to Kerio configuration and find your way to Intrusions -> Application Blocking Behavior -> Advanced -> Applications and enable verclsid.exe to start automatically.

With regard to uninstalling the patch, Microsoft warns against this action as this patch protects against the following:

Regards,

bktII

 

I have a similar problem but I do not have Kerio or ProcessGuard on my system at all.

Mine occours any time I right-click the desktop. THe hourglass pops up and I see verclsid.exe running. Once i kill it, the shortcut menu will open, but the very next time I try it...it does it again.

So let me get this straight...the fix for this problem is to uninstall the KB908531 patch and all is well? or did I read that there is another update available that will fix this?

 

Capp,

Have a look at the last post by aigle (above) and peruse the information at the link provided.

Also have a look at "You may experience problems in Windows Explorer or in the Windows shell after you install security update MS06-015" (the original patch) here:

http://support.microsoft.com/kb/918165

Then try Microsoft update again (esp. the "new and improved" patch) and see if it fixes your problem.

bktII

 

Here is some research done on this verclsid.exe

Verclsid.exe Details:
Verclsid.exe is used to verify a COM object before it is instantiated by Windows Explorer...it's a new file, and was included in a recent "service pack" and is now the cause of a critical update needed for nearly every machine on the planet.

Verclsid.exe Breakdown:
MS pushed the file a part of a patch. That patch now needs a patch due to this item. MS has pushed it out - results vary.

This is a fix that has worked:
On XP OS(s) -
1) go to C:\WINDOWS\System32
2) Create a folder (recommend calling it VERCLSID_OLD in case you need to find the original later)
3) Browse the System32 directory, remove the verclsid.exe from System32 and put it into the new folder
4) Rename the verclsid.exe to verclsid.old and leave it there.

Office an other application will run smoothly as a result.
More information can be provided if need be - best of luck I.T. people.


Here's some links to other references:
http://www.microsoft.com/technet/security/Bulletin/ms06-015.mspx
http://www.ciac.org/ciac/bulletins/q-172.shtml (same info as above)

Forum information:
https://www.wilderssecurity.com/showthread.php?p=726067 (this one is good)
http://www.dslreports.com/forum/remark,15886168?hilite=verclsid

 

This is a fix that has worked:
On PreXP OS(s) -
1) go to C:\WINNT\System32
2) Create a folder (recommend calling it VERCLSID_OLD in case you need to find the original later)
3) Browse the System32 directory, remove the verclsid.exe from System32 and put it into the new folder
4) Rename the verclsid.exe to verclsid.old and leave it there.

In addition I've heard there are some kind of registry edits that can be done in order to resolve the issue - unsure at this time of the details of that fix.