verclsid.exe - MS Verify Class ID

Hi,

I am new to the forum and have used ProcessGuard for over a year. Great product!

Updated MS Windows XP Pro and Home last night on my PCs. After downloading and installing the updates and prior to rebooting, I enabled ProcessGuard, except for blocking new applications. After the reboot, a ProcessGuard window popped up requesting action on the following executable: "verclsid.exe" located in C:/Windows/System32.

This file is identified in Windows Explorer as Verify Class ID from Microsoft Corporation with a file version of 5.1.2600.2869 and create date of 3//16/2006.

I have done a google and yahoo search on this executable and no results were returned.

My assumption is that this is a new executable and is not a concern as it is very likely associated with the most recent MS update. However, I thought I would see if anyone else has encountered it.

Thanks,

bktII

 

Im receiving the same alert, just since the MS updates yesterday.

 

I set PG to learning mode and disable the four protection items (global hooks, etc.) and disable RegDefend until the updates are installed and I rebooted. That saves a lot of popups. I leave my firewall, anti-virus and anti-trojan running. I reenable all protection after the reboot.

 

I have been getting queries from Process Guard and Kerio firewall on this .
It is a new file that came with the updates and these updates have rendered my 2 machines useless.

I had to perform System restore on both machines to get back to a useable state.

Explorer hangs/ freezes ,menu buttons fail to work,called Thunderbird to read email and Spybot S+D opened

Browser Go buttons failed, could only call addresses from the favourites list and the system kept hanging/locking up, all in all there were so many problems I had to restore both PC's and turn off updates.

There are already posts at Microsoft forums.

 

Ditto....and no info on the item yet.

 

Ditto here too.
Searches @ MS support site yields no clues. (jeez).

[MOVE]Microsoft: What do you want to patch today?[/MOVE]

 

The "offending " update appears to be KB 908531.

I have downloaded and installed all but this one and everything "seems" ok.

One post I found at MS forums had the user renaming Verclsid.exe each time a problem occurred.

Several have posted that they have uninstalled KB 908531.

There are a lot of very unhappy people out there today!

 

Does this update contain any security-related changes to functionality?
Yes. Besides the changes that are listed in the "Vulnerability Details" section of this bulletin, this update includes the following changes in security functionality:

• This security update introduces a new file, Verclsid.exe. Verclsid.exe is used to verify a COM object before it is instantiated by Windows Explorer.

• This security update includes a Defense in Depth change which ensures that prompting occurs consistently in Internet zone drag and drop scenarios.

http://www.microsoft.com/technet/security/bulletin/ms06-015.mspx

 

Thanks Mem,

This URL must not have been "up" when I posted this A.M.

I repeated my google search and it, and nothing else, was returned.

bktII

 

Hi,

I dont know for sure what caused the similar problem. Firefox got done rendering pages with empty and only got some pages actually done. IE was also. I had to restore the whole thing to have the box working.

Thx for who helps on this.

 

This A.M. I ran Crap Cleaner, ccleaner.exe, to clean up some files on my PC and received 3 warnings from my software firewall, Kerio Personal Firewall (I have application blocking enabled), that verclsid.exe was trying to run.

I manually allowed the application to run each time. The files to be deleted were mostly backup, *.bak, files.

Are COM objects instantiated by Windows Explorer when deleting files?

Thanks

 

Additional information:

Running Faronics System Cleaner, a standalone executable, and ToniArts EasyCleaner, an installed execuatable (as is Crap Cleaner), do not "kick off" verclsid.exe.

The following link "Creating a Disk Cleanup Handler":

http://msdn.microsoft.com/library/e...ell_int_extending/disk_cleanup.asp?frame=true

includes the following statement "As with all COM objects, the handler object's globally unique identifier (GUID) and dynamic-link library (DLL) must be registered under the CLSID key in HKEY_CLASSES_ROOT."

This variation in behavior may be indicative of the design/impementation choices made by the programmers responsible for these various cleanup tools?

 

MICROSOFT are aware of the problem with KB908531 and have told users to remove this update,they are working on a replacement .

 

Re: verclsid - MS Verify Class ID

Can you tell me where you saw that Microsoft is aware of the problem and working on a replacement? I can not find this information anywhere on MS's site. Thank you.

 

Hi bktII,

I've moved your thread from the Process Guard forum over into this forum (Other Security Issues) as the subject pertains to problems associated with the recent MS Security Update KB908531 (which introduced the new file verclsid.exe) causing problems with quite a few programs, and not PG specific.

As Upasaka has mentioned, Microsoft is aware of the issue and hopefully will address it quickly.

There is also an on-going thread at DSLR that you can follow, where other's have reported issues with this update along with adding comments on possible workarounds.

Avoiding that particular update (KB908531) for the time being, or if you have already installed it and having issues, then uninstalling it via the Add/Remove applet seems to be the way to go for now.

Regards,

snap

 

Snap,

Thank you for the note. You are quite right to move the thread as it has indeed drifted away from ProcessGuard.

Unlike others, I am having no particular problems yet with the update; just some behavior that I am unable to figure out (due to my somewhat paranoid nature). As I use Opera, Firefox and OffByOne for internet browsing, Thunderbird for email and vlc media player for streaming audio, I have had no bad experiences with anything after the update; yet. Also, I have been spending a lot of time in the Linux world (Ubuntu and Fedora) the last 2-3 months so I haven't completely exercised all of my Windows applications after the update and probably will not anytime soon. Waiting for Microsoft's next patch will be fine.

I like your avatar!

bktII

P.S. I have been monitoring other posts and threads outside of Wilders and a number of people have said that it was ProcessGuard that first brought their attention to verclsid.exe. This speaks very highly of the folks at DiamondCS as well as the Wilders ProcessGuard forum. Keep up the good work!

 

Microsoft seem to think that most of the trouble stems from a conflict with HP software.............does anyone have these problems that is NOT using HP of any kind ??


See this post at the MS update forum.................

http://www.microsoft.com/windowsxp/expertzone/newsgroups/reader.mspx?dg=microsoft.public.windowsupdate&tid=f836f340-c560-4554-a9e7-6bf3fb7d491d&lang=en&cr=US&p=1

 

Well the DSLR thread is an interesting read.

Removing HP software does appear to "FIX" the problem HOWEVER there are just as many people posting that DO NOT have HP software and are having major problems.

Paint shop Pro ,Acronis and other software are also affected as is VB6.

My sons machine was affected so badly he could not use it as were my neighbours 3 machines, none of these have any HP software .

 

I had problems with context menu on my desktop after klick on right mouse button to desktop.
The context menu was not activated.
After uninstalling service pack with number KB908531 from my operating system all functions are O.K. now .

pan Jan

 

Hi all
There is now a registry fix.
here
http://www.dslreports.com/forum/remark,15875820~start=60#end
(link supplied by auggy over at dsl) which gives the link to here
http://groups.google.com/group/micr...inetexplorer.ie6.browser/msg/094143b42d0c3ca2
Either option 1 or 2 does work.
I ended up using Option #1, and all my problems are now fixed.
Hope that helps
Cheers

 

BTW, i have got this update and no significant problem so far. I have Toshiba satellite M70.
Running Antivir and ZA Pro.

 

Hi Snap and all;

removing KB908531 actually only removes the installed programs identifier. PROCESSGUARD still flags it as I clicked BLOCK ALWAYS and it just keeps trying to load after removing the program. You have to do a verclsid.exe search, delete the four files and the prefetch identifier plus remove it from PROCESSGUARD.

pk

 

Wow!

"It also downplayed the difficulties. "Our information at this time leads us to believe that this is having little to no impact on corporate networks," wrote Mike Reavey, operations manager of the Microsoft Security Response Center, on the group's blog.

I guess home users don't matter?!

"To correct the conflict, Microsoft only offered a workaround that required users to dive into the Windows registry, then add an entry there. If the registry becomes corrupted or is improperly edited, the affected PC may not boot into Windows.

I would guess that most home users would not be comforable diving into the Windows registry. It is something that I do not take lightly. Myself, I would just restore the partition if I could not get back in; but most home users are not likely set up to do this.

"Microsoft blamed the problems on Hewlett-Packard software for scanners, cameras, and printers, but also said that Sunbelt Software's Kerio Personal Firewall prevented a recrafted Verclsid.exe file from executing.

HP is a MS "partner". You get MS Windows with a PC by default. Kerio Personal Firewall only works on Windows, has been around for a long time and has a reasonably large user base.

Seems like MS needs to concentrate their efforts on software quality assurance for their OSs and applications. They should leave security software (i.e., firewalls, antivirus, antispyware) to the experts. They are spread way too thin.