verclsid.exe - MS Verify Class ID

Does anybody knows how to manually uninstall these patch?
I can't see any entry for it into the Add/Remove applet of Control Panel...

 

Hi, Technical

Use Can always do a search [make sure that the search for hidden files is check, under More advanced options. then delete them and then do a regedit search and do the same, that what I did on XP x64, because it or should I say they as there is more then one entry, has they did not show up as your do not in Add/Remove.

Take Care,
TheQuest

 

Did u "checked" Show Updates box in Add/ Remove?

 

Thanks for the answer.

I've done before, the folder is:
C:\WINDOWS\$hf_mig$\KB908531
I can delete it but which other files are installed?

For what entries? Just KB908531...
I'm not that self confident that I won't mess Windows installation...

 

Hi, Technical

No, you should be searching for either verclsid or verclsid.exe in regedit. [you will get the same results]

Then should you try what aigle sugguested.

Take Care,
TheQuest

 

Thanks. I'll see this.

Oh, of course it's checked... It's not hidden. Other updates (and from other programs) are there... just that this particular one isn't

 

Having just encountered this issue myself, it does strike me as a particularly ineffective method of protection. Verclsid.exe will not check anything that is listed in the shell-extension "allow" list (as pointed out in KB 918165) so the only thing that a malware installer has to do is to ensure that it adds its extension to this list!

To protect against remote compromise, a more effective method is to block explorer.exe and iexplore.exe from Internet access using your favoured (non-MS) firewall and use an alternative browser (Firefox/Opera being good choices) for web access.

 

paranoid2000,

Some questions:

(1) So leaving the patch (with verclsid.exe) in place or unistalling the patch is pretty much a wash due to the meager protection it provides?

(2) How about setting up a restricted user account for internet access and/or using dropmyrights (or some similar program) when accessing the internet as an admin user?

 

I can't comment about the rest of the patch but verclsid.exe appears to be trivial to bypass. As far as using DropMyRights, etc goes, it is far better not to run as an Admin user for day-to-day use - create a limited user account and use the Run As option for those few programs that insist on Admin access (if these include games, then it is most likely the CD-Check that is the problem - install a No-CD patch if one is available).

 

MS06-015 / KB908531 is causing my Win XP Pro SP2 OS to COMPLETELY FREEZE intermittently. I am able to "SEE" this fact because I have GoBack 4 from Norton/Symantec installed on my system. I am forced to reboot my system when it freezes. I can then, after the reboot, start the Advanced Restore feature of GoBack 4 to see what the last file activity was on my OS just prior to the system's freezing (i.e., the file activity right before my latest system restart due to the reboot). When I check this file activity, right before the freeze itself occurred, I see VERCLSID.EXE was executing immediately prior to the system freeze! Prior to this Microsoft update, my system was completely stable; I could run it for days with no issues. Now, however, it freezes randomly, and it appears that VERCLSID.EXE is the culprit. Moreover, the freezes can occur right after my OS' sstars screensaveer is activated, when I try to use ACT!, or any number of other "random" activities I might be doing. Therefore, Microsoft's exceedintly limited list of "known" conflicting third-party applications is B.S.; there are myriads of conflicts, it appears to me. So, besides fixing this Microsoft pushed OS-breaking piece of sh't on the masses who use Windows XP, I suggest that Microsoft REPLACE its entire QA team for these OS updates. This is beyond unacceptable! Microsoft is making its OS crap rather than improving it for us all. Hmmm! I wonder... Could it be that Microsoft would like to break everyone's Windows XP OS's just in time to tell us about how great it would be for us to all migrate to Windows Vista? Now that's a thought!!!

 

fresh reinstall today brought this to my attention (via processguard)

so in effect we have a new little resource hog that has to verify every object yet is simple for real malware to circumvent by adding its extension to the allowed list. Just so Microsoft can keep its sacred cow of webview in explorer.

so its official classification would be?
1. spitball
2. glue
3. bailing wire
4. duct tape
5. gum