verclsid.exe - MS Verify Class ID

Discussion in 'other security issues & news' started by bktII, Apr 12, 2006.

Thread Status:
Not open for further replies.
  1. Technical

    Technical Registered Member

    Joined:
    Oct 12, 2003
    Posts:
    471
    Location:
    Brazil
    Does anybody knows how to manually uninstall these patch?
    I can't see any entry for it into the Add/Remove applet of Control Panel... :(
     
  2. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,304
    Location:
    Kent. UK by the sea
    Hi, Technical

    Use Can always do a search [make sure that the search for hidden files is check, under More advanced options. then delete them and then do a regedit search and do the same, that what I did on XP x64, because it or should I say they as there is more then one entry, has they did not show up as your do not in Add/Remove.

    Take Care,
    TheQuest :cool:
     
  3. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,130
    Location:
    Saudi Arabia/ Pakistan
    Did u "checked" Show Updates box in Add/ Remove?
     
  4. Technical

    Technical Registered Member

    Joined:
    Oct 12, 2003
    Posts:
    471
    Location:
    Brazil
    Thanks for the answer.

    I've done before, the folder is:
    C:\WINDOWS\$hf_mig$\KB908531
    I can delete it but which other files are installed?

    For what entries? Just KB908531...
    I'm not that self confident that I won't mess Windows installation... :(
     
  5. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,304
    Location:
    Kent. UK by the sea
    Hi, Technical

    No, you should be searching for either verclsid or verclsid.exe in regedit. [you will get the same results]

    Then should you try what aigle sugguested.
    Take Care,
    TheQuest :cool:
     
    Last edited: Apr 30, 2006
  6. Technical

    Technical Registered Member

    Joined:
    Oct 12, 2003
    Posts:
    471
    Location:
    Brazil
    Thanks. I'll see this.

    Oh, of course it's checked... It's not hidden. Other updates (and from other programs) are there... just that this particular one isn't :thumbd:
     
  7. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Having just encountered this issue myself, it does strike me as a particularly ineffective method of protection. Verclsid.exe will not check anything that is listed in the shell-extension "allow" list (as pointed out in KB 918165) so the only thing that a malware installer has to do is to ensure that it adds its extension to this list!

    To protect against remote compromise, a more effective method is to block explorer.exe and iexplore.exe from Internet access using your favoured (non-MS) firewall and use an alternative browser (Firefox/Opera being good choices) for web access.
     
  8. bktII

    bktII Registered Member

    Joined:
    Apr 12, 2006
    Posts:
    224
    paranoid2000,

    Some questions:

    (1) So leaving the patch (with verclsid.exe) in place or unistalling the patch is pretty much a wash due to the meager protection it provides?

    (2) How about setting up a restricted user account for internet access and/or using dropmyrights (or some similar program) when accessing the internet as an admin user?
     
  9. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    I can't comment about the rest of the patch but verclsid.exe appears to be trivial to bypass. As far as using DropMyRights, etc goes, it is far better not to run as an Admin user for day-to-day use - create a limited user account and use the Run As option for those few programs that insist on Admin access (if these include games, then it is most likely the CD-Check that is the problem - install a No-CD patch if one is available).
     
  10. THuckabay

    THuckabay Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    1
    MS06-015 / KB908531 is causing my Win XP Pro SP2 OS to COMPLETELY FREEZE intermittently. I am able to "SEE" this fact because I have GoBack 4 from Norton/Symantec installed on my system. I am forced to reboot my system when it freezes. I can then, after the reboot, start the Advanced Restore feature of GoBack 4 to see what the last file activity was on my OS just prior to the system's freezing (i.e., the file activity right before my latest system restart due to the reboot). When I check this file activity, right before the freeze itself occurred, I see VERCLSID.EXE was executing immediately prior to the system freeze! Prior to this Microsoft update, my system was completely stable; I could run it for days with no issues. Now, however, it freezes randomly, and it appears that VERCLSID.EXE is the culprit. Moreover, the freezes can occur right after my OS' sstars screensaveer is activated, when I try to use ACT!, or any number of other "random" activities I might be doing. Therefore, Microsoft's exceedintly limited list of "known" conflicting third-party applications is B.S.; there are myriads of conflicts, it appears to me. So, besides fixing this Microsoft pushed OS-breaking piece of sh't on the masses who use Windows XP, I suggest that Microsoft REPLACE its entire QA team for these OS updates. This is beyond unacceptable! Microsoft is making its OS crap rather than improving it for us all. Hmmm! I wonder... Could it be that Microsoft would like to break everyone's Windows XP OS's just in time to tell us about how great it would be for us to all migrate to Windows Vista? Now that's a thought!!!
     
  11. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    fresh reinstall today brought this to my attention (via processguard)

    so in effect we have a new little resource hog that has to verify every object yet is simple for real malware to circumvent by adding its extension to the allowed list. Just so Microsoft can keep its sacred cow of webview in explorer.

    so its official classification would be?
    1. spitball
    2. glue
    3. bailing wire
    4. duct tape
    5. gum

    :p
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.