Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Persistant verclsid.exe

Posted on 2006-07-13
Medium Priority
Last Modified: 2010-05-18
Hi Experts

Since I installed the MS security update 908531 (security bulletin MS06-015), back in April, I've this pesky little program "verclsid.exe".

Many times I have deleted it, renamed it, searched whole drive and deleted from prefetch etc.

I have also uninstalled the MS update.

However, it still keeps returning. Am I missing something fundamental here?

And in returning, it consumes just about 100% CPU and thus stalls the system until stopped.

To workaround this until I find a complete solution I have scheduled a batch file to delete it every 1 hour. It still slips through the net on occassion (I can shorten the run time to every 5 minutes but there must be an answer somewhere).

Once it has run (and then I stop it), several programs - random programs, could be firefox, powerpoint whatever, - then function in the same way as verclsid did, i.e. consume full CPU and hang the system.

My only answer to date has been to reboot when this happens (very annoying).

Due to the length of time passed a system restore is not an option sadly.

I am looking for complete solutions to this and not just links to "rename it" or "uninstall the patch" as I have found and tried all those myself.

Many thanks for any help to be offered.

Question by:Nick Denny
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
LVL 14

Expert Comment

ID: 17102699
I haven't read through this completely, but it's an MSKB article about verclisid.exe which was installed with the patches the other day.
LVL 59

Expert Comment

ID: 17102952
As Geisrud mentions above:  This is due to a problem with a recently installed MS patch:;en-us;918165
Problems in Windows Explorer or the Windows shell after you install security update MS06-015

I am not convinced that the proposed MS fix will necessarily correct the problem with the faulty MS patch, for I think it depends upon you using HP products or Sunbelt Kerio Personal Firewall with your computer.  If you don't get the problem corrected with the above, then read this:

That patch that came out 4-11 causes problems on some computers. I am sure Microsoft will end up reissuing the patch that does not break some computers.

Here are the symptoms:

Office Products:

When choosing Save As it will lock up. If you look in Task Manager you will see one or possible 10-20 or more processes of verclsid.exe running. Killing that process will probably allow the office products to work fine in that one instance.

Internet Explorer:

Typing in any address and then hitting enter will launch a process of verclsid.exe and it will not go away. IE will sit there and appear like you have done nothing. Killing all processes of verclsid.exe will let IE work fine.


Uninstall KB908531 from any computer that is affected then reboot.

Or, as another temporary workaround until MS comes out with the corrected patch, you can find verclsid.exe in \Windows\System32\ folder and rename it to verclsid.old

Incidentally, I was under the impression that MS has now come out with a correction for the patch.  I'll see if I can find out more...
LVL 13

Author Comment

by:Nick Denny
ID: 17108214
Thanks Geisrud  - but I know from whence it came.

Thanks LeeTutor - I have already been through all the MSKB info - nothing really of use in it.

I have no HP products, I already have the reg entries re Nvidia, and also no Kerio software.

It doesnt just happen with Office either - it seems particularly random - and - I dont use MSIE (just Firefox).

It seems to happen more so as I attempt to start programs as opposed to within them.

The really weird thing is how after renaming/deleting and so on - how it manages to come back.

I have done a full search on my hard drive and deleted all instances (also in the prefetch).
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

LVL 59

Accepted Solution

LeeTutor earned 1500 total points
ID: 17108455
On April 25th Microsoft issued a revised patch that you should be able to download and hopefully solve your problems.  From this page (in the Frequently Asked Questions about this Security Update section):

Why did Microsoft reissue this bulletin on April 25, 2006?
Microsoft has completed its initial investigation into issues involving old third party software that customers may have experienced after the installation of this security update.

Microsoft updated this bulletin today to advise customers that revised versions of the security update are available for all products listed in the “Affected Software” section.

Note Customers who have already applied the MS06-015 update who are not experiencing problems as indicated in Microsoft Knowledgebase Article 918165, need take no action.

What changes does the revised security update include?
The revised security update contains no changes to the binaries included in the initial security update. During installation, the revised security update will place the following entries in the allow list as indicated in Microsoft Knowledgebase Article 918165.

HP Share-to-Web

• {A4DF5659-0801-4A60-9607-1C48695EFDA9}

NVIDIA Graphics Driver

• {1E9B04FB-F9E5-4718-997B-B8DA88302A47}
• {1E9B04FB-F9E5-4718-997B-B8DA88302A48}
• {1CDB2949-8F65-4355-8456-263E7C208A5D}

How do I deploy this revised update?
For customers who have already applied the update and are experiencing the problem related to the older Hewlett Packard Share-to-Web software, or older NVIDIA drivers prior to or including version 61.94, the revised update will be available through Windows Update and Microsoft Update. The targeted re-release will be automatically delivered to affected computers through Automatic Update if it has been enabled. The re-release will not be distributed to non-affected computers.

Microsoft Baseline Security Analyzer (MBSA) 2.0 will also determine if one of the identified third-party COM controls has been installed and will offer the revised security update.

For Microsoft Baseline Security Analyzer (MBSA) 1.2.1, the detection logic has been updated to offer the revised package only to machines that do not have the initial security update installed. MBSA 1.2.1 cannot be used to determine if the identified third-party COM controls have been installed. For customers using MBSA 1.2.1 that are experiencing these issues, we recommend using Group Policy or scripting to add the above COM controls to the allow list manually as documented in Microsoft Knowledge Base Article 918165.

LVL 13

Author Comment

by:Nick Denny
ID: 17121758
Thanks again LeeTutor

I had uninstalled this patch when it became apparent that it was creating an issue.

It was reinstalled through auto-updates on 14th May and therefore should already be the fixed version.

My dilemma appears to be that no matter how much it gets removed it keeps returning to wreak havoc and necessiate a reboot.

I may not have been too clear before so here are the symptons:

verclsid.exe runs randomly and takes almost 100% CPU causing system to stall
I stop it, delete it (tried renaming too).
I then attempt to run another program and that too consumes nearly 100% cpu each and every time, even when i stop process and restart.
e.g. this could be firefox, other 3rd party apps and MS office apps.
My only way to date, out of this is to reboot.
I have therefore set a batch file to run every hour that deletes verclsid.exe if it exists.
However, this has not irradicated it.
I have run full spyware/malware and antivirus with Spybot, Ad-Aware, Norton AV2005, AVG free. (AV runs every 24hours anyway).

I am going to unistall the patch and download the latest and reinstall that.
(Failing that - I suppose it could be time for a Windows reload).

I'll see if that sorts it out.

Thanks again

LVL 13

Author Comment

by:Nick Denny
ID: 17144382
After running a full system search for "verclsid" (inc hidden and system files) and deleting all instances, removing the update and reinstalling, all was well for 48 hours.
However, verclsid.exe once again re-appeared with ever so slight differences.
Firefox (again) was running at 97/98% CPU and never actually started so I manually ended it.
Skype that was already running, then started to use high CPU (90+%) so I stopped that too.
Then verclsid.exe appeared immediately after in the list of processes.
I stopped and deleted it. Still couldn't start firefox and several other programs. Rebooted.
Ran a full system search again...
4 instances found
I have once again!! delted all these inc folders.
What am I missing here?
LVL 13

Author Comment

by:Nick Denny
ID: 17144386
Oh and before deleting, I turned off system restore.
LVL 59

Expert Comment

ID: 17145428
Do you have HP Share-to-web or the "older Nvidia drivers" that MS talks about?  If so, try removing the HP Share-to-web software and updating your driver...
LVL 13

Author Comment

by:Nick Denny
ID: 17158400
Thanks again LeeTutor
No HP software/hardware, Nvidia card but with latest drivers.
Still a mystery!!
LVL 13

Author Comment

by:Nick Denny
ID: 17301875
After uninstallation (again) of the patch and total deletion of all instances of verclsid.exe (and its install directories), the patch reappears on the Windows Updates list.
I have been using manual updates and ticked this to "never ask me again".
Since then, all has been well.
It seems even the "fixed" version was causing me trouble.
Thanks for all efforts.

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Can I legally transfer my OEM version of Windows to another PC?  (AKA - Can I put a new systemboard in my OEM PC?) Few of us are both IT and legal experts but we all have our own views of Microsoft's licensing rules and how they apply.  There are…
Issue: Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) . Troubleshooting Process and the FINAL FIX: This issue see…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question