• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1856
  • Last Modified:

Persistant verclsid.exe

Hi Experts

Since I installed the MS security update 908531 (security bulletin MS06-015), back in April, I've this pesky little program "verclsid.exe".

Many times I have deleted it, renamed it, searched whole drive and deleted from prefetch etc.

I have also uninstalled the MS update.

However, it still keeps returning. Am I missing something fundamental here?

And in returning, it consumes just about 100% CPU and thus stalls the system until stopped.

To workaround this until I find a complete solution I have scheduled a batch file to delete it every 1 hour. It still slips through the net on occassion (I can shorten the run time to every 5 minutes but there must be an answer somewhere).

Once it has run (and then I stop it), several programs - random programs, could be firefox, powerpoint whatever, - then function in the same way as verclsid did, i.e. consume full CPU and hang the system.

My only answer to date has been to reboot when this happens (very annoying).

Due to the length of time passed a system restore is not an option sadly.

I am looking for complete solutions to this and not just links to "rename it" or "uninstall the patch" as I have found and tried all those myself.

Many thanks for any help to be offered.

Nick Denny
Nick Denny
  • 6
  • 3
1 Solution
GeisrudSystems AdministratorCommented:
I haven't read through this completely, but it's an MSKB article about verclisid.exe which was installed with the patches the other day.

As Geisrud mentions above:  This is due to a problem with a recently installed MS patch:

Problems in Windows Explorer or the Windows shell after you install security update MS06-015

I am not convinced that the proposed MS fix will necessarily correct the problem with the faulty MS patch, for I think it depends upon you using HP products or Sunbelt Kerio Personal Firewall with your computer.  If you don't get the problem corrected with the above, then read this:


That patch that came out 4-11 causes problems on some computers. I am sure Microsoft will end up reissuing the patch that does not break some computers.

Here are the symptoms:

Office Products:

When choosing Save As it will lock up. If you look in Task Manager you will see one or possible 10-20 or more processes of verclsid.exe running. Killing that process will probably allow the office products to work fine in that one instance.

Internet Explorer:

Typing in any address and then hitting enter will launch a process of verclsid.exe and it will not go away. IE will sit there and appear like you have done nothing. Killing all processes of verclsid.exe will let IE work fine.


Uninstall KB908531 from any computer that is affected then reboot.

Or, as another temporary workaround until MS comes out with the corrected patch, you can find verclsid.exe in \Windows\System32\ folder and rename it to verclsid.old

Incidentally, I was under the impression that MS has now come out with a correction for the patch.  I'll see if I can find out more...
Nick DennyAuthor Commented:
Thanks Geisrud  - but I know from whence it came.

Thanks LeeTutor - I have already been through all the MSKB info - nothing really of use in it.

I have no HP products, I already have the reg entries re Nvidia, and also no Kerio software.

It doesnt just happen with Office either - it seems particularly random - and - I dont use MSIE (just Firefox).

It seems to happen more so as I attempt to start programs as opposed to within them.

The really weird thing is how after renaming/deleting and so on - how it manages to come back.

I have done a full search on my hard drive and deleted all instances (also in the prefetch).
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

On April 25th Microsoft issued a revised patch that you should be able to download and hopefully solve your problems.  From this page (in the Frequently Asked Questions about this Security Update section):


Why did Microsoft reissue this bulletin on April 25, 2006?
Microsoft has completed its initial investigation into issues involving old third party software that customers may have experienced after the installation of this security update.

Microsoft updated this bulletin today to advise customers that revised versions of the security update are available for all products listed in the “Affected Software” section.

Note Customers who have already applied the MS06-015 update who are not experiencing problems as indicated in Microsoft Knowledgebase Article 918165, need take no action.

What changes does the revised security update include?
The revised security update contains no changes to the binaries included in the initial security update. During installation, the revised security update will place the following entries in the allow list as indicated in Microsoft Knowledgebase Article 918165.

HP Share-to-Web

• {A4DF5659-0801-4A60-9607-1C48695EFDA9}

NVIDIA Graphics Driver

• {1E9B04FB-F9E5-4718-997B-B8DA88302A47}
• {1E9B04FB-F9E5-4718-997B-B8DA88302A48}
• {1CDB2949-8F65-4355-8456-263E7C208A5D}

How do I deploy this revised update?
For customers who have already applied the update and are experiencing the problem related to the older Hewlett Packard Share-to-Web software, or older NVIDIA drivers prior to or including version 61.94, the revised update will be available through Windows Update and Microsoft Update. The targeted re-release will be automatically delivered to affected computers through Automatic Update if it has been enabled. The re-release will not be distributed to non-affected computers.

Microsoft Baseline Security Analyzer (MBSA) 2.0 will also determine if one of the identified third-party COM controls has been installed and will offer the revised security update.

For Microsoft Baseline Security Analyzer (MBSA) 1.2.1, the detection logic has been updated to offer the revised package only to machines that do not have the initial security update installed. MBSA 1.2.1 cannot be used to determine if the identified third-party COM controls have been installed. For customers using MBSA 1.2.1 that are experiencing these issues, we recommend using Group Policy or scripting to add the above COM controls to the allow list manually as documented in Microsoft Knowledge Base Article 918165.

Nick DennyAuthor Commented:
Thanks again LeeTutor

I had uninstalled this patch when it became apparent that it was creating an issue.

It was reinstalled through auto-updates on 14th May and therefore should already be the fixed version.

My dilemma appears to be that no matter how much it gets removed it keeps returning to wreak havoc and necessiate a reboot.

I may not have been too clear before so here are the symptons:

verclsid.exe runs randomly and takes almost 100% CPU causing system to stall
I stop it, delete it (tried renaming too).
I then attempt to run another program and that too consumes nearly 100% cpu each and every time, even when i stop process and restart.
e.g. this could be firefox, other 3rd party apps and MS office apps.
My only way to date, out of this is to reboot.
I have therefore set a batch file to run every hour that deletes verclsid.exe if it exists.
However, this has not irradicated it.
I have run full spyware/malware and antivirus with Spybot, Ad-Aware, Norton AV2005, AVG free. (AV runs every 24hours anyway).

I am going to unistall the patch and download the latest and reinstall that.
(Failing that - I suppose it could be time for a Windows reload).

I'll see if that sorts it out.

Thanks again

Nick DennyAuthor Commented:
After running a full system search for "verclsid" (inc hidden and system files) and deleting all instances, removing the update and reinstalling, all was well for 48 hours.
However, verclsid.exe once again re-appeared with ever so slight differences.
Firefox (again) was running at 97/98% CPU and never actually started so I manually ended it.
Skype that was already running, then started to use high CPU (90+%) so I stopped that too.
Then verclsid.exe appeared immediately after in the list of processes.
I stopped and deleted it. Still couldn't start firefox and several other programs. Rebooted.
Ran a full system search again...
4 instances found
I have once again!! delted all these inc folders.
What am I missing here?
Nick DennyAuthor Commented:
Oh and before deleting, I turned off system restore.
Do you have HP Share-to-web or the "older Nvidia drivers" that MS talks about?  If so, try removing the HP Share-to-web software and updating your driver...
Nick DennyAuthor Commented:
Thanks again LeeTutor
No HP software/hardware, Nvidia card but with latest drivers.
Still a mystery!!
Nick DennyAuthor Commented:
After uninstallation (again) of the patch and total deletion of all instances of verclsid.exe (and its install directories), the patch reappears on the Windows Updates list.
I have been using manual updates and ticked this to "never ask me again".
Since then, all has been well.
It seems even the "fixed" version was causing me trouble.
Thanks for all efforts.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now