Persistant verclsid.exe
Hi Experts
Since I installed the MS security update 908531 (security bulletin MS06-015), back in April, I've this pesky little program "verclsid.exe".
Many times I have deleted it, renamed it, searched whole drive and deleted from prefetch etc.
I have also uninstalled the MS update.
However, it still keeps returning. Am I missing something fundamental here?
And in returning, it consumes just about 100% CPU and thus stalls the system until stopped.
To workaround this until I find a complete solution I have scheduled a batch file to delete it every 1 hour. It still slips through the net on occassion (I can shorten the run time to every 5 minutes but there must be an answer somewhere).
Once it has run (and then I stop it), several programs - random programs, could be firefox, powerpoint whatever, - then function in the same way as verclsid did, i.e. consume full CPU and hang the system.
My only answer to date has been to reboot when this happens (very annoying).
Due to the length of time passed a system restore is not an option sadly.
I am looking for complete solutions to this and not just links to "rename it" or "uninstall the patch" as I have found and tried all those myself.
Many thanks for any help to be offered.
Nick
Since I installed the MS security update 908531 (security bulletin MS06-015), back in April, I've this pesky little program "verclsid.exe".
Many times I have deleted it, renamed it, searched whole drive and deleted from prefetch etc.
I have also uninstalled the MS update.
However, it still keeps returning. Am I missing something fundamental here?
And in returning, it consumes just about 100% CPU and thus stalls the system until stopped.
To workaround this until I find a complete solution I have scheduled a batch file to delete it every 1 hour. It still slips through the net on occassion (I can shorten the run time to every 5 minutes but there must be an answer somewhere).
Once it has run (and then I stop it), several programs - random programs, could be firefox, powerpoint whatever, - then function in the same way as verclsid did, i.e. consume full CPU and hang the system.
My only answer to date has been to reboot when this happens (very annoying).
Due to the length of time passed a system restore is not an option sadly.
I am looking for complete solutions to this and not just links to "rename it" or "uninstall the patch" as I have found and tried all those myself.
Many thanks for any help to be offered.
Nick
As Geisrud mentions above: This is due to a problem with a recently installed MS patch:
http://support.microsoft.com/default.aspx?scid=kb;en-us;918165
Problems in Windows Explorer or the Windows shell after you install security update MS06-015
I am not convinced that the proposed MS fix will necessarily correct the problem with the faulty MS patch, for I think it depends upon you using HP products or Sunbelt Kerio Personal Firewall with your computer. If you don't get the problem corrected with the above, then read this:
http://episteme.arstechnica.com/groupee/forums/a/tpc/f/12009443/m/810008568731/r/758002668731
That patch that came out 4-11 causes problems on some computers. I am sure Microsoft will end up reissuing the patch that does not break some computers.
Here are the symptoms:
Office Products:
When choosing Save As it will lock up. If you look in Task Manager you will see one or possible 10-20 or more processes of verclsid.exe running. Killing that process will probably allow the office products to work fine in that one instance.
Internet Explorer:
Typing in any address and then hitting enter will launch a process of verclsid.exe and it will not go away. IE will sit there and appear like you have done nothing. Killing all processes of verclsid.exe will let IE work fine.
Fix:
Uninstall KB908531 from any computer that is affected then reboot.
Or, as another temporary workaround until MS comes out with the corrected patch, you can find verclsid.exe in \Windows\System32\ folder and rename it to verclsid.old
Incidentally, I was under the impression that MS has now come out with a correction for the patch. I'll see if I can find out more...
http://support.microsoft.com/default.aspx?scid=kb;en-us;918165
Problems in Windows Explorer or the Windows shell after you install security update MS06-015
I am not convinced that the proposed MS fix will necessarily correct the problem with the faulty MS patch, for I think it depends upon you using HP products or Sunbelt Kerio Personal Firewall with your computer. If you don't get the problem corrected with the above, then read this:
http://episteme.arstechnica.com/groupee/forums/a/tpc/f/12009443/m/810008568731/r/758002668731
That patch that came out 4-11 causes problems on some computers. I am sure Microsoft will end up reissuing the patch that does not break some computers.
Here are the symptoms:
Office Products:
When choosing Save As it will lock up. If you look in Task Manager you will see one or possible 10-20 or more processes of verclsid.exe running. Killing that process will probably allow the office products to work fine in that one instance.
Internet Explorer:
Typing in any address and then hitting enter will launch a process of verclsid.exe and it will not go away. IE will sit there and appear like you have done nothing. Killing all processes of verclsid.exe will let IE work fine.
Fix:
Uninstall KB908531 from any computer that is affected then reboot.
Or, as another temporary workaround until MS comes out with the corrected patch, you can find verclsid.exe in \Windows\System32\ folder and rename it to verclsid.old
Incidentally, I was under the impression that MS has now come out with a correction for the patch. I'll see if I can find out more...
ASKER
Thanks Geisrud - but I know from whence it came.
Thanks LeeTutor - I have already been through all the MSKB info - nothing really of use in it.
I have no HP products, I already have the reg entries re Nvidia, and also no Kerio software.
It doesnt just happen with Office either - it seems particularly random - and - I dont use MSIE (just Firefox).
It seems to happen more so as I attempt to start programs as opposed to within them.
The really weird thing is how after renaming/deleting and so on - how it manages to come back.
I have done a full search on my hard drive and deleted all instances (also in the prefetch).
Thanks LeeTutor - I have already been through all the MSKB info - nothing really of use in it.
I have no HP products, I already have the reg entries re Nvidia, and also no Kerio software.
It doesnt just happen with Office either - it seems particularly random - and - I dont use MSIE (just Firefox).
It seems to happen more so as I attempt to start programs as opposed to within them.
The really weird thing is how after renaming/deleting and so on - how it manages to come back.
I have done a full search on my hard drive and deleted all instances (also in the prefetch).
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks again LeeTutor
I had uninstalled this patch when it became apparent that it was creating an issue.
It was reinstalled through auto-updates on 14th May and therefore should already be the fixed version.
My dilemma appears to be that no matter how much it gets removed it keeps returning to wreak havoc and necessiate a reboot.
I may not have been too clear before so here are the symptons:
verclsid.exe runs randomly and takes almost 100% CPU causing system to stall
I stop it, delete it (tried renaming too).
I then attempt to run another program and that too consumes nearly 100% cpu each and every time, even when i stop process and restart.
e.g. this could be firefox, other 3rd party apps and MS office apps.
My only way to date, out of this is to reboot.
I have therefore set a batch file to run every hour that deletes verclsid.exe if it exists.
However, this has not irradicated it.
I have run full spyware/malware and antivirus with Spybot, Ad-Aware, Norton AV2005, AVG free. (AV runs every 24hours anyway).
I am going to unistall the patch and download the latest and reinstall that.
(Failing that - I suppose it could be time for a Windows reload).
I'll see if that sorts it out.
Thanks again
Nick
I had uninstalled this patch when it became apparent that it was creating an issue.
It was reinstalled through auto-updates on 14th May and therefore should already be the fixed version.
My dilemma appears to be that no matter how much it gets removed it keeps returning to wreak havoc and necessiate a reboot.
I may not have been too clear before so here are the symptons:
verclsid.exe runs randomly and takes almost 100% CPU causing system to stall
I stop it, delete it (tried renaming too).
I then attempt to run another program and that too consumes nearly 100% cpu each and every time, even when i stop process and restart.
e.g. this could be firefox, other 3rd party apps and MS office apps.
My only way to date, out of this is to reboot.
I have therefore set a batch file to run every hour that deletes verclsid.exe if it exists.
However, this has not irradicated it.
I have run full spyware/malware and antivirus with Spybot, Ad-Aware, Norton AV2005, AVG free. (AV runs every 24hours anyway).
I am going to unistall the patch and download the latest and reinstall that.
(Failing that - I suppose it could be time for a Windows reload).
I'll see if that sorts it out.
Thanks again
Nick
ASKER
After running a full system search for "verclsid" (inc hidden and system files) and deleting all instances, removing the update and reinstalling, all was well for 48 hours.
However, verclsid.exe once again re-appeared with ever so slight differences.
Firefox (again) was running at 97/98% CPU and never actually started so I manually ended it.
Skype that was already running, then started to use high CPU (90+%) so I stopped that too.
Then verclsid.exe appeared immediately after in the list of processes.
I stopped and deleted it. Still couldn't start firefox and several other programs. Rebooted.
Ran a full system search again...
4 instances found
C:\WINDOWS\system32
C:\WINDOWS\$hf_mig$\KB9085
C:\WINDOWS\SoftwareDistrib
C:\WINDOWS\SoftwareDistrib
I have once again!! delted all these inc folders.
What am I missing here?
Thanks
Nick
However, verclsid.exe once again re-appeared with ever so slight differences.
Firefox (again) was running at 97/98% CPU and never actually started so I manually ended it.
Skype that was already running, then started to use high CPU (90+%) so I stopped that too.
Then verclsid.exe appeared immediately after in the list of processes.
I stopped and deleted it. Still couldn't start firefox and several other programs. Rebooted.
Ran a full system search again...
4 instances found
C:\WINDOWS\system32
C:\WINDOWS\$hf_mig$\KB9085
C:\WINDOWS\SoftwareDistrib
C:\WINDOWS\SoftwareDistrib
I have once again!! delted all these inc folders.
What am I missing here?
Thanks
Nick
ASKER
Oh and before deleting, I turned off system restore.
Do you have HP Share-to-web or the "older Nvidia drivers" that MS talks about? If so, try removing the HP Share-to-web software and updating your driver...
ASKER
Thanks again LeeTutor
No HP software/hardware, Nvidia card but with latest drivers.
Still a mystery!!
No HP software/hardware, Nvidia card but with latest drivers.
Still a mystery!!
ASKER
After uninstallation (again) of the patch and total deletion of all instances of verclsid.exe (and its install directories), the patch reappears on the Windows Updates list.
I have been using manual updates and ticked this to "never ask me again".
Since then, all has been well.
It seems even the "fixed" version was causing me trouble.
Thanks for all efforts.
I have been using manual updates and ticked this to "never ask me again".
Since then, all has been well.
It seems even the "fixed" version was causing me trouble.
Thanks for all efforts.
http://support.microsoft.com/kb/918165