pudelein
join:2005-06-18
Oak Ridge, TN
| reply to dolphins
Re: Belarc Advisor / Missing Security Updates
I can now confirm that one route through which capicom.dll can sneak into the system32 folder and remain there till found is via Symantec software. The copy that I had (version 2.0.0.3) was created 01/08/2004, modified 01/02/2004, last accessed 11/15/2005. I used Norton Antivirus until about August 2005. On 01/08/2004, Symantec LiveUpdate downloaded an update to LiveReg, one of the Norton components. The copy of capicom.dll was certainly delivered at that time. There could possibly have been a copy of an earlier version before that, but version 2.0.0.3 already existed in early 2003, as shown by the copy of capicom.dll that accompanied my HP printer software. I am sure there are other vectors also. Symantec should not have stored the thing in system32; it should have been in a private folder where it could be removed by an uninstaller. Just junk programming, I guess! |
|
dolphins
Miami Dolphins
Premium
join:2001-08-22
Westville, NJ | reply to Exidor
Aha!
Thanks for the rerun, my memory isn't what it used to be.  |
|
Exidor
Premium
join:2001-05-04
Brampton, ON
| reply to dolphins
said by dolphins  :Thanks for that rerun of 2004.  I will check into this more tomorrow because I believe Norton 90 day trial came with this machine? Here's a rerun from the summer of '06:
»Re: [POLL] Spyware Programs - 2006 Members Choice
Some would say Norton can hose your system in 90 minutes, never mind 90 days or 60 days. 
(not that I would know anything about that) |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| reply to AB
said by AB :said by dolphins :I remember the days when those 2 were top of the heap, king of the hill, "A" number one.  That's right. Things change. And it all started with Symantec firing all their USA techs and moving to DRM.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason |
|
AB
Premium
join:2006-04-04
Leesburg, VA
| reply to dolphins
said by dolphins :I remember the days when those 2 were top of the heap, king of the hill, "A" number one. That's right. Things change. |
|
dolphins
Miami Dolphins
Premium
join:2001-08-22
Westville, NJ
 ·Comcast
| reply to AB
I remember the days when those 2 were top of the heap, king of the hill, "A" number one.
--
Prevent Malware |
|
AB
Premium
join:2006-04-04
Leesburg, VA
| reply to dolphins
said by dolphins :. . Thanks for that rerun of 2004. I will check into this more tomorrow because I believe Norton 90 day trial came with this machine? Still the Mcafee episode is eating me up inside. I am currently testing Comcast's free Mcafee Security and I'm almost sure is what caused this? McAfee, Symantec-- what's the difference? A turd by any other name . . . .  |
|
dolphins
Miami Dolphins
Premium
join:2001-08-22
Westville, NJ
·Comcast
| reply to Exidor
Out of the mouths of lurkers.
Thanks for that rerun of 2004. I will check into this more tomorrow because I believe Norton 90 day trial came with this machine?
Still the Mcafee episode is eating me up inside. I am currently testing Comcast's free Mcafee Security and I'm almost sure is what caused this?
--
Prevent Malware |
|
Exidor
Premium
join:2001-05-04
Brampton, ON
| reply to dolphins
Personally, I'd blame Norton...even if it's not on your system.
This thread on the capicom.dll is a fun read:
»Norton Live Update Issue
Apparently the capicom.dll is a Symantec favorite.
»ftp://ftp.symantec.com/public/english_···adme.htm
If you uninstall Norton Ghost, the capicom.dll file might still appear in the system directory. This is a shared .dll file that is used to perform LiveUpdate for all Symantec products. If you have multiple Symantec products on your computer, or if it is unclear whether the file is needed, it will not be uninstalled. |
|
AB
Premium
join:2006-04-04
Leesburg, VA
| reply to dolphins
said by dolphins :. . I'm having a few cocktails right now and I don't want to do anything stupid, like I have in the past e.g. changing administrator password and not remembering it the next day.  Sounds like the smart play. It'll still be there tomorrow.
And I'll just mention that I'm running the retail version of XP on this machine, not the OEM version that came with it-- for whatever that's worth.
Not that that has anything to do with setting the killbit, or anything else, necessarily. |
|
dolphins
Miami Dolphins
Premium
join:2001-08-22
Westville, NJ
·Comcast
| reply to AB
"Off to the chopping block" is my way of saying goodbye to Capicom.
I'm having a few cocktails right now and I don't want to do anything stupid, like I have in the past e.g. changing administrator password and not remembering it the next day.
--
Prevent Malware |
|
AB
Premium
join:2006-04-04
Leesburg, VA
| reply to dolphins
said by dolphins :If I don't resolve this soon, It's off to the chopping block. For me, you, or what?
So resolve it. Set that killbit. It's not tough-- just be careful to do it exactly, according to the instructions.
I'm also using a Compaq, btw, and also have an HP printer, yet I don't have that .dll anywhere on my machine. |
|
dolphins
Miami Dolphins
Premium
join:2001-08-22
Westville, NJ
·Comcast
| reply to AB
said by AB :You could always not download either of them, and set the killbit in the Registry yourself. Follow the instructions carefully, and back up that Registry key before changing it. Just a thought. 'No comment' about which I think you should download and install. If I don't resolve this soon, It's off to the chopping block.
--
Prevent Malware |
|
dolphins
Miami Dolphins
Premium
join:2001-08-22
Westville, NJ
·Comcast
| reply to pudelein
Hmmm... this is a Compaq machine which is owned by HP?
I got to say though, that I'm pretty sure it all started when Mcafee removal tool deleted VBScript runtime and then I had to reinstall it because of some runtime errors.
I'm confused right now. I need to step back and look at this with new eyes tomorrow.
--
Prevent Malware |
|
pudelein
join:2005-06-18
Oak Ridge, TN
| reply to dolphins
Further to what I said above about WinXP and CAPICOM: one copy of capicom.dll is indeed in system32, but this was not updated by the May update. A second copy is in some of the HP software that came with a printer I bought in 2005; this copy was also not updated in May. The third, however, which was updated is in %ProgramFiles%\Microsoft CAPICOM 2.1.0.2 and this was created on May 9, 2007 by that update. As I said before, I don't actually think any of these have ever actually been executed. I do not do any of the SDK things they are designed for, but then you never know... |
|
AB
Premium
join:2006-04-04
Leesburg, VA
| reply to dolphins
You could always not download either of them, and set the killbit in the Registry yourself.
Follow the instructions carefully, and back up that Registry key before changing it.
Just a thought.
'No comment' about which I think you should download and install. |
|
dolphins
Miami Dolphins
Premium
join:2001-08-22
Westville, NJ
·Comcast
| reply to AB
said by pudelein :Dolphins, your statement that CAPICOM is not available for Windows XP is incorrect. I have it on my WinXPSP2 Home system...actually there are three (!) copies of the essential bit, capicom.dll. I am not aware that any of them has been used, but the DLL is there. I got the update KB931906 by automatic updates in the May patch Tuesday 2007 episode. You right, I got Capicom.dll in system32 folder. Now why does MS have conflicting web pages concerning this?
said by AB :You're right, it's one of the May updates. Info about what it is and where it may have come from is here: » www.microsoft.com/technet/securi···028.mspxI also have XP Home SP2 and do not have that .dll on my system. It's not supposed to have anything to do with XP that I can see, other than it may have been included as part of some SDK Redistributable, or perhaps tagged along with some VBS or .NET app. If the .dll version is 2.1.01 or lower, then the update is necessary. Ok now which one am I supposed to download... CAPICOM or Platform SDK Redistributable: CAPICOM?
--
Prevent Malware |
|
AB
Premium
join:2006-04-04
Leesburg, VA
| reply to pudelein
said by pudelein :Dolphins, your statement that CAPICOM is not available for Windows XP is incorrect. I have it on my WinXPSP2 Home system...actually there are three (!) copies of the essential bit, capicom.dll. I am not aware that any of them has been used, but the DLL is there. I got the update KB931906 by automatic updates in the May patch Tuesday 2007 episode. You're right, it's one of the May updates. Info about what it is and where it may have come from is here:
»www.microsoft.com/technet/securi···028.mspx
I also have XP Home SP2 and do not have that .dll on my system.
It's not supposed to have anything to do with XP that I can see, other than it may have been included as part of some SDK Redistributable, or perhaps tagged along with some VBS or .NET app.
If the .dll version is 2.1.01 or lower, then the update is necessary. |
|
pudelein
join:2005-06-18
Oak Ridge, TN
| reply to dolphins
Dolphins,
your statement that CAPICOM is not available for Windows XP is incorrect. I have it on my WinXPSP2 Home system...actually there are three (!) copies of the essential bit, capicom.dll. I am not aware that any of them has been used, but the DLL is there. I got the update KB931906 by automatic updates in the May patch Tuesday 2007 episode. |
|
Darek
Premium
join:2000-12-04
Chicago, IL
1 edit | reply to Mele20
...or...
there are some left-overs...
some registry keys...
telling Belarc that the software exists..?
|
|
