dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
112871
share rss forum feed


dsilvers

@gvtc.com

verclsid.exe

Does anyone know what verclsid.exe is? It appeared after the MS updates today and was caught by process guard. It was allowed and there seem to be no unusual symptoms with the box.


Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire
kudos:13
what was the location of the file? does PG keep a log?

Cudni


hpguru
Curb Your Dogma
Premium
join:2002-04-12
reply to dsilvers
It is a legit file. It is used to verify class IDs.


amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
kudos:9
reply to dsilvers
5.1.2600.2869 (xpsp_sp2_gdr.060316-1512)

Look in System32 dir=



dsilvers

@gvtc.com
reply to dsilvers
Thanks,

Verclisd.exe had never run before and after the update it ran a number of times. Part of the PG log follows. Just paranoid I guess.

13:57:08 [EXECUTION] "c:\windows\system32\verclsid.exe" was allowed to run
[EXECUTION] Started by "c:\windows\explorer.exe" [228]
[EXECUTION] Commandline - [ /s /c {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /i {000214e6-0000-0000-c000-000000000046} /x 0x401 ]
13:57:08 [EXECUTION] "c:\windows\system32\verclsid.exe" was allowed to run
[EXECUTION] Started by "c:\windows\explorer.exe" [228]
[EXECUTION] Commandline - [ /s /c {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /i {000214fa-0000-0000-c000-000000000046} /x 0x401 ]
13:57:08 [EXECUTION] "c:\windows\system32\verclsid.exe" was allowed to run
[EXECUTION] Started by "c:\windows\explorer.exe" [228]
[EXECUTION] Commandline - [ /s /c {fbf23b40-e3f0-101b-8488-00aa003e56f8} /i {0000010b-0000-0000-c000-000000000046} /x 0x401 ]
13:57:08 [EXECUTION] "c:\windows\system32\verclsid.exe" was allowed to run
[EXECUTION] Started by "c:\windows\explorer.exe" [228]
[EXECUTION] Commandline - [ /s /c {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /i {000214e6-0000-0000-c000-000000000046} /x 0x401 ]
13:57:08 [EXECUTION] "c:\windows\system32\verclsid.exe" was allowed to run
[EXECUTION] Started by "c:\windows\explorer.exe" [228]
[EXECUTION] Commandline - [ /s /c {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /i {000214fa-0000-0000-c000-000000000046} /x 0x401 ]

notmentat

join:2003-11-10
21334
reply to hpguru
said by hpguru:

It is a legit file. It is used to verify class IDs.
What is a class ID?

notmentat

join:2003-11-10
21334
reply to dsilvers
Hmm, I noticed that explorer runs verclsid.exe everytime I start an application for the first time (after the update).


Sparrow
Crystal Sky
Premium
join:2002-12-03
Sachakhand
Click for full size
 
There was a hang for no apparent reason last night when I right-clicked on the desktop to create a new folder, and that was when I found the verclsid.exe running in Task Manager. I ended the task and so far it has not returned.

Adding screenshots of the instances found.


Sparrow
Crystal Sky
Premium
join:2002-12-03
Sachakhand

1 recommendation

reply to notmentat
said by notmentat:

said by hpguru:

It is a legit file. It is used to verify class IDs.
What is a class ID?
Attribute definitions:

id = name [CS]
This attribute assigns a name to an element. This name must be unique in a document.

class = cdata-list [CS]
This attribute assigns a class name or set of class names to an element. Any number of elements may be assigned the same class name or names. Multiple class names must be separated by white space characters.

The id attribute assigns a unique identifier to an element (which may be verified by an SGML parser). For example, the following paragraphs are distinguished by their id values: This is a uniquely named paragraph.
This is also a uniquely named paragraph.

The id attribute has several roles in HTML:

As a style sheet selector.
As a target anchor for hypertext links.
As a means to reference a particular element from a script.
As the name of a declared OBJECT element.
For general purpose processing by user agents (e.g. for identifying fields when extracting data from HTML pages into a database, translating HTML documents into other formats, etc.).

--
"Be simple, be earnest and spread that simplicity throughout everything you do."

notmentat

join:2003-11-10
21334
I don't think this class id, which is merely a HTML attribute, is the same thing as what verclsid.exe does.


Sparrow
Crystal Sky
Premium
join:2002-12-03
Sachakhand

2 recommendations

Here we go:
Frequently asked questions (FAQ) related to this security update

Does this update contain any security-related changes to functionality?
Yes. Besides the changes that are listed in the "Vulnerability Details" section of this bulletin, this update includes the following changes in security functionality:

• This security update introduces a new file, Verclsid.exe. Verclsid.exe is used to verify a COM object before it is instantiated by Windows Explorer.

• This security update includes a Defense in Depth change which ensures that prompting occurs consistently in Internet zone drag and drop scenarios.

--
"Be simple, be earnest and spread that simplicity throughout everything you do."


dsilvers

@gvtc.com
reply to dsilvers
It seems to run a lot on my machine. My logs indicate it even runs at start up. Evidently it runs and then exits as it does not remain in the task manager. Process guard has been on this machine since it was new and Verclsid.exe had never started until after the update. Is it some sort of MS security measure? What does it do? Properties indicates it was created March 16, 2006.


hpguru
Curb Your Dogma
Premium
join:2002-04-12
reply to notmentat
said by notmentat:

said by hpguru:

It is a legit file. It is used to verify class IDs.
What is a class ID?
In COM it is a sub-type of the GUID which is used to distinguish unique program interfaces.
--
Get hpHOSTS! Member ASAP
hpHOSTS Online
Paranoia is no substitute for understanding.


Sparrow
Crystal Sky
Premium
join:2002-12-03
Sachakhand
reply to dsilvers
Glad you pointed this out - it is still causing a long hang on the right-click function on the desktop. Interesting to say the least...


hpguru
Curb Your Dogma
Premium
join:2002-04-12
said by Sparrow:

...it is still causing a long hang on the right-click function on the desktop. Interesting to say the least...
No issues with that here. All the applied updates went smoothly.


antiserious
The Future ain't what it used to be
Premium
join:2001-12-12
Scranton, PA
Reviews:
·Comcast
reply to dsilvers

... glad I noticed this thread ... I've had Kerio pop up a few 'verify class ID' warning boxes since the updates (part of the Application Behavior Blocking feature in 4.2.3), I just denied them and saw no ill effects ... it's now listed as an application (verclsid.exe) in their GUI ... do you think this a one-time verify event, or is it likely to be an ongoing event ? ... guess I'll allow the next one and see what happens ...

... kind of like a little MS 'easter egg', and just in time ...

--

... "that good old-fashioned Medicated Goo" ...


dsilvers

@gvtc.com
reply to dsilvers
Looking at process guard logs it seems verclsid.exe is always started by explorer.exe but does not run every time explorer.exe runs. So far so good, nothing broken. Some Easter egg Uh.


supermann

@bb.online.no
Hi! I think this file is causing major problems with my internet explorer. When i try to type in an adress everything stops, and when i click on a link (for example a link someone sent on messenger) explorer.exe crashes. But my favourites works fine, and my msn searchbar works too.. Any suggestions?


Sparrow
Crystal Sky
Premium
join:2002-12-03
Sachakhand
reply to dsilvers
I'm on the phone with MS now and reading this thread to them about the various problems encountered.

There is free unlimited tech support for Windows Update problems:
»support.microsoft.com/oas/defaul···id=6527&


altermatt
Premium
join:2004-01-22
White Plains, NY
Reviews:
·Verizon FiOS

1 edit
Probably too late but see my post here in the MS Update Bulletin thread that this file is creating havoc with Paint Shop Pro X (and probably other programs--that's just the one I know of), causing it to hang on opening.

I have emailed MS using the link Crystal Sky supplied above; it says they'll respond within a day.

See why I usually wait until at least Friday after Patch Tuesday?


Sparrow
Crystal Sky
Premium
join:2002-12-03
Sachakhand

1 edit

4 recommendations

reply to dsilvers
Okay, I found a simple temporary workaround for anyone experiencing difficulties with the verclsid.exe in Explore or Internet Explorer:

Two ways of doing this:

  • Go into System32 and rename the verclsid.EXE to verclsid.OLD which will keep the file in tact until MS comes up with a permanent solution and should eliminate the problems mentioned in this thread.

  • Go to Start > Run >
    At the prompt type in "cmd" (without quotes) press Enter
    At the prompt type in "cd\" (without quotes) press Enter
    At the prompt type in "cd windows\system32" (without quotes) press Enter
    At the prompt type in "ren verclsid.exe verclsid.old" (without quotes) press Enter.

    Please remember this is an ad hoc fix and intended only for those who are having problems with the verclsid.exe after installing yesterday's updates.

    Edit for grammar.
    --
    "Be simple, be earnest and spread that simplicity throughout everything you do."


  • supermann

    @bb.online.no

    1 recommendation

    reply to dsilvers
    Thanks Crystal! Worked like a charm!
    Really apreciate it!


    caesarv

    join:1999-08-02
    Santa Rosa, CA

    2 edits

    1 recommendation

    reply to Sparrow
    Editing the file name suffix is exactly what I had to do on my wife's computer. Right-clicking the background would just lock it up. Our other 3 computers do not seem to have this problem, so it must be related to somthing she has installed on hers.

    Strangely, googling "verclsid" comes up with ZERO responses!
    I expect that to change VERY soon!

    Fredra
    Undesirable Alien

    join:2000-04-08
    Nepean, ON

    1 recommendation

    reply to dsilvers
    Thanks Crystal Sky
    I have three PC's that got updated, but only one is giving problems with "verclsid"
    -typing a URL in IE6 address, would not autocomplete.
    -using explorer to look at any folder, on closing it would launch another instance of explorer, but it would be blank.
    Changed the "exe" to "old" and all is well with the one problem PC.
    Cheers
    --
    The Endless

    maximusqb

    join:2005-02-21
    reply to dsilvers
    This thing reaked havoc on my pc it killed my acronis true image 9.0, it also messed up my dvd burning software, and also gave me problems with the desktop accessing pictures with windows picture and fax viewer. I unistalled that particular update that contained verclsid.exe it was update 908531 and things started working again. I posted a thread over at the dell forums about my troubles. This update is whacked to say the least. I think some people's pc has been hosed up by the update and haven't realized it yet because they haven't tried to use certain programs that it would affect yet.

    maximusqb

    join:2005-02-21
    oh here is a link to the dell forum I posted and the troubles i had and the things I found that were affected by the patch

    »forums.us.dell.com/supportforums···#M186263


    altermatt
    Premium
    join:2004-01-22
    White Plains, NY
    Reviews:
    ·Verizon FiOS
    reply to Sparrow
    Thanks, Crystal Sky; just what I thought! However, I was leery of advising renaming in case the file was actually needed. SOMETHING is calling that file, and now (with it renamed) it will find nothing, which should introduce some sort of delay if not an error, right? The best temporary solution would be something that stops whatever from calling verclsid in the first place, it seems.

    Or am I missing something?
    --
    The truth of a thing is the feel of it, not the think of it. -- Stanley Kubrick


    Mem

    join:2002-01-03
    White Plains, NY

    1 edit

    1 recommendation

    Click for full size
    verify class ID
    It looks like windows explorer is calling verify class id prior to opening a com application (in this case OE). Any other instance has been called by windows explorer as well so far.


    altermatt
    Premium
    join:2004-01-22
    White Plains, NY
    Reviews:
    ·Verizon FiOS
    reply to maximusqb
    said by maximusqb:

    I unistalled that particular update that contained verclsid.exe it was update 908531 and things started working again.
    That's good info, especially now that I read that True Image is affected---no way am I installing something that prevents my safety net . HOWEVER, the update is critical and closes a real vulnerability, so it's really MS' responsibility to fix this ASAP. Since the only way for the computer to verify the class id (and therefore ameliorate the vulnerability) is through this problem file, those of us who don't install the patch, or who rename the file, are, I take it, continuing to be vulnerable.
    --
    The truth of a thing is the feel of it, not the think of it. -- Stanley Kubrick


    Mem

    join:2002-01-03
    White Plains, NY
    TI 9.0 Home, build 3567, just ran as scheduled without a problem. The update is installed here.