Jump to content
Piriform Community Forums
scotiabahn

CCleaner failing

Recommended Posts

I started getting a problem with CCleaner on my desktop PC this afternoon when I tried to run it, it seemed to try and start and then shut down, then tried to start again, then failed and kept repeating until I selected another program to run. I've tried rebooting, an AV scan, SpyBot run without finding anything. The weirdest thing is that from the desktop PC I can't access this forum, or the main CCleaner site or any site that refers to CCleaner, all IE windows shut down as soon as they start to load... I am writing this on my laptop... I have absolutely no idea what is going on... I've even tried uninstalling CCleaner, but I can't even do that because it bounces out just like everything else that refers to CCleaner... It seems like there is something on my machine that is doing some sort of DoS attack but I have no idea what to do about it...

 

Has anyone got any ideas/suggestions?

 

Many thanks.

 

 

P.S. Been doing some further rummaging - when I try and run CCleaner, the task manager briefly shows VERCLSID as a running process... no idea whether it should or not, but it's the only additional info I have... Sigh... Oh, by the way I can't even look at the folder and files in Explorer, I have to go into DOS and use DIR... Nothing interesting there, all the dates are a week or so past when I updated to a more current version...

Share this post


Link to post
Share on other sites

Someone else reported something about not being able to use CCleaner, let alone come to the website. To me it sounds like some sort of malware targeting CCleaner, since it's after all a tool that's suggested to clear out temporary junk files that can have infections.

Share this post


Link to post
Share on other sites

I was certainly thinking that it was malware targeting CCleaner at first, but I also found the wilersecurity report about verclsid.exe and my current theory (half-baked lunatic raving more like...) is that something about the last CCleaner upgrade or an MS Update has resulted in this new incompatibility. I reckon that verclsid is checking out CCleaner and bouncing it. The reference on the wildersecurity site talks about verclsid being trapped by yet another utility so they weren't having the same symptoms as me.

 

Anyway, that's my current wild-eye loony idea... :blink:

 

Happy to hear any suggestions about handling it... I don't really want to dismember verclsid unless I really have to... it's supposed to be at least vaguely useful against REAL malware...

Share this post


Link to post
Share on other sites
Here is the latest I could find

 

http://www.updatexp.com/kb908531.html

 

Well, that seems a bit simpler than some of the other guides I've seen so thanks for that, but I still have to switch off VERCLSID which is (allegedly) there to protect my machine..

 

I have seen something on the MS website relating to problems with HP and Nvidia, and there was a fix for that which updated the registry to make them 'acceptable' to VERCLSID. I guess that would be the ideal solution.. but that all rather presumes that I'm not barking mad in my suggestions about verclsid... haven't got time to do it now, but I guess I could try the guidance above and see what happens - if it doesn't fix it, then that would at least shoot my theory full of holes...

Share this post


Link to post
Share on other sites

 

 

there's a lot of those around when you start looking... from what I can work out, the original version was so crummy that they had to put another one out real quick, but that's a year back now... this pc has a (fairly... until this...) stable system so something must have changed more recently...

 

I've just tried following the guidance further above but that wasn't enough... So far I've renamed two copies of verclsid.exe to *.old (found via standard search function) and deleted the prefetch copy, then rebooted and rescanned - no sign of verclsid.exe anywhere, but no improvement either... still no CClenaer running, still no access to this forum except via laptop rather than desktop...

 

So... either I haven't managed to find everything... or it's malware...

 

guess I could try getting uninstalling the MS fix itself... I'd better put the verclsid.old files back to the 'proper' extensions otherwise they may get missed... might try that later unless anyone has any better suggestions (ever hopeful...) but now I gotta got do some other stuff for a while

Share this post


Link to post
Share on other sites
You could always post a hjt log in the section for it on the forum, just to clear up that possibility.

 

 

ummm... would you care to explain that in newbie language? :unsure:

Share this post


Link to post
Share on other sites

No problem :)

 

Read the instructions here and the download button for the hjt log program is at the bottom.

 

http://forum.piriform.com/index.php?showtopic=1720

 

 

This is the part of the forum where to post the log, the new topic button is at the top right hand side.

 

http://forum.piriform.com/index.php?showforum=12

 

Any problems, just ask someone will always help if you have problems doing it.

Share this post


Link to post
Share on other sites
No problem :)

 

Read the instructions here and the download button for the hjt log program is at the bottom.

 

http://forum.piriform.com/index.php?showtopic=1720

This is the part of the forum where to post the log, the new topic button is at the top right hand side.

 

http://forum.piriform.com/index.php?showforum=12

 

Any problems, just ask someone will always help if you have problems doing it.

 

thx - I'll have a crack at that in the morning now, only just got the study back after my son finished his homework...

Share this post


Link to post
Share on other sites
thx - I'll have a crack at that in the morning now, only just got the study back after my son finished his homework...

 

Now I'm really getting worried... I wasn't able to look at the Hijackthis website from my desktop... I downloaded it on my laptop and emailed the zip file across, but I can't expand the zip on my desktop... so do we have malware attacking CCleaner and it's related software, or is this still a verclsid issue, because HJT uses similar classes that MS consider unfriendly?

 

I'm going to have to try complete removal of KB908531 and see where that gets me, but I'll have to do it later - work to be done...

 

Meantime, anyybody has anything else to chip in, be glad to hear it...

Share this post


Link to post
Share on other sites

OK...

 

so, I've completely removed KB908531 (uninstalled through Control Panel/add/remove programs), deleted any remaining versions of verclsid.exe, including in prefetch, and scoured the registry deleting any remaing references in there, and rebooted the machine..

 

still won't run CCleaner... :o

 

tried looking at task manager again to see if there's anything happening there, see if verclsid is popping up from somewhere else...

 

no, it isn't, BUT... I have a new suspect that I could use some guidance on... I noticed that when I click on CCleaner I am now getting another process in task manager - wbjrwesa.txt, whatever the h*ll that is... :angry:

 

have tried searching for it on Google but it's not listed there... tried browsing it, but I get 'access denied'... it exists in windows/system32 and prefetch...

 

any suggestions?

 

meantime I'll go look a bit further... tempted to just try deleting the damn thing, but as I've already wrecked something else (don't ask! :rolleyes: ) trying to get rid of this, I'd like to see whether anyone has any other suggestions...

Share this post


Link to post
Share on other sites

I wonder if it's possible to put the hjt log zip on a usb drive, unzip it in there, and drag and drop the file onto your desktop, just to see if it's even possible it will allow you to run it.

Share this post


Link to post
Share on other sites
I wonder if it's possible to put the hjt log zip on a usb drive, unzip it in there, and drag and drop the file onto your desktop, just to see if it's even possible it will allow you to run it.

 

unfortunately I don't have a USB drive option for the affected machine, but I could try it on an old-fashioned floppy or even the old hard drive still attached for backups...

 

 

otherwise I think I'll just have to try and smite it!

Share this post


Link to post
Share on other sites

I can unzip it on my old E drive, but it won't run nor can I move the .exe to the desktop... as soon as I do a 'mouseover' the filename in explorer it bounces me out and shows wbjrwesa.txt in taskmgr... bother... :angry:

Share this post


Link to post
Share on other sites
I can unzip it on my old E drive, but it won't run nor can I move the .exe to the desktop... as soon as I do a 'mouseover' the filename in explorer it bounces me out and shows wbjrwesa.txt in taskmgr... bother... :angry:

 

Have you tried re-naming HJT on your other PC and then transfer the file over

Share this post


Link to post
Share on other sites
Have you tried re-naming HJT on your other PC and then transfer the file over

 

thanks, hadn't thought of that... a simple rename (dropping the H) didn't work, will now try something more sneaky, rearrange more letters, maybe change the icon... can't think of much else I can do to disguise an exe file, and besides, anything that's this smart will probably be able to see some internal identifier...

 

back in a bit...

 

thanks again...

Share this post


Link to post
Share on other sites

Hi,

Run this instead. (it will generate a hijackthis log as well)

 

Download ComboScan to your Desktop

  • Close all applications and windows.
  • Double-click on comboscan.exe to run it, and follow the prompts.
  • The scan may take a minute. When the scan is complete, a text file will open - ComboScan.txt
  • A folder Comboscan will also open which contains the Comboscan.txt and a Supplementary.txt.
  • Copy and paste the contents of ComboScan.txt in your next reply.
  • Extra Note: When running Comboscan, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags Comboscan as suspicious. Please allow the Comboscan to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

 

Share this post


Link to post
Share on other sites

fancy rename doesn't work any better... there are too many internal names that even I can see (but can't amend...)

 

unless anyone has any better ideas, I'm gonna have a crack at deleting the wbjrwesa.txt file (it would be rather ironic if I could use the Secure Delete function of CCleaner to get rid of it :) ) My suspicion is that nothing in Explorer will work, but I'm hopeful that 'ERASE' in a command window might give it a fright...

 

Meanwhile, I'll go fix the other application I broke taking out too much to get rid of this bug :blink:

Share this post


Link to post
Share on other sites
Hi,

Run this instead. (it will generate a hijackthis log as well)

 

Download ComboScan to your Desktop

  • Close all applications and windows.

  • Double-click on comboscan.exe to run it, and follow the prompts.

  • The scan may take a minute. When the scan is complete, a text file will open - ComboScan.txt

  • A folder Comboscan will also open which contains the Comboscan.txt and a Supplementary.txt.

  • Copy and paste the contents of ComboScan.txt in your next reply.

  • Extra Note: When running Comboscan, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags Comboscan as suspicious. Please allow the Comboscan to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

 

 

oops - just seen this - will go give it a try... ta muchly...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×