Thanks for the suggestion. I'll check it out. The version on my system (NOT the one having problems) is 6.0.2900.5512. I don't have the fsum app, so I can't say what the checksum is. Can you advise where to get that?
John-AldrichTile-Tools From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, January 06, 2010 9:12 AM To: NT System Admin Issues Subject: RE: SHDOCVW.DLL disappearing from Windows XP Pro (Vipre Enterprise) John, I am going to assume that you are running XP SP3, what is the version of that shdocvw.dll? I have 6.0.2900.5580 Its SHA1 hash is the following: C:\WINDOWS\system32>fsum -sha1 shdocvw.dll ; SlavaSoft Optimizing Checksum Utility - fsum 2.5 <www.slavasoft.com> ; ; Generated on 01/06/10 at 09:04:01 ; 557776093fc907a1efd708c5251969eec4a7d5d2 ?SHA1*shdocvw.dll Check the hash on your dll, and make sure it is the same. ( You will need a pristine system patched to the latest baseline) and verify it's the same. If it isn't, then something is going awry. The dll is the shell doc object and control library dll. Per the process explorer you can see which executables this dll is invoked in. By default its explorer.exe, Winword, outlook, mstsc ( remote desktop connection) I would also check these version and make sure they also hash the same way. Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 _____ From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Wednesday, January 06, 2010 8:50 AM To: NT System Admin Issues Subject: SHDOCVW.DLL disappearing from Windows XP Pro (Vipre Enterprise) I have Vipre Enterprise and on one of the client machines the critical system file shdocvw.dll (Windows XP Pro) has disappeared twice after Vipre detects SearchMiracle.EliteBar. I'm not sure the two are related, but it's awfully suspicious to me that this is happening. The first time it happened, I was out of the office and couldn't get to the machine until the next day, so the user lost the use of his computer for half a day. The second time (yesterday afternoon) the user notified me just about quitting time that Vipre was telling him it needed to reboot to finish cleaning itself of an infestation. I told him to reboot and when we tried to log in after it came back up, the desktop was bare - not even a taskbar. Fortunately, CTL+ALT+DEL worked and I was able to pull up a command prompt and repair the damage (again.) Anyone seen this behavior? Is it a false positive? Should I put that file in the "admin known good" section on the server so Vipre will leave it alone? FWIW, I posted a similar topic on the Vipre Enterprise support forum. Just thought I'd post it here as well so anyone who has a similar problem can fix it like I did - I copied the relevant file off my desktop machine and put it on the affected machine, and miracle of miracles, I was able to launch Explorer.exe and the desktop reappeared. J John-AldrichTile-Tools ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
<<image001.jpg>>
<<image002.jpg>>
