Request to Block shdocvw.dll

C

Cycloid Torus

v5687 - machine described earlier

After update got pop-up asking if I should block shdocvw.dll. If this is a
valid Microsoft file, why would it ask? Has it detected a non-Microsoft
file?

"Name: Microsoft® Windows® Operating System

Description: Shell Doc Object and Control Library

Publisher: Microsoft Corporation

Path: c:\windows\system32\shdocvw.dll

Advise: While this is not a known spyware threat, you might want to analyze
this program before either allowing or blocking it."

Please comment with my thanks in advance,

CT
 
B

Bill Sanderson

Perhaps partly because this product is based on technology purchased from a
third party, not all valid Microsoft files are properly identified.

If you have taken a specific action that would have resulted in this file
being replaced with a new copy, and know that the source of that copy is
safe, I'd go right ahead and let it be installed.

If such a message comes up when you are NOT aware of having any update
process in operation, I would be much more skeptical.
 
P

plun

Cycloid said:
v5687 - machine described earlier

After update got pop-up asking if I should block shdocvw.dll. If this is a
valid Microsoft file, why would it ask? Has it detected a non-Microsoft
file?
Click to expand...

Some worms exploit shdocvw.dll

http://antivirus.about.com/od/virusdescriptions/a/bofra.htm

http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

MS security bulletin about this:
http://www.microsoft.com/technet/security/bulletin/ms04-040.mspx

- Windowsupdate status ?

- Antivirus ?

- Firewall status ?, Bofra opens port 1639

--
 
C

Cycloid Torus

To Bill and plum,
Thanks for the info - pls see below.
- Windowsupdate status ?
Click to expand...

Fully updated SP2 including most recent "fixes"
- Antivirus ?
Click to expand...

NAV2004 with update including recent vulnerability update
- Firewall status ?, Bofra opens port 1639
Click to expand...

ZoneAlarm - nothing popping on 1639
--
Click to expand...
What I did note was that the most recent update from Microsoft appears to
have delivered TWO DIFFERENT shdocvw.dll files 6.00.2900.2573
(xpsp_sp2_gdr.041130-1729) (now in place in System32 folder) and
6.00.2900.2598 (xpsp.041130-1728) with modification dates five minutes
apart - consistent with my download time for the update.
Could this confuse ASw?
 
C

Cycloid Torus

This morning - after its regular scan and update last evening - ASw has
decided that shdocvw.dll is a "green bar" process.
CT
 
B

Bill Sanderson

A Green bar is a good think, but why is it being flagged at all? Are you
logging in as a non-administrator?
 
C

Cycloid Torus

Bill-

Had "green bar" once this AM logging into Admin account on start-up (cold
boot) this AM. I'll look for it tomorrow. ASw is supposed to update
automatically and I believe it did. I have not had "green bar" again after
that though I've logged in and out of the 4 accounts I use maybe 6 times
today. Not sure what a cold boot will do.

Background: Though this is a single user machine, I have 4 active accounts
which I fast-switch between, though I will logoff if I am not using an
account for several hours: 1 account is always Admin, another is usually
limited but I switch to Admin frequently because I have to for what I do
there (tweaks), the other two (for communications <IE6 set to HIGH Security>
and internet - why put ALL the worms in one basket) are limited unless I
change software - if that doesn't confuse a program which has trouble with
multiple users, I do not know what would. At least that is what I HOPE is
the case. NAV2004 was a hopeless pain in limited accounts until I fixed
registry - so a problem with multiuser is not that unusual. I hope NAV2005
is better.

Also when I logon sometimes, I often (but not more than 40%) get the orange
bar "Null" Active X block I reported earlier (related to registry key tied
to v4.windowsupdate which I believe was superceded but not entirely
removed).

Since I have taken the system to Safe Mode and run ASw a couple of times
with no positives, I'm not too concerned - maybe a little something that MS
still has to clear up.

CT
 
C

Cycloid Torus

Closing comment. Since single appearance of "green bar" the other day, no
further request to block. My guess is that ASw caught up with MS update on
this.
CT
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

blocked shdocvw.dll form being installed 2
SHDOCVW.DLL Notice 3
Microsoft AntiSpyware enigma 7
Unknown IE Bar Requires Approval 1
Explorer Bar Antispyware Notice 1
browseui.dll 9
IE web browser insertion dialog box doesnt tell you file name? 3
Can't Ping My Own IP Address - Part 2 3

Top