Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 



Sign in to follow this  
pointertovoid

Comctl32 aliased in WinSxS

Recommended Posts

Hello the experts!

On my (probably infested) Xp, most applications call a Comctl32.dll ubiquated in C:\Windows\WinSxS instead of the usual one. I had not noticed that up to now, but the excellent Faber Toys shows it with the full file path, see the appended screenshot. Hence I ask you:

  • Is this normal, safe and sound?
  • Or shall I consider that a malware has replaced the normal Comctl32.dll by a fake one, say in order to observe the activity on my computer?
  • If it's normal, would you know which update or application installs the modified dll?

Thank you!

WinSxS.png

Share this post


Link to post
Share on other sites

Surely a 6.0.2600.5512 version looks "queer", but should be "legit". :)

There are a lot of variables that may affect which version of a .dll  a program uses, including SP level, KB updates, Internet Explorer version and more or less *what not*.

https://msdn.microsoft.com/en-us/library/windows/desktop/hh298349(v=vs.85).aspx

Compare also with an archived version of the same page (just to show how much information MS is retracting from availability):
https://web.archive.org/web/20140424001851/http://msdn.microsoft.com/en-us/library/windows/desktop/hh298349(v=vs.85).aspx

The (flawed BTW) way WinSxS attempts to solve DLL Hell is vey likely part of the reason.

jaclaz
 

Share this post


Link to post
Share on other sites

Thanks! Apparently it's just a Visual Studio runtime that installs this mess, so I won't worry about it.

I just felt bizarre that a runtime puts its dirty fingers on an OS dll and redirects all calls by the applications to its own new version of the dll. Legitimate OK, but it looked suspicious, and for sure unexpected.

A runtime modifying the OS, this reminds me of MS Office on Win95. After installing an English Word and a German Excel on the French Win95, the actions at all applications looked like
Fermer le programme
Do you want to save the file?
Ja - Nein
which is fun the first two times and boring from the third time on.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×