If this is your first visit, be sure to check out the
FAQ by clicking the link above. You may have to
register or
login before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.
| 16 OCT 2006 at 1:52pm |
MrLipidPrivate Detective
Posts : 666
Joined: 10 OCT 2002
Status : Offline | No derision here. Bring on the info.
|
| 16 OCT 2006 at 2:57pm |
Cartmans DadSpace Cadet
Posts : 185
Joined: 15 DEC 2003
Status : Online | Hi MrLipid
Did you have trouble deleting the created .exe file btw?
Before you start, I would download this useful utility call ShellExView from here:
http://www.nirsoft.net/utils/shexview.html
If you run this and sort the columns by 'Filename' you can see that CmdLineExt** file there to verify all I've said above AND it will show you the CLSID of the registry entry AND which file extensions it is affecting.
Also, you can download another utility called 'WhoLockMe' from here:
http://www.dr-hoiby.com/WhoLockMe/index.php
This will show you that it's explorer.exe that is locking .exe files from being deleted.
Well, to get rid of this CmdLineExt**.dll file, first you have to remove the registry entries by doing the following:
Go to Start->Run then type:
regsvr32 /u CmdLineExt03.dll replace this name with the version(s) of CmdLineExt**.dll you have in your C:\Windows\System32 folder)
This will remove the registry entries.
Now, you probably won't be able to delete the actual CmdLineExt**.dll file itself because it's being used by Windows / explorer.
There's lots of ways we can now proceed but perhaps the simplest is to log out of your account then log back in again. Because the registry entries have gone you should now be able to delete it from the System32 folder.
Alternatively you can temporarily kill Windows explorer by:
Go to Start->Run. Type cmd to open a command window.
Press Ctrl-Alt-Delete to bring up the task manager. Go to the 'processes' tab and look for explorer.exe. Right Click on it and select 'End Process'. Windows screen may blank out or appear unresponsive, thats normal! (Alt-Tab still works if you lose focus of the cmd window). Now 'browse' to the C:\Windows\System32 folder in the command window and delete the relevant CmdLineExt**.dll file using the 'del' command.
Type explorer.exe in the command window to re-start explorer.
You should now be free of that garbage.
There was a discussion here: http://abates.tetrap.com/archives/2004/12/22/cmdlineext.html spanning two years or so about this subject and many others on the web too.
I got CmdLineExt03.dll from my Vietcong or Vietcong-Fist Alpha game some time back. More recently I got CmdLineExt.dll from well... I'm not sure. Maybe Psychonauts or Broken Sword 4 perhaps? All Securom protected titles. It would appear that [s]they install this file as part of the install process[/s] this gets installed when you start the Securom protected game .exe.
Unfortunately it doesn't get uninstalled when you uninstall the game!
|
| 16 OCT 2006 at 3:26pm |
MrLipidPrivate Detective
Posts : 666
Joined: 10 OCT 2002
Status : Offline | Got rid of x.exe by dragging it to the recycle bin before the system had finished loading. Crude, but effective.
Question: Does getting rid of the protection stop the game from loading or does the game simply respawn the protection if it finds it has been removed?
|
| 16 OCT 2006 at 4:07pm |
Cartmans DadSpace Cadet
Posts : 185
Joined: 15 DEC 2003
Status : Online | That's a good question.
I always notice this malware after I've uninstalled the game and wonder why I'm getting weird crashes, slowdowns, until it dawns on me ahhhh... that damn CmdLineExt** is back again!
I'll reinstall Vietcong again and see just when and how this file appears and what happens after it's been 'cleaned' and report back.
According to here:
http://vogons.zetafleet.com/viewtopic.php?t=4396 (LOTS of Securom games mentioned)
...the .dll gets reinstated after restarting the game .exe.
I'll see anyway.
|
| 16 OCT 2006 at 5:05pm |
Cartmans DadSpace Cadet
Posts : 185
Joined: 15 DEC 2003
Status : Online | Ok,
Interesting turn of events. [smiley=detective.gif]
Installed vanilla Vietcong. It installed CmdLineExt02.dll in the C:\Documents and Settings\'User Name'\Local Settings\Temp folder!
Ran game, tried to create/delete file and that worked too!
Patched all the way to v1.60 then for some reason the file that was in the Temp folder installed itself in C:\Windows\System32 and changed version to ...Ext03.dll. Weird.
Tried to create/delete file. Now Locked.
Unregistered .dll deleted file then restarted Windows. Still gone.
Started game, and as soon as the game .exe was started it reinstalled the registry entries AND the CmDLineExt03.dll file in System32!
So, it's the game .exe that does it.
Solution then is to remove this crap, then use a 'cracked' game.exe obviously.
I should point out that this install is from the GENUINE RETAIL CDs, not a d/led copy or whatever and the patches are all official too.
|
| 16 OCT 2006 at 6:17pm |
SirDaveGuild Master
Posts : 4940
Joined: 17 OCT 2002
Location: US
Status : Offline | If you make it a habit to set a Restore point before installing any game/program, you will save yourself the trouble of having to remove entries from the Registry if something like the above occurs.
The future ain't what it used to be!
|
