Author Topic: DLL on system left behind from WinAntiRansom  (Read 1042 times)

0 Members and 1 Guest are viewing this topic.

Offline lcseiler

  • Jr. Member
  • **
  • Posts: 6
    • View Profile
DLL on system left behind from WinAntiRansom
« on: February 12, 2018, 02:42:34 PM »
I a user of Winpatrol, and jumped on getting WinPatrol Anti-Ransom (WAR) when it came out.  I've been using it for some time, but it's been behaving badly, and I have emails to the new developer that have gone unanswered since August and January.

Last week I discovered that Microsoft Visual Studio 2013 Community Edition--which I use for various home projects--stopped working.  It doesn't give an error, just says "Microsoft Visual Studio 2013 has stopped working" right after the splash screen.  A peek into the Event Viewer gives me:

Code: [Select]
Faulting application name: devenv.exe, version: 12.0.31101.0, time stamp: 0x54548724
Faulting module name: CerberusTwo.dll, version: 2017.5.3.3, time stamp: 0x590895bc
Exception code: 0xc0000005
Fault offset: 0x0000b830
Faulting process id: 0x2178
Faulting application start time: 0x01d3a41a35b68cd9
Faulting application path: C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
Faulting module path: C:\Program Files\Ruiware\WinAntiRansom\Drivers\x32\CerberusTwo.dll
Report Id: 2c0d8410-46ae-40fa-b755-61047ac9d7de
Faulting package full name:
Faulting package-relative application ID:

Note the line "Faulting module path: C:\Program Files\Ruiware\WinAntiRansom\Drivers\x32\CerberusTwo.dll"

So, after reaching out to Winpatrol.com about this, I decided to just go ahead and uninstall WinAntiRansom for now.  But what I've found is that it doesn't remove the CerberusTwo.dll files on uninstall. :( To top it off, I am unable to delete the file as Windows reports regarding the 32-bit dll:

Quote
The action can't be completed because the file is open in Acronis Scheduler Service Helper

and for the 64-bit dll:

Quote
The action can't be completed because the file is open in GoogleCrashHandler64.exe

I can't really understand why Acronis and Google have their hooks into this DLL, unless it's something that WAR has done.  At this point, I want to just delete the DLL and unhook anything that might be using it.  Is it as simple as unregistering the DLLs?  Or is this going to break Google Chrome and/or Acronish backup?

[Forgot to mention that I'm running Windows 10 Home 64 bit on a Dell XPS-8700]

Offline lcseiler

  • Jr. Member
  • **
  • Posts: 6
    • View Profile
Re: DLL on system left behind from WinAntiRansom
« Reply #1 on: February 12, 2018, 04:12:09 PM »
I'm not sure what the real answer is here, but a second reboot seemed to decouple the two programs from those DLLs.  I was then able to delete the files manually.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19103
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: DLL on system left behind from WinAntiRansom
« Reply #2 on: February 12, 2018, 05:29:19 PM »
  I take it that Microsoft Visual Studio is working again,


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline lcseiler

  • Jr. Member
  • **
  • Posts: 6
    • View Profile
Re: DLL on system left behind from WinAntiRansom
« Reply #3 on: February 12, 2018, 08:53:23 PM »
Yes, Visual Studio 2013 Community is now working fine.

Although I liked the concept of WAR--behavior blocking rather than signature, when it started interfering with my normal usage and I cannot get a hold of their support anymore, it had to go. :(

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19103
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: DLL on system left behind from WinAntiRansom
« Reply #4 on: February 12, 2018, 09:21:35 PM »
Apparently, it has been a problem getting a response from Bret for quite a few months.  :(


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline pastywhitegurl

  • Hero Member
  • *****
  • Posts: 1015
  • advanced techno feeb
    • View Profile
Re: DLL on system left behind from WinAntiRansom
« Reply #5 on: February 13, 2018, 10:12:05 PM »
I bought WinRansom too, but was never successful at installing it.  I'm kind of glad now because it seems that there are so many problems with it.  It seems like it was released before it was really ready.