I a user of Winpatrol, and jumped on getting WinPatrol Anti-Ransom (WAR) when it came out. I've been using it for some time, but it's been behaving badly, and I have emails to the new developer that have gone unanswered since August and January.
Last week I discovered that Microsoft Visual Studio 2013 Community Edition--which I use for various home projects--stopped working. It doesn't give an error, just says "Microsoft Visual Studio 2013 has stopped working" right after the splash screen. A peek into the Event Viewer gives me:
Faulting application name: devenv.exe, version: 12.0.31101.0, time stamp: 0x54548724
Faulting module name: CerberusTwo.dll, version: 2017.5.3.3, time stamp: 0x590895bc
Exception code: 0xc0000005
Fault offset: 0x0000b830
Faulting process id: 0x2178
Faulting application start time: 0x01d3a41a35b68cd9
Faulting application path: C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
Faulting module path: C:\Program Files\Ruiware\WinAntiRansom\Drivers\x32\CerberusTwo.dll
Report Id: 2c0d8410-46ae-40fa-b755-61047ac9d7de
Faulting package full name:
Faulting package-relative application ID: Note the line "Faulting module path: C:\Program Files\Ruiware\WinAntiRansom\Drivers\x32\CerberusTwo.dll"
So, after reaching out to Winpatrol.com about this, I decided to just go ahead and uninstall WinAntiRansom for now. But what I've found is that it doesn't remove the CerberusTwo.dll files on uninstall. :( To top it off, I am unable to delete the file as Windows reports regarding the 32-bit dll:
QuoteThe action can't be completed because the file is open in Acronis Scheduler Service Helper
and for the 64-bit dll:
QuoteThe action can't be completed because the file is open in GoogleCrashHandler64.exe
I can't really understand why Acronis and Google have their hooks into this DLL, unless it's something that WAR has done. At this point, I want to just delete the DLL and unhook anything that might be using it. Is it as simple as unregistering the DLLs? Or is this going to break Google Chrome and/or Acronish backup?
[Forgot to mention that I'm running Windows 10 Home 64 bit on a Dell XPS-8700]
I'm not sure what the real answer is here, but a second reboot seemed to decouple the two programs from those DLLs. I was then able to delete the files manually.
(https://www.sysnative.com/forums/images/smilies/sysnative2_PROD/thumbsup2.gif) I take it that Microsoft Visual Studio is working again,
Yes, Visual Studio 2013 Community is now working fine.
Although I liked the concept of WAR--behavior blocking rather than signature, when it started interfering with my normal usage and I cannot get a hold of their support anymore, it had to go. :(
Apparently, it has been a problem getting a response from Bret for quite a few months. :(
I bought WinRansom too, but was never successful at installing it. I'm kind of glad now because it seems that there are so many problems with it. It seems like it was released before it was really ready.