2009-07-17: Common sense tech support

Posted at 2009-07-17 20:10:56 by SHD

Being the most computer literate person in my extended family, I end up providing tech support for that extended family. Honestly, I don't mind. I love to help out whenever I can. Today was another good example. I got a phonecall from my dad that some error message popped up and he could no longer browse the internet. To his credit, he had written down the error message in case it would not be reproducible by the time I would have a chance to look at it. In this case, it was "Validation failed for C:\WINDOWS\SYSTEM32\VSINIT.dll. You are probably missing a necessary root certificate."

I recognised the VSINIT.DLL file as being part of the free ZoneAlarm firewall that my parents run on their PC, in addition to the firewall in their router. Unfortunately, with the firewall refusing to start, it also blocked virtually all internet traffic. Virtually all as it does allow traffic to Windows Update, ZoneLabs' own site and to the major antivirus vendors. Checking ZoneAlarm for updates, I found that updates were available, but not for the ageing Windows 2000 OS that my parents have on that PC. (Yes, they will switch to a newer OS when they get a PC that is capable of handling it, but they don't really need it at this time). In any case, it appears this wouldn't have helped. Nor did an update of the root certificates through Windows Update, thus disproving the message's assumption that a required certificate was missing.

The ZoneAlarm files are signed to prevent tampering, which is generally A Good Thing. Unfortunately, the root certificate in question had expired. This was easily found by checking the Windows Certificate Store, which is accessible through the internet settings. Indeed, there was one certificate that had expired at midnight. This certificate had apparently not been renewed. Given my parents' PC usage patterns, this box should be safe enough behind the firewall in the NAT-ing router until an update was available. The logical course of action was to uninstall ZoneAlarm for the time being. Of course, the problem is now that the uninstaller will also, for security reasons, need to be signed and access those same DLLs. The uninstaller would not run because of the same problem that inhibited the firewall from properly functioning in the first place.

Doing a Google search on the problem found many people experiencing this problem, which is hardly surprising, since the expiry of the certificate occurs worldwide. What was surprising was how many people had trouble fixing it and came up with horribly complex ways of removing ZoneAlarm. I'm a lazy person and don't wanna have to jump through a hundred hoops to fix a problem, especially when I can just crawl under a single hoop and be done with it. The final solution was so simple that many people seem to have overlooked it: just turn back the system clock to "unexpire" the certificate and then run the uninstall.

Case Closed!

Seriously, you don't need a degree in computer science if you employ a modicum of common sense.


I was about to throw my old averatec outside and rain some murderous axe swings into it, till I found your solution!

Posted at 2009-12-13 06:23:46 by jerome

Post a comment

Note: HTML is not permitted, URLs will be linked automatically. Spam comments will result in a permanent ban.
Type these 4 symbols into the edit field