FIXED: MSCOMCTL.OCX could not be loaded.

[Martin Smook]

I am not sure why I started getting this message in the VB6 development environment but started searching for solutions and following suggested solutions, none that was of any help.
After many many many hours of trail and error, checked the file version number of a colleague of mine - it was 6.1.98.46
Copied this file to my \syswow64 directory, de-registered and re-registered the file and voila, solved!!!

[I Love VB6]

wow!

[dilettante]

That's the version from:

MS16-004: Description of the security update for Microsoft Visual Basic Runtime 6.0: January 12, 2016

This is the newest in an ill-fated series of "ready FIRE aim!" security rollup attempts. Previous attempts contained all kinds of "off by one" bugs that basically broke tons of controls. I see this attempt backed off and only fiddles with two OCXs, but these were some of the OCXs that exhibited flaws in previous attempts.

I haven't seen anyone run a full test suite against this attempt. You may have shot yourself in the foot now, with multiple hard-to-diagnose time bombs just waiting to go off in the future.

The plus is that at least this time they offer uninstallation instructions that might work. Presuming of course you installed the rollup properly instead of just bashing around under the hood with a sledgehammer as you did.

[srikanthcd]

I am not sure why I started getting this message in the VB6 development environment but started searching for solutions and following suggested solutions, none that was of any help.
After many many many hours of trail and error, checked the file version number of a colleague of mine - it was 6.1.98.46
Copied this file to my \syswow64 directory, de-registered and re-registered the file and voila, solved!!!

I am facing same issue. Can you please send me 6.1.98.46 ocx file. it would be helpful for me. Thanks

[DEXWERX]

you would accept an OCX from someone on the internet? *shakes head*

see this recent thread for updated OCX downloads --> http://www.vbforums.com/showthread.p...windows7-64bit

[dilettante]

you would accept an OCX from someone on the internet? *shakes head*

Well, it isn't much different from accepting a gigantic ball of undocumented closed source mystery meat code from some individual on the Internet. Makes you wonder.

[Shaggy Hiker]

Frankly, I think we do that all the time. Our computers consist almost entirely of gigantic balls of undocumented closed source mystery meat code. This thread is all about that. We keep getting patches, too. Does it really matter if the vulnerability on our system comes from MS or from somebody else? In the end, we are living on trust. We can't tell whether there are hardware vulnerabilities, software vulnerabilities, or both (actually, we DO know that it is both, we just don't know how much to be concerned). Nobody lives in security, they just live in different levels of denial.

[Elroy]

Here, I'll be the nice guy and throw some copies out there. Martin, I have an extremely high degree of confidence that they're not infected, but I'd still strongly recommend that you scan them before using them. It's not quite the right metaphor, but, how do they say? Good fences makes for good neighbors? To adapt: Good virus scanning makes for good forum buddies.

Also, I tagged each file with its version number. You'll have to remove/rename that to use them.

<Removed by Mod, as it violates some rule.>

Good Luck with getting your problems straightened out,
Elroy

p.s. To moderators: Delete if you feel this is inappropriate.

p.p.s I actually use that 6.1.98.39 copy for my primary project. I use it in a SxS way, but that shouldn't make any difference. I've got that version spread all over tarnation, and I know of nobody that's having any problems specific to those controls.

[jpbro]

I appreciate your pragmatism Shaggy, though it will fall on deaf ears - it's dogmatics all the way down around here for the most part.

The mental gymnastics can sometimes be amusing to watch - tritely warning people off of closed source third-party controlled free libraries on a closed-source, third-party controlled paid operating system while using a closed-source third-party abandoned paid IDE/programming language that gained a significant amount of its popularity from an abundance of closed-source third party paid drop-in libraries and controls is ironic and faulty logic IMO, but it seems to be prevailing attitude here. It's the noisiest one at least.

[Shaggy Hiker]

I, too, use a closed source third party library in lots of my code. It's a commercial library of some renown, so I have a certain level of trust in them. However, I've also seen the problems that can produce, as they've put out several different versions that I've used (and I'm now several versions out of date), and updating the versions can be a real headache.

Frankly, our lives would be easier if we didn't have to deal with third party stuff, but that's not reality. Reality is that we all have to decide how much we trust, and who we trust. Everybody gets to draw their own line on that, too.

Except that the forum rules are what they are: Sorry Elroy, for complicated reasons, we aren't linking to compiled code except from GitHub.

[jpbro]

Frankly, our lives would be easier if we didn't have to deal with third party stuff, but that's not reality. Reality is that we all have to decide how much we trust, and who we trust. Everybody gets to draw their own line on that, too.

I'm not sure that's true if only because there's nothing stopping us from avoiding third party stuff entirely right now. We could just code all of our own stuff, or fork free open source stuff and take on maintenance of that code ourselves, but we don't because it is in fact easier to use a mix of stuff sometimes. Who wants to implement their own PDF library for example? And if you think you do, try reading the PDF spec get back to me! Sometimes the best (and/or easiest) tool for the job is closed source and costs money, sometimes it is closed source and free, sometimes it is open source and free (sometimes the various open source licenses differ enough that there's even choice there - should I use the BSD or MIT or GPL if similar code is all available?). Sometimes there's nothing suitable available out there at all and so we code our own.

The pragmatic part that I liked about your post is that we work and rely on black box closed source stuff at some level downstream already. The reality is that we have accepted this and we must have some level of trust in that downstream stuff. The point at which we demarcate that open/closed boundary is going to differ for everyone, but even the most hardcore open source "fanatic" is still likely sitting on top of closed hardware and (often) drivers. We decide (consciously or unconsciously) to be "cool" with that at some level.

The incomprehensible part for we is why make the cut-off at closed source but free libraries when the stack we're sitting on is decidedly closed. I can understand why a Linux programmer might want to stay open source all the way down to the hardware, but we're sitting on a closed IDE, closed runtime, closed operating system surrounded by plenty of closed support libraries (from Microsoft and others). Seems strange to me that the line would be drawn at closed but free as in beer libraries in this environment and in the face of everything mentioned above, but of course everyone is free to make that choice for themselves.

Anyway, we've gotten off track here so I'll shut up now

[Elroy]

Sorry Elroy, for complicated reasons, we aren't linking to compiled code except from GitHub.

No problem. I was just trying to help the guy out. Truth be told, he should be able to do an FTP search and find what he needs. If it were me, I'd possibly download three or four copies from different sources, and then check them for being binary identical, discarding any that aren't.

In fact, just for grins, I searched using the Napalm FTP Indexer (https://www.searchftps.net) and it had 319 hits. Martin, you'd need to sort out which version you were downloading, but that doesn't seem like a huge deal. Just right-click, and check properties on what you download. Viewing properties shouldn't subject you to any virus risks (as you're not executing any of the code).

Good Luck,
Elroy

[Elroy]

I'll also make a comment regarding the trusting of closed-source software. For me, it comes down to how much I think the company has to lose for screwing me over with some virus. Let's take a related example, the example of giving my credit card number to some website. Sites like Amazon, Netflix, Uber, United, and PayPal have it. I know there have been hacks, but we've still got to find a way to do online business. From my perspective, companies like Amazon etcetera have a huge amount to lose if they mis-manage my information, so I tend to trust that they're on top of security and privacy.

However, a site like https://www.chewy.com, they will never get one digit of my personal information. If they don't take PayPal, they aren't getting any of my business.

To my eyes, the same kind of "evaluation" should take place regarding software we download (particularly closed-source). Microsoft, if they distributed anything with an attached virus, it would make world-headlines, and they know it. Therefore, I trust pretty much anything I download from the microsoft.com domain without a second thought, as I suspect all of us do.

Actually, when I examine the closed-source software on my computer, there's very little that didn't come from Microsoft. Exceptions would be SPSS (which is IBM), G*Power (which is a German University, and I've spoken [email] with the creators), Paint-Shop-Pro, Adobe products, and that's about it. I do use FileZilla, VLC Media Player, and some other utilities, but I believe they're all open-source (not positive about every single one).

I suppose there is some trust involved, but it's always "trust with suspicion", and "trust with a good virus scan".

Best Regards,
Elroy

[jpbro]

Microsoft, if they distributed anything with an attached virus, it would make world-headlines, and they know it. Therefore, I trust pretty much anything I download from the microsoft.com domain without a second thought, as I suspect all of us do.

That's fair enough - if you don't trust Microsoft a least a bit and you are still using their operating system, programming language, IDE, VM, etc... then you are probably insane.

Actually, when I examine the closed-source software on my computer, there's very little that didn't come from Microsoft. Exceptions would be SPSS (which is IBM), G*Power (which is a German University, and I've spoken [email] with the creators), Paint-Shop-Pro, Adobe products, and that's about it.

Well that's 4 other vendors at least (assuming they don't subcontract anything)...and it takes just 1 to screw up badly enough for you to be "up the creek" so to me, you're not as safe as you feel in that regard. That's not even counting things like drivers (where who the heck knows what is going on). Unless you're willing/able to debug at the deepest levels, that software could be running away undetected with just about anything.

The biggest problem though is not the explicit virus, but the hidden exploitable security hole. All vendors, including (and maybe especially) the big ones like Microsoft, Intel, Apple, etc... are being hit by security exploits frequently, so I don't think there's really any extra-special safety with them.

I suppose there is some trust involved, but it's always "trust with suspicion"

Absolutely.

and "trust with a good virus scan".

You have more trust in virus scanners then I do then Just make sure you have plenty of disconnected backups!

I said I'd shut-up, and I guess I lied, but maybe it would be better to move this conversation to another thread if anyone is still interested in debating.

[Elroy]

Hey jpbro, I don't disagree with much you've said, and I don't really "like" Microsoft very much either. But I have to admit that, when it comes to viruses, I do "trust" them.

I'm about done too. Maybe we should let this one rest in peace.

Take Care,
Elroy