Site icon Winhelponline

[Fix] StartupCheckLibrary.dll and Winscomrssrv.dll Error at Startup

Ramesh

When you log in to your Windows computer, the following error message windows may pop up:

RunDLL

There was a problem starting StartupCheckLibrary.dll

The specified module could not be found.

RunDLL

There was a problem starting winscomrssrv.dll

The specified module could not be found.


Additionally, you may see the following error:

There was a problem starting StartupCheckLibrary.dll

Operation did not complete successfully because the file contains a virus or potentially unwanted software.

Cause

The modules StartupCheckLibrary.dll and Winscomrssrv.dll are 100% malicious programs that can steal information from your computer. You do NOT need these files on your computer. The related module winlogui.exe is a coin miner trojan. These kinds of programs come with illegal/cracked computer software and video games.

VirusTotal.com results for the StartupCheckLibrary.dll module

This malware can disable the Microsoft Defender anti-virus and perform other configuration changes on the computer. The script (maintenance.vbs) will drop the coin miner trojan named winlogui.exe in the Windows\System32 folder and then do a cleanup of all malicious files (maintenance.vbs, Winscomrssrv.dll, startupchecklibrary.dll, etc.)

In some cases, the Microsoft Defender security options may turn blank and only display the “Security at glance” message after infection. Refer to the article Windows Defender Service Missing; Security at a glance page is Empty.

The malware files run at startup via scheduled tasks instead of the regular startup locations in the registry or Startup folder.

The modules StartupCheckLibrary.dll and Winscomrssrv.dll have the “Microsoft Corporation” name in the DLL properties. But these are fake and unsigned modules that try to pose as legitimate Microsoft files.

Copyright: © Microsoft Corporation. All rights reserved.
Product: Microsoft® Windows® Operating System
Description: Startup Check Library DLL
Original Name: StartupCheckLibrary.dll
File Version 10.0.16299.15

Copyright: Microsoft Corporation. All rights reserved.
Product Name: Microsoft Windows Operating System
Description: winscomrssrv
Original Name: winscomrssrv.dll
FileVersion: 10.0.16299.15

(Malwarebytes anti-virus classifies these types of files as Trojan.FakeMS)

Microsoft Defender may successfully thwart the attack. Trojan:Win32/Tiggre!plock is the name that Microsoft has assigned to the trojan. Here’s an instance where Microsoft Defender antivirus has successfully blocked the modules StartupCheckLibrary.dll and Winscomrssrv.dll.

 

Fix: StartupCheckLibrary.dll and Winscomrssrv.dll Error at Startup

Even if Microsoft Defender has successfully eliminated or quarantined the malware files, it’s advisable to run a thorough scan using a third-party scanner like Malwarebytes Antimalware (free) and perhaps with Malwarebytes Anti Rookit.

A thorough scan with updated definition files should eliminate all traces of the malware from the file system and the registry.

Here are some of the important items that would be cleared:

Scheduled Tasks

Files

Want to Delete the Tasks and Files manually?

In case you want to delete the scheduled tasks manually, you can do so using Task Scheduler.

  1. Open Task Scheduler.
  2. Expand “Task Scheduler Library”
  3. Expand Microsoft → Windows → Wininet. Delete the Winlogui task.
  4. Similarly, delete the other three tasks (SrvHost, StartupCheckLibrary, winrmsrv) from the branches below:
    • Microsoft → Windows → WDI → Delete SrvHost
    • Microsoft → Windows → Application Experience → Delete StartupCheckLibrary
    • Microsoft → Windows → Windows Error Reporting → Delete winrmsrv
  5. Quit Task Scheduler.

Optionally, you can use Microsoft Sysinternals’s Autoruns utility to delete these entries.

Once done, restart Windows and re-run a thorough scan for malware.

I hope the startup errors relating to StartupCheckLibrary.dll and Winscomrssrv.dll are now resolved.

Exit mobile version