Microsoft KB Archive/310836

= PRB: SQL Server Enterprise Manager startup or service pack installation may fail with &quot;OleMainThreadWndName: regsvr32.exe-Invalid DLL Entrypoint&quot; error message =

Article ID: 310836

Article Last Modified on 12/29/2005

-

APPLIES TO


 * Microsoft SQL Server 2000 Standard Edition

-



This article was previously published under Q310836



SYMPTOMS
When you start SQL Server Enterprise Manager (SEM) or when you install a SQL Server service pack, you may receive the following error message:

OleMainThreadWndName: regsvr32.exe-Invalid DLL Entrypoint The dynamic link library is not written correctly. The stack pointer has been left in an inconsistent state. The entrypoint should be declared as WINAPI or STDCALL. Select YES to fail the DLL load. Select NO to continue execution.

If you click NO, the application may operate incorrectly. If you try to run SQL Enterprise Manager after the error message occurs, the SEM window may open and you receive the following error message:

A connection could not be established to UCIPATH - Specified SQL Server not found. Drivers SQLSetConnectAttr failed ConnectionOpen(CreateFile). The driver doesn't support the version of ODBC behavior that the application requested (see SQLSetEnvAttr).



CAUSE
A virus on the computer, such as the Fun Love virus, causes the error message to occur. If the Fun Love virus is on the computer, there is usually a file named Flcss.exe that exists in the WINNT\System32 folder.



RESOLUTION
For information about how to recover an already compromised system, visit the following independent Cert Coordination Center web site:

Cert Recovery Steps

http://www.cert.org/tech_tips/win-UNIX-system_compromise.html

Cert Intrusion Detection Checklist

http://www.cert.org/tech_tips/intruder_detection_checklist.html

The following Microsoft Web sites provide a list of links that have information about how you can secure your SQL Server computer:

http://www.microsoft.com/sql/techinfo/administration/2000/security/default.asp

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/sql/maintain/security/sp3sec/Default.asp

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.



MORE INFORMATION
W32.FunLove.4099 is a virus that replicates under Microsoft Windows 95 and Microsoft Windows NT systems and infects applications with EXE, SCR or OCX extensions. W32.FunLove.4099 is a direct action appending type of virus. W32.FunLove.4099 adds its code to the end of the last file section and modifies the first 8 bytes of the code at the entry-point in order to point to the virus body. The virus creates a thread in the infected process for itself and replicates in the background while it executes the host program (main thread). Therefore, the user does not easily notice any delays. This virus may also use the network to spread itself to other systems.

Additional query words: SP virus

Keywords: kbprb KB310836

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.