This issue is the biggest headache I deal with currently.
I have a VB6 application that receives an external data feed that I inherited a couple years ago from it's original developer. It runs on a remote server and will run fine for a month or so and then suddenly crash every time it starts up. When this happens, I look in the Event Viewer and see that the oleaut32.dll has "faulted". The fix I have discovered is to re-register the dll. The application then starts up and runs without issue. But then, inevitably, the whole issue will rise up again after a few months.
The research I have done indicates a number of issues that could cause this (malware, patches, etc.) but getting called at home every few months when this application fails again is getting old and tiresome.
Any ideas out there on how to alleviate a problem like this?
I would love to re-write the application in a higher level language, but that is not feasible right now for a number of business reasons.
VB6 is a higher level language. A lot of people ask us Basic people for help, yet slag our language while doing so.
In Task Scheduler set a task to run when that event message is generated.
so in a batch file
regsvr32 oleaut32
"c:\some folder\your vb6 program.exe"
But always include the full error message. It might mean something to me.
I would also test that server for hardware faults.
To See if a Fix is Available
In Control Panel (and select Classic view in the left hand pane) choose Problem Reports and Solutions (type problem in Start's search box), go to Problem History, right click your error and choose Check For Solution. You may also right click and choose Details for more info. Post those details here.
To See if a Recent System Change Caused It
In Control Panel (and select Classic view in the left hand pane) choose Administrative Tools then choose Reliability and Performance Monitor and choose Monitoring Tools then Reliability Monitor (type Reliability in search on Start) . This list is a chart of software installs, uninstalls, Windows updates, and crashes by date (scroll left to see earlier dates). See if your crashes started happening after you installed or uninstalled something.
Standard Hardware Troubleshooting
First lets test what hardware we can. Hardware faults can appear as many software faults, therefore we need to test hardware first..
Please do the following in order. Memory faults can cause disk corruption, disk faults can cause disk corruption. Disk corruption causes corrupted files (which SFC may be able to fix). If you get an hardware error stop and post back. Do not run chkdsk with faulty memory.
Memory Diagnostic If you haven't run a memory diagnostic then please do so. Click Start - Control Panel - choose Classic View in left hand pane - choose Administrative Tools - then Memory Diagnostics Tool.
S.M.A.R.T Start - All Programs - Accessories - Right click Command Prompt and choose Run As Administrator. Type (or copy and paste by right clicking in the Command Prompt window and choosing Paste).
Disk drives in Windows monitor themselves for impending failure. The feature is called S.M.A.R.T. It will detect impending failure 30% of the time. In an elevated command prompt type (it's one line)
wmic /namespace:\\root\wmi PATH MSStorageDriver_FailurePredictStatus get active,predictfailure,reason /format:List
If it's on Active will be true, if not on turn it on in the computer's BIOS.
Predict Failure should be False if everything's ok. There are two reasons.
0 Unknown
255 Test - Not a failure
In Vista and later if SMART predicts failure Windows prompts the user to run Backup.
Run Chkdsk In Computer right click all your drives and choose Properties, then Tools tab, then click Check Now. Tick BOTH checkboxes then Start. Reboot. This will take overnight.
SFC Check for file corruption by clicking Start - All Programs - Accessories - Right click Command Prompt and choose Run As Administrator. Type (or copy and paste by right clicking in the Command Prompt window and choosing Paste).
sfc /scannow
Heat Heat can cause problems like this and also sudden reboots without crashing. Ensure your fans are not clogged with dust.
Processor (CPU) Intel has a utility to check processors.
32 Bit Windows https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=19791
64Bit Bit Windows https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=19792
For Memory Diagnostic Results Click Start - Control Panel (and select Classic view in the left hand pane) choose Administrative Tools then Event Viewer then look at Event Viewer (Local) - Applications and Services - Microsoft - Windows - MemoryDiagnostic-Results for entries.
Look for EventID is 1201 or 1101 and Source is MemoryDiagnostic-Results
Double click the entry for details on that entry.
For Chkdsk Results
Start - All Programs - Accessories - Right click Command Prompt and choose Run As Administrator. Type (or copy and paste by right clicking in the Command Prompt window and choosing Paste).
edit c:\bootex.log
Does this file exist with something in it?
The following commands query the event logs.
For boot time checking using source name for any Windows version (as it varies).
wmic /append:"%userprofile%\desktop\DiskEvents.html" PATH Win32_NTLogEvent where (sourcename='Autocheck' or sourcename='Winlogon' or sourcename='WinInit') get /format:HForm
For running chkdsk within Windows.
wmic /append:"%userprofile%\desktop\DiskEvents.html" PATH Win32_NTLogEvent where (sourcename='Chkdsk') get /format:HForm
For warnings about disk problems detected during normal operations and automatic repairs made by Windows at the time the problems were discovered.
wmic /append:"%userprofile%\desktop\DiskEvents.html" PATH Win32_NTLogEvent where (sourcename='NTFS' or Sourcename='Disk') get /format:HForm
Then to view the file created.
start "" "%userprofile%\desktop\DiskEvents.html"
Click Start - Control Panel (and select Classic view in the left hand pane) choose Administrative Tools then Event Viewer then look at both the Application and System logs (under Windows Logs) for entries.
Look for EventID is 7 and Source is Disk
Look for EventID is 11 and Source is Disk
Look for EventID is 50 and Source is Disk
Look for EventID is 51 and Source is Disk
Look for EventID is 52 and Source is Disk
Look for EventID is 55 and Source is NTFS
Look for EventID is 130 and Source is NTFS
Look for EventID is 134 and Source is NTFS
Look for EventID is 137 and Source is NTFS
Look for EventID is 1001 and Source is Autochk
Look for EventID is 1001 and Source is Winlogon
Look for EventID is 1001 and Source is WinInit
Look for EventID is 1001 and Source is Chkdsk
Look for EventID is 26212 and Source is Chkdsk
Look for EventID is 26213 and Source is Chkdsk
Look for EventID is 26214 and Source is Chkdsk
Double click the entry for details on that entry.
P.S. 7 and 55 are the auto repair codes where windows repairs disk errors silently on the fly. 52 is the SMART warning.
If the results don't get transferred to the event logs from a boot time chkdsk then the results are probably in the following file c:\Bootex.log. This file gets deleted when the results are moved into the event logs.
For SFC Results Start - All Programs - Accessories - Right click Command Prompt and choose Run As Administrator. Type (or copy and paste by right clicking in the Command Prompt window and choosing Paste).
findstr /c:"[SR] Cannot" %windir%\logs\cbs\cbs.log|more
This will see which files are corrupted.
To see if it did anything
findstr /c:"[SR] Repairing" %windir%\logs\cbs\cbs.log|more
There are frequent false positives for small text files Windows uses such as desktop.ini and settings.ini. Also due to an update .mof files starting with wd may also be flagged. Ignore these.