Solving the Windows 0x13d error, aka the 317 error, and watch for the scams

Yesterday when performing a routine server inventory, I received a Windows 317 error, aka a Windows 0x13d error, when I tried to view some directories remotely from a batch file.

The exact text of the error message: The system cannot find message text for message number 0x13d in the message file for System.

If you’ve received a 0x13d error and you’re wondering what it means, it seems to be an unhealthy system’s way of saying “file not found.” In my case that’s what it appeared to be. If the lack of a human-readable error message bothers you, I found two possible culprits: One is system hardening–perhaps you’ve applied the recommendations from CIS, USGCB/NIST, or the DISA STIGs to the system–or the more likely culprit, services not running that need to be. Start with some very routine maintenance. Check the remote machine to make sure all the services that are set to start automatically are indeed running, and you might want to think about rebooting.

In case you need legitimate details, pay http://msdn.microsoft.com/en-us/library/windows/desktop/ms681382%28v=vs.85%29.aspx a visit.

When researching the error code, I found an interesting scam—tons of sketchy web sites, some that did a decent job of impersonating Microsoft, offer programs to fix the issue. Microsoft doesn’t offer downloadable fix-its for error messages like this because these are the kinds of problems that require some human intelligence to resolve.

I don’t have the time to go through all of these fake sites but I did investigate the fix-it offered by the top search result, which is just a classic case of bait-and-switch. Clicking on the “fix it” link downloads something called RegCureProSetup.exe made by a company called Pareto Logic Inc. I scanned it with Virus Total, which didn’t come back with any known malware, but when I researched the program a little, it sounds like a commercial product that won’t do much until you actually pay for it, and based on what people who have actually seen it run have said, if you do pay for the program it does more harm than good. It’s certainly not a solution tailored to any specific Windows problem, and it’s not a Microsoft-sanctioned solution to anything.

A registry cleaner, which is what this program appears to be, won’t do anything for an error message. If it works to solve this problem, it works because it forces a reboot–a classic case of take two aspirin and call me in the morning if there ever was one. An aggressive registry cleaner is more likely to make the system worse than to make it better.

A few months ago I met a Microsoft sales representative, so I tipped that person off to the scam. He didn’t seem too thrilled that this was the #1 search result on Bing for the error message, and I doubt Microsoft’s legal team will be terribly thrilled that someone is trying to impersonate an official Microsoft page, including logos, and use it as what appears to be a front to sell software through affiliate links.

Of course, the first thought that came to my mind was that these fake fix-its would contain malware. That’s certainly another possibility.

So, bottom line, if you’re receiving message number 0x13d: Don’t download anything. If you can’t reboot the system right away, click Start, Run, type services.msc and hit Enter, go through the services one by one and make sure anything set to automatic is actually up and running, and schedule a reboot just as soon as possible. If you can reboot right away, reboot right away. And that’s more likely to fix this problem, and perhaps other yet-undiscovered problems, than anything.

%d bloggers like this:
WordPress Appliance - Powered by TurnKey Linux