Click on my logo to go to my homepage.
Click on my logo to go to my homepage. |
IBM NetVistaOdd Characters in Registry - 11/30/05 |
Editorial note: As always, the snapshots are for information only, so please excuse the blurred snapshots. Many are taken with a screen shots program called Snagit, placed on the customers pc. The program is set to save screen images automatically and email them to me with just a few clicks by the customer. Although this setup is very helpful for obvious reasons, saving in the jpg format reduces the image quality drastically.
I got a call from a client a few days after Thanksgiving, stating that they could not log onto the internet via their dial-up. He also stated he had a new program starting up each time he booted up his pc. The program was called PowerScan 1.1. (The full details of this issue can be found at www.jebswebsite.com/comp_no_dialup_devices.html).
While I was resolving the above issue, I found this one, I thought worth listing separately. During my investigation on this pc for the above issue, I went into the Registry (START>RUN>(type)REGIDIT>OK) to search for any residual files remaining from PowerScan 1.1 after it was removed. In the folder "HKEY_CURRENT_USER" is several folders (over a dozen) with very odd characters. Not odd as in some characters found in program code (!, #,>,~), but but more obscure.
Below is a snapshot of a section of that registry folder.
All of the folders are empty, so I assume that I can probably delete them, but this is risky business if you don't know what you're deleting.
Additionally, the fofllowing day after resolving the former issue and finding these curious characters in the Registry, I found more of them when I booted up the machine. When Ibooted up the machine, ZoneAlarm gave me a popup message that a program was trying to gain access to the internet. This message contained the same odd characters as I found in the registry. I denied access to the program, and opened ZoneAlarm to review the details of the program. There was nothing listed in the detail box, and clicking on the ZoneAlarm link to "learn more", as usual was a dead end.
There seems to be two main characters - the number "4", and another that reminds me of the Gillette (razor) "G" logo. Their's also the "@" and "1/4" signs.
Listed below is a picture of the popup as well as the program entry in the "Programs List" and the detail box.
|
 |
  |
I've searched the hard drive for any folders with similar characters, and didn't find any. Nor did I find any unusual programs they might be coming from. Since I can't type these types of characters (within the search engine), using the Windows search engine isn't possible.
Today I've run several virus and spyware scanning programs. Unfortunately, None of these removed the odd characters from the registry. The programs I ran were: Ewido's "Security Suite", Panda's "Active Scan", GlarySoft's "Registry Cleaner", PC PrivacySoftare's "Registry Rescue". These were in addition to Symantec's "Norton Antivirus", LavaSoft's "AdawareSE", and "SpyBot Search and Destroy".
Even after all of these programs were run, and allowed to remove the files found, I still have something trying to access the internet. The file names are different each time, and as before, do not have any details in the ZoneAlarm Entry Details.
After doing a search on the "Who Is" website (http://www.arin.net/whois/) I found that two of them (DLL's - NTLANMAN.DLL and NGERNICS.DLL) had the same IP address and the IP address belong to my Cable ISP. I've never seen these DLL's before on my own machines, so I have no idea what they are trying to do. See below (I removed the ISP number):
 |
 |
The other two IP addresses belong to a company called IANA ( Internet Assigned Numbers Authority) with a NetName called "LoopBack" (see the snapshots of the pop-ups below).
 |
 |
I didn't think about searching on the IP address, so when I did think about it today and searching, I also found out the one above with the strange characters belongs to a company named "Global Netoptex, Inc".
Not sure what it means or why there are there, just that they are messing with my pc and I can't get rid of them.
Today I've run several additional programs, as well as looking through the recycle bin (I just love digging in the trash) for the deleted files from 11/24 thru 11/26 and for files that were deleted the last two days by the different cleaning programs so that I might find clues to the origination of 1 - the modem problem that prompted the service call in the first place (see www.jebswebsite.com/comp_no_dialup_devices.html), and this issue.
Additionally, I have several more applications trying to access internet through this pc. As the instances above, I found some interesting results from the DNS search (http://www.arin.net/whois/):
|
Well, at this point, I don't have one. So as always, any suggestions would be appreciated...JEB
12/1/05 - None.
12/2/05 - Still none.
Copywright 2005
Created by:
JEB's Digital Impressions
