General discussion

Locked

Registry Got Odd Entry???

By its_reflexed ·
Hey

In My Registry
START/RUN/Regedit
In The

HKEY LOCAL MACHINE
Software
Microsoft
Windows
Current Version
Run

C:\PROGRA~1\CLOSEG~1\error trans shim.exe

There Is A Entry That Looks Like It Aint Supposed To Be There Now Running NAV2004 & AVG 7 Professional, Ad Aware Professional Build 181 All Updated I Think Myself Nah It Cant Be Wrong
But I Have Removed It Out Of MSCONFIG
Cause It Has Been Slowing And Causing Problems To The Way My Computer Runs And Acts

Does Anyone Know What This Is Cause I Dont?

C:\PROGRA~1\CLOSEG~1\error trans shim.exe

Now The Thing That Get Me Is It Is In C:/Program/closegloballist/ with 2 entry both executable

one Pile DVD.exe
and one error trans shim.exe

Is This Spyware, Virus, Worm, Bot, Maleware, Sub7, What Is It I Know Its Not Meant To Be There However!!!

So If Anyone Can Help Me Out

It Will Be Very Much Appreciated!!!

Kind Regard

The SoULjA Of JuST!c3

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by Joseph Moore In reply to Registry Got Odd Entry???

Well, I can't find anything on those file names, or that directory name (closegloballist) either, but it is just safe to assume that the file is malatious in some way.
If you want, you can try and run Filemon from Sysinternals (http://www.sysinternals.com/) and see what this file "error trans shim.exe" is doing, what other files it's opening, and what in the Registry it calls.
You could also run Fport from Foundstone (http://www.foundstone.com/resources/proddesc/fport.htm) and see if this EXE file keeps a port open.
hope this helps

Collapse -

by its_reflexed In reply to

Thanks Bro But I Have Already Removed The Files But I Just Wanted Some Information About What It Was Doing

Appreciate Your Help Anyway
But I Was Looking For What It Does
Why It Is There
How It Got In
Whether Its A Virus

I Got NAV2003 Updated And AVG 7 Pro And Ad-Aware
And All Clean So Dunno Ey
All Updated To March 3rd Today

Collapse -

by sgt_shultz In reply to Registry Got Odd Entry???

boy hope you registry jocks know how to backup stuff. think virus jocks are winning when i see you ready to rip stuff out without knowing what it is. tease - i know you are trying to find out!
since you did not mention your os, make wild guess the soula of justice running win2k.
i searched http://support.microsoft.com for windows 2000-developer (wild guessing) and keyword shim and found this i thought looked interesting..
i can't believe you rejected Joesph Moores fine information. i wrote it down myself.
<snip>
Microsoft Knowledge Base Article - 324452
16-Bit Program May Stop Responding While Calling GlobalAlloc
View products that this article applies to.
This article was previously published under Q324452
<snipped out warning about editing registry cause knew you wouldn't read it anyhow ;&gt>
SYMPTOMS
If a 16-bit program calls GlobalAlloc, the program may stop responding, and you may receive the following error message:

Program Name caused a General Protection Fault in module KRNL386.EXE at 0001:6382
Choose close. Program Name will close.
NOTE: The hexadecimal address where the problem occurs is exactly 0001:6382.
CAUSE
This issue may occur because in Windows 2000 Service Pack 2 (SP2) and later, a program compatibility shim loads in the Ntvdm.exe address space to propagate environment variables. This behavior may affect a 16-bit program, which is sensitive to 16-bit memory allocations.
RESOLUTION
To work around this problem, delete the following registry key, and then restart the computer:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCompatibility\ntvdm.exe

The 16-Bit Windows Programming guidelines recommend that GlobalAlloc be called only when it is necessary. These guidelines recommend that you use LocalAlloc instead.
STATUS
The information in this article applies to:
Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Professional SP2

Collapse -

by its_reflexed In reply to

Ok Listen Up **** Head Dun Ever Lecture Me Again Ok
Cause You Dont Know Who I Am

Secound of All I Have Windows XP Pro Cause I Am A Pro

Being Common Sense I Deleted The Entry Via Information Through Event Viewer & My Resourse (*Connections*)

It Doesnt Count To Be A Smart *** In This World

Dont Try ME!!!

Thanks For The Information Off Microsoft's Technet Site!!!

:~125478/5421ver2

Collapse -

by its_reflexed In reply to Registry Got Odd Entry???

This question was closed by the author

Back to Software Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums