jc10
asked on
Spyware? Virus? Urgently strange: "Found New Hardware" but nothing new installed; "new" device name not found in online searches.
Hi,
I have a WinXP system. Just now, after restart, it starts the found new hardware wizard when I have absolutely not installed any new hardware. Haven't plugged anything new into usb ports or anything. The name of the device is "SDDMI2", for which absolutely nothing comes up when I search online at google, yahoo, msn, dell forums, experts-exchange. In the device manager, it shows up under "Other Devices" with a big yellow "!", of course cause it's not installed yet.
But I don't know what it is and am afraid it may be some type of virus/spyware/etc so I don't even know what to do with it. I even looked under "msconfig" just to see, but there is nothing out of the ordinary there as far as I can see.
I think the strangest things are: 1) I didn't even install anything; and 2) even stranger that I can't find anything on the internet relating to the name of this "new" device.
Does anyone have any ideas or suggestions on either what it is, how to get rid of it? I guess I can disable it in the device manager, but I don't know if that would just "hide" it or if it would really get rid of it permanently. I'm concerned that it may be some type of privacy/security issue. Thanks.
I have a WinXP system. Just now, after restart, it starts the found new hardware wizard when I have absolutely not installed any new hardware. Haven't plugged anything new into usb ports or anything. The name of the device is "SDDMI2", for which absolutely nothing comes up when I search online at google, yahoo, msn, dell forums, experts-exchange. In the device manager, it shows up under "Other Devices" with a big yellow "!", of course cause it's not installed yet.
But I don't know what it is and am afraid it may be some type of virus/spyware/etc so I don't even know what to do with it. I even looked under "msconfig" just to see, but there is nothing out of the ordinary there as far as I can see.
I think the strangest things are: 1) I didn't even install anything; and 2) even stranger that I can't find anything on the internet relating to the name of this "new" device.
Does anyone have any ideas or suggestions on either what it is, how to get rid of it? I guess I can disable it in the device manager, but I don't know if that would just "hide" it or if it would really get rid of it permanently. I'm concerned that it may be some type of privacy/security issue. Thanks.
stengelj
You can't post duplicate questions in separate topics. The admins will likely delete one of your questions soon if you don't. What you CAN do is create pointers to your original question. A question is not allowed more than 500 points per question so you should select the correct location for you question and delete it in the locations you do don't want it in.
ASKER
Oh, I didn't know that. Thanks. I'll delete the other one and leave this one open.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the responses. The most worrisome thing for me is that searches online turn up nothing. I'm not sure what I'll try next just yet, but this is what I have so far. Any feedback is appreciated.
WallD, I've gone through those scans listed on the link you gave, as well as a virus scan, but nothing out of the ordinary came up.
Phil, whenever I reboot, I get the "found new hardware" wizard, but the first screen of the wizard asks if i give permission to access windows update to get the required driver for the new hardware. It says I can give permission everytime, just this time, or not at all. If I select to not give permission, it asks to select the proper device driver automatically or manually. If I select manually, I get a list of device types. If I hit cancel, then the wizard will exit, but will reappear upon startup or if I scan for new hardware from the device manager. There is no where that I get the option you mentioned to "Do Not Install" and to "never ask for installation". At what point should it ask me that question? Does this hardware wizard not act the way the hardware wizard is supposed to? By the way, I'm using WinXP Home w/ SP2 if that makes a difference in the hardware wizard. In device manager, it is shown as "SDDMI2" with a yellow "!". Under properties for this device, it says everything is unknown (manufacturer, location) and that this item is not properly installed. Nothing about "occam's razor". I haven't tried safemode and defrag yet, and I haven't tried all the stuff listed in your guide yet.
armeen, here is the registry entry i found. I searched for the file shown, "DDMI2.sys" online and got a couple hits for it, but it is just listed in somebody's post, not talked about at all:
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\
Class Name: <NO CLASS>
Last Write Time: 4/12/2005 - 11:04 PM
Value 0
Name: Type
Type: REG_DWORD
Data: 0x1
Value 1
Name: Start
Type: REG_DWORD
Data: 0x3
Value 2
Name: ErrorControl
Type: REG_DWORD
Data: 0x1
Value 3
Name: ImagePath
Type: REG_EXPAND_SZ
Data: \??\C:\WINDOWS\system32\DD
Value 4
Name: DisplayName
Type: REG_SZ
Data: SDDMI2
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\
Class Name: <NO CLASS>
Last Write Time: 4/12/2005 - 6:46 PM
Value 0
Name: Security
Type: REG_BINARY
Data:
00000000 01 00 14 80 90 00 00 00 - 9c 00 00 00 14 00 00 00 ................
00000010 30 00 00 00 02 00 1c 00 - 01 00 00 00 02 80 14 00 0...............
00000020 ff 01 0f 00 01 01 00 00 - 00 00 00 01 00 00 00 00 ÿ...............
00000030 02 00 60 00 04 00 00 00 - 00 00 14 00 fd 01 02 00 ..`.........ý...
00000040 01 01 00 00 00 00 00 05 - 12 00 00 00 00 00 18 00 ................
00000050 ff 01 0f 00 01 02 00 00 - 00 00 00 05 20 00 00 00 ÿ........... ...
00000060 20 02 00 00 00 00 14 00 - 8d 01 02 00 01 01 00 00 ...............
00000070 00 00 00 05 0b 00 00 00 - 00 00 18 00 fd 01 02 00 ............ý...
00000080 01 02 00 00 00 00 00 05 - 20 00 00 00 23 02 00 00 ........ ...#...
00000090 01 01 00 00 00 00 00 05 - 12 00 00 00 01 01 00 00 ................
000000a0 00 00 00 05 12 00 00 00 - ........
WallD, I've gone through those scans listed on the link you gave, as well as a virus scan, but nothing out of the ordinary came up.
Phil, whenever I reboot, I get the "found new hardware" wizard, but the first screen of the wizard asks if i give permission to access windows update to get the required driver for the new hardware. It says I can give permission everytime, just this time, or not at all. If I select to not give permission, it asks to select the proper device driver automatically or manually. If I select manually, I get a list of device types. If I hit cancel, then the wizard will exit, but will reappear upon startup or if I scan for new hardware from the device manager. There is no where that I get the option you mentioned to "Do Not Install" and to "never ask for installation". At what point should it ask me that question? Does this hardware wizard not act the way the hardware wizard is supposed to? By the way, I'm using WinXP Home w/ SP2 if that makes a difference in the hardware wizard. In device manager, it is shown as "SDDMI2" with a yellow "!". Under properties for this device, it says everything is unknown (manufacturer, location) and that this item is not properly installed. Nothing about "occam's razor". I haven't tried safemode and defrag yet, and I haven't tried all the stuff listed in your guide yet.
armeen, here is the registry entry i found. I searched for the file shown, "DDMI2.sys" online and got a couple hits for it, but it is just listed in somebody's post, not talked about at all:
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\
Class Name: <NO CLASS>
Last Write Time: 4/12/2005 - 11:04 PM
Value 0
Name: Type
Type: REG_DWORD
Data: 0x1
Value 1
Name: Start
Type: REG_DWORD
Data: 0x3
Value 2
Name: ErrorControl
Type: REG_DWORD
Data: 0x1
Value 3
Name: ImagePath
Type: REG_EXPAND_SZ
Data: \??\C:\WINDOWS\system32\DD
Value 4
Name: DisplayName
Type: REG_SZ
Data: SDDMI2
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\
Class Name: <NO CLASS>
Last Write Time: 4/12/2005 - 6:46 PM
Value 0
Name: Security
Type: REG_BINARY
Data:
00000000 01 00 14 80 90 00 00 00 - 9c 00 00 00 14 00 00 00 ................
00000010 30 00 00 00 02 00 1c 00 - 01 00 00 00 02 80 14 00 0...............
00000020 ff 01 0f 00 01 01 00 00 - 00 00 00 01 00 00 00 00 ÿ...............
00000030 02 00 60 00 04 00 00 00 - 00 00 14 00 fd 01 02 00 ..`.........ý...
00000040 01 01 00 00 00 00 00 05 - 12 00 00 00 00 00 18 00 ................
00000050 ff 01 0f 00 01 02 00 00 - 00 00 00 05 20 00 00 00 ÿ........... ...
00000060 20 02 00 00 00 00 14 00 - 8d 01 02 00 01 01 00 00 ...............
00000070 00 00 00 05 0b 00 00 00 - 00 00 18 00 fd 01 02 00 ............ý...
00000080 01 02 00 00 00 00 00 05 - 20 00 00 00 23 02 00 00 ........ ...#...
00000090 01 01 00 00 00 00 00 05 - 12 00 00 00 01 01 00 00 ................
000000a0 00 00 00 05 12 00 00 00 - ........
ok so it gives a .sys file, have a look at the properties for:
C:\WINDOWS\system32\DDMI2.
does it give a company name?
note: drivers normally live in c:\windws\system32\drivers
ed
C:\WINDOWS\system32\DDMI2.
does it give a company name?
note: drivers normally live in c:\windws\system32\drivers
ed
ASKER
Ok, I checked the file properties now. Sorry, I misunderstood your post before when u mentioned the properties. Here is what it says:
Description: DDMI Service
Copyright: 2001-2004 Gteko Ltd.
File Version: 1.0.0.7
Product Name: DDMI
So that is helpful, at least there is a name now. I'll see what else I can find online with this new info now. Or maybe someone recognizes the name? Thanks for the help to this point.
Description: DDMI Service
Copyright: 2001-2004 Gteko Ltd.
File Version: 1.0.0.7
Product Name: DDMI
So that is helpful, at least there is a name now. I'll see what else I can find online with this new info now. Or maybe someone recognizes the name? Thanks for the help to this point.
hmm no worries, I am not sure if it will help tho beause i checked their web site and they provide software for other companies to ship - if you can't find which product, in windows explorer sort the files by date modified and look for any other files which were modified at the same time as this sys file, the idea of this is to find which files were installed at the same time as this file - if you find any (and the times are pretty much identical) then that may give some clue as to what the device is.
i wouldnt normally recommend it, but in this case it might be worth doing, if you delete:
HKEY_LOCAL_MACHINE\SYSTEM\
then it won't be displayed in the device manager as it won't exist.
You will need to right click on the key, go to properties and give yourself permissions to delete the key first.
HKEY_LOCAL_MACHINE\SYSTEM\
then it won't be displayed in the device manager as it won't exist.
You will need to right click on the key, go to properties and give yourself permissions to delete the key first.
export it first tho and make a backup in case u get problems later on.
:)
ed
:)
ed
According to your C:\WINDOWS\system32\DDMI2.
Does your company use any of these products?
http://www.gteko.com/?page=prodmodules.htm
GTAgent
A preemptive support module, GTAgent enables targeted distribution of software updates (drivers and applications), Auto Fixes and informational messages to Windows-based systems.
More Details.
GTWebCheck
An automated self-help problem-resolution system for Windows-based software, GTWebCheck is only initiated and activated by the user.
More Details.
GTSolve
A web-based portal or local application that automates 'Frequently Asked Questions' (FAQ), GTSolve provides direct access to a rich library of Auto Fixes, tutorials and utilities.
More Details.
GTConnect
A first-time setup application, GTConnect automates the initial setup and configuration of an Internet connection and home networks.
More Details.
GTAssist
Combining traditional help-desk capabilities of service ticket management with a diagnostic and problem resolution mechanism, GTMail is Gteko's automated, web-based, e-mail support platform.
More Details.
GTRemote
PC users are allowed to connect over the Internet to an online technical support center without worrying about firewalls and proxies using GTRemote, Gteko's remote control tool.
More Details.
GTGuard
An automated security-enforcement solution, GTGuard helps end-users and IT managers maintain a secure desktop environment.
More Details.
GTInventory
An easily implemented asset-management tool, GTInventory provides automated asset discovery, reporting capabilities and supports software license management.
More Details.
GTHomeNet
Using an easy and intuitive graphical interface, GTHomeNet allows end-users to easily control their home network and digital devices.
More Details.
Also, I was doing it by memory, but you can disable a piece of hardware by selecting the yellow ! device (DDMI in your case)--
>properties-->
Under the General Tab-->Device usage-->Do not use this device (disable)
This will disable this device.
And Occam's razor is a theory...Google it for more details...
In short, in the face of something unknown, the most likely conclusion is the answer or it's right in front of you so don't think too hard about it because it's just a device driver loaded from an application that may be already used. Your helpdesk or your IT department may be using this on your system for support purposes.
As I look up the Gteko products, they are for helpdesk support and for remote software distribution for corporations.
Does your company use any of these products?
http://www.gteko.com/?page=prodmodules.htm
GTAgent
A preemptive support module, GTAgent enables targeted distribution of software updates (drivers and applications), Auto Fixes and informational messages to Windows-based systems.
More Details.
GTWebCheck
An automated self-help problem-resolution system for Windows-based software, GTWebCheck is only initiated and activated by the user.
More Details.
GTSolve
A web-based portal or local application that automates 'Frequently Asked Questions' (FAQ), GTSolve provides direct access to a rich library of Auto Fixes, tutorials and utilities.
More Details.
GTConnect
A first-time setup application, GTConnect automates the initial setup and configuration of an Internet connection and home networks.
More Details.
GTAssist
Combining traditional help-desk capabilities of service ticket management with a diagnostic and problem resolution mechanism, GTMail is Gteko's automated, web-based, e-mail support platform.
More Details.
GTRemote
PC users are allowed to connect over the Internet to an online technical support center without worrying about firewalls and proxies using GTRemote, Gteko's remote control tool.
More Details.
GTGuard
An automated security-enforcement solution, GTGuard helps end-users and IT managers maintain a secure desktop environment.
More Details.
GTInventory
An easily implemented asset-management tool, GTInventory provides automated asset discovery, reporting capabilities and supports software license management.
More Details.
GTHomeNet
Using an easy and intuitive graphical interface, GTHomeNet allows end-users to easily control their home network and digital devices.
More Details.
Also, I was doing it by memory, but you can disable a piece of hardware by selecting the yellow ! device (DDMI in your case)--
>properties-->
Under the General Tab-->Device usage-->Do not use this device (disable)
This will disable this device.
And Occam's razor is a theory...Google it for more details...
In short, in the face of something unknown, the most likely conclusion is the answer or it's right in front of you so don't think too hard about it because it's just a device driver loaded from an application that may be already used. Your helpdesk or your IT department may be using this on your system for support purposes.
As I look up the Gteko products, they are for helpdesk support and for remote software distribution for corporations.
Again, I don't think you have anything to worry about.
1. Disable the device in Device Manager as I noted above. This will prevent the Hardware Wizard from bringing it up again.
2. Contact your IT folks and ask them if they are using this software.
3. Check the malware/spyware cleaning guide I linked to eariler if you are still paranoid.
I do not believe that anything insidious is going on within your system.
1. Disable the device in Device Manager as I noted above. This will prevent the Hardware Wizard from bringing it up again.
2. Contact your IT folks and ask them if they are using this software.
3. Check the malware/spyware cleaning guide I linked to eariler if you are still paranoid.
I do not believe that anything insidious is going on within your system.
While I'm here :)
Occam's Razor
http://en.wikipedia.org/wiki/Occam's_Razor
"When multiple explanations are available for a phenomenon, the simplest version is preferred."
Occam's Razor
http://en.wikipedia.org/wiki/Occam's_Razor
"When multiple explanations are available for a phenomenon, the simplest version is preferred."
ASKER
Ok, thanks for all the help. Like I said at the beginning, I was most concerned with the fact that searching online gave zero results. Usually if I have some computer/spyware/whatever issue, I just search online and fix it up, and even if I can't fix it myself easily, at least I can find info about it. So, I appreciate your patience.
I managed to get through to the tech support. He just asked me uninstall the "SDDMI2" device through the device manager. When I restarted after that, the new hardware wizard didn't come back. Then I just emphasized my concern was not JUST with how to uninstall, but also with how this happened in the first place (in case of spyware, etc.). The guy basically said it was a normal file, and a normal registry entry. He said probably cause by some conflict or driver update related to running windows update. He said it's not common, but it happens.
So again thanks. It was really just a rare non-issue I guess. I'll do my best with the points.
I managed to get through to the tech support. He just asked me uninstall the "SDDMI2" device through the device manager. When I restarted after that, the new hardware wizard didn't come back. Then I just emphasized my concern was not JUST with how to uninstall, but also with how this happened in the first place (in case of spyware, etc.). The guy basically said it was a normal file, and a normal registry entry. He said probably cause by some conflict or driver update related to running windows update. He said it's not common, but it happens.
So again thanks. It was really just a rare non-issue I guess. I'll do my best with the points.
jc10,
Just make sure that YOUR IT folks use the tools from Gteko.
I started looking at the tools and they offer some very powerful functionality--control of your system. I can see legitimate uses for it, but I can also see someone misuse it.
Just make sure that YOUR IT folks use the tools from Gteko.
I started looking at the tools and they offer some very powerful functionality--control of your system. I can see legitimate uses for it, but I can also see someone misuse it.
ASKER
Phil, it was Dell tech support for my fairly new Dell home system. I'm relieved that it's supposedly something normal, but you're right, I'm curious about why it is there too. I didn't ask specifically about Gteko though. Maybe it's for the Remote Assistance tool? Hopeful it's something like that, though I don't know how to determine that.
Thanks for the tip...I wonder if we'll see an exploit to Dell's tech support methodology in the coming months using this Gteko software.
Interesting.
Interesting.
