Jump to content
Sign in to follow this  
ky331

GTDownDE_87.ocx

Recommended Posts

This file, and 4 related registry keys, had been considered in Dec. '08 (then in database 1497), here:

http://www.malwarebytes.org/forums/index.p...art=#entry39944

and determined by Nosirrah to be safe/nonmalicous.

Yet it's now being detected again in your recent databases (e.g., 1966)... has it been reinstated for good reason now, or is it a (repeat of an old) false positive?

Malwarebytes' Anti-Malware 1.36

Database version: 1966

Windows 5.1.2600 Service Pack 3

4/11/2009 10:31:50 AM

Scan type: Quick Scan

Objects scanned: 81009

Time elapsed: 11 minute(s), 30 second(s)

Registry Keys Infected: 4

Files Infected: 1

Registry Keys Infected:

HKEY_CLASSES_ROOT\TypeLib\{df058c45-cd18-453e-8745-5a77f60722ab} (Adware.Gdown) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{b5a33c35-7298-4d15-8753-a2e851e2eab3} (Adware.Gdown) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{f0d2b812-752d-4af1-a2fb-968c4d8446db} (Adware.Gdown) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{e856b973-45fd-4559-8f82-eab539144667} (Adware.Gdown) -> No action taken.

Files Infected:

C:\WINDOWS\system32\GTDownDE_87.ocx (Adware.Gdown) -> No action taken.

Share this post


Link to post
Share on other sites

as requested:

Malwarebytes' Anti-Malware 1.36

Database version: 1966

Windows 5.1.2600 Service Pack 3

4/11/2009 10:47:43 AM

Scan type: Quick Scan

Objects scanned: 81054

Time elapsed: 5 minute(s), 32 second(s)

Registry Keys Infected: 4

Files Infected: 1

Registry Keys Infected:

HKEY_CLASSES_ROOT\TypeLib\{df058c45-cd18-453e-8745-5a77f60722ab} (Adware.Gdown) -> No action taken. [7070222519692669702622661824711867232024682317702567252169182424]

HKEY_CLASSES_ROOT\Interface\{b5a33c35-7298-4d15-8753-a2e851e2eab3} (Adware.Gdown) -> No action taken. [7070222519692669702622661824711867232024682317702567252169182424]

HKEY_CLASSES_ROOT\Interface\{f0d2b812-752d-4af1-a2fb-968c4d8446db} (Adware.Gdown) -> No action taken. [7070222519692669702622661824711867232024682317702567252169182424]

HKEY_CLASSES_ROOT\CLSID\{e856b973-45fd-4559-8f82-eab539144667} (Adware.Gdown) -> No action taken. [7070222519692669702622661824711867232024682317702567252169182424]

Files Infected:

C:\WINDOWS\system32\GTDownDE_87.ocx (Adware.Gdown) -> No action taken. [7070222519692669702622661824711867232024682317702567252169182424]

Share this post


Link to post
Share on other sites

I want to double check that this isn't actually adware because the def and file name are kind of close and I think I remember seeing this recently .

Can yup zip and attach a copy of that file here please ?

Share this post


Link to post
Share on other sites
I want to double check that this isn't actually adware because the def and file name are kind of close and I think I remember seeing this recently .

Can yup zip and attach a copy of that file here please ?

file hopefully zipped and attached...

GTDownDE_87.zip

GTDownDE_87.zip

Share this post


Link to post
Share on other sites

nosirrah, ESET NOD32 Antivirus detects it too:

C:\Users\Maniac\Desktop\Maniac\GTDownDE_87(3)\GTDownDE_87.ocx - probably a variant of Win32/Adware.Agent application - cleaned by deleting - quarantined [1]

Share this post


Link to post
Share on other sites

Probably a virus

Latest avira picks it up too as a virus

Share this post


Link to post
Share on other sites

The file in question, to the best of my knowledge, is part of the DELL Support program --- see Buitoni's response at the bottom of this thread: http://www.malwarebytes.org/forums/index.p...art=#entry53644

Let me stress that what I'm trying to question is that this file/detection was considered back in December '08, removed from MBAM's database at that point, but apparently reinstated "now" --- has something "changed" in the interim?

If the verdict is that this is malware, I will accept it. Just that such a finding might impact any DELL users that have the support program installed.

---------------------------

at Jotti, 6 (out of 20) scanners objected to this file:

A-squared Found Riskware.AdWare.Win32.Gdown!IK

antivir Found ADSPY/Gdown

Dr. Web Found Adware.Gdown

Ikarus Found not-a-virus:AdWare.Win32.Gdown

QuickHeal Found Trojan.Agent.IRC

VBA32 Found Adware.Gdown

-----------------------

at VirusTotal, 13 (out of 38) scanners objected to this file:

A-square: Riskware.AdWare.Win32.Gdown!IK

AntiVir: ADSPY/Gdown

CAT-QuickHeal: Trojan.Agent.IRC

Comodo: Unclassified Malware

Dr. Web: Adware.Gdown

Fortinet: Adware_GTDown

Ikarus: not-a-virus:AdWare.Win32.Gdown

K7AntiVirus: Trojan.Win32.Malware.1

McAfee: potentially unwanted program Generic PUP

McAfee+Artimus: potentially unwanted program Generic PUP

McAfee-GW-Edition: Ad-Spyware.Gdown

NOD32: probably a variant of Win32/Adware.Agent

VBA32: Adware.Gdown

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.