googledownload.exe

Kaotik · Dec 4, 2009

Even if you're running some sort of AV program, check your running processes, this is apparently quite new and goes unnoticed by most AV programs.

The file is located (in Win7 anyway) under C:\Users\[username]\AppData\Roaming\ and won't be visible until you untick "hide protected system files" or some such (and possibly the "show hidden files and folders", too)

If it's there, and it's properties say "Project1.exe" as original filename, it's the same I found on my rig

It's unknown what this thing does, but it manages to get itself to run on startup even with UAC enabled with "WinSysMon" as description (or whatever it is)

Some AV scanners reports:
ArcaVir 2009-12-04 Found nothing
CDATA 2009-12-04 Trojan.Generic.2794360
A-SQUARED 2009-12-04 Found nothing
IKARUS 2009-12-04 Found nothing
AVAST! 2009-12-04 Found nothing
Kaspersky 2009-12-04 Found nothing
AVG 2009-12-04 Packed.VBCrypt
NOD32 2009-12-04 Win32/Injector.AJK
AntiVir 2009-12-04 TR/Crypt.XPACK.Gen
NORMAN Operation timed out
BitDefender 2009-12-04 Trojan.Generic.2794360
PANDA 2009-12-04 Generic
ClamAV 2009-12-04 Found nothing
Quick Heal 2009-12-04 Found nothing
CP Secure 2009-12-04 Found nothing
SOPHOS 2009-12-04 Found nothing
Dr. WEB 2009-12-04 Found nothing
VBA32 2009-12-02 Found nothing
F-PROT 2009-12-04 Found nothing
VirusBuster 2009-12-04 Found nothing
F-Secure 2009-12-04 Found nothing

Missing from that list is MS Security Essentials, which also reports it as safe/clear

Scott_Arm · Dec 4, 2009

So what does it do?

Kaotik · Dec 4, 2009

Scott_Arm said:
So what does it do?

Unknown at this point, but does that even matter?
Point being, it's something that shouldn't get on your computer (as in: gets in there without user intentionally getting it there) and goes unnoticed by most AV programs (at the moment)

if it's the same as the one it reports as it's original filename, Project1.exe, it's "remote adminstration tool" which can allow someone to take over your rig, in theory anyway.

Scott_Arm · Dec 4, 2009

Kaotik said:
Unknown at this point, but does that even matter?
Point being, it's something that shouldn't get on your computer (as in: gets in there without user intentionally getting it there) and goes unnoticed by most AV programs (at the moment)

if it's the same as the one it reports as it's original filename, Project1.exe, it's "remote adminstration tool" which can allow someone to take over your rig, in theory anyway.

Yeah, it doesn't matter. Was just curious. Will probably check for it when I get home.

digitalwanderer · Dec 4, 2009

Pfffft, it has "google" in the name...it must be safe. :yep2:

Zaphod · Dec 4, 2009

Put it through Virustotal.

digitalwanderer · Dec 4, 2009

Hey, speaking of viruses....what's the current best freeware anti-virus software for xp/vista? I got a friend with horrible net cruising skills..

Richard · Dec 4, 2009

digitalwanderer said:
Hey, speaking of viruses....what's the current best freeware anti-virus software for xp/vista? I got a friend with horrible net cruising skills..

Best AV? Don't visit warez sites, or gay sheep pr0n websites for that matter.

pcchen · Dec 4, 2009

Oh, sometimes that's hard to control though. Some people just... don't understand computer security.

Personally I installed AVIRA personal edition on all my home computers. It's free and performs reasonably well, although in my only virus incident (which, mysteriously, happened after my sister used my computer...), it didn't remove the virus successfully, and I had to find other ways to do so.

According to AV Comparatives' report, Microsoft Security Essentials performs also reasonably well for a free product. I've actually used it to replace AVIRA on two of my home computers. Of course, it's very difficult to compare between them because my home computers rarely have the chance to have any contact with a virus

Arwin · Dec 4, 2009

digitalwanderer said:
Hey, speaking of viruses....what's the current best freeware anti-virus software for xp/vista? I got a friend with horrible net cruising skills..

I'm still using AVG Free myself. Seems decent enough (except for that one incident last year

- probably won't happen again though

).

That's one advantage of the PS3's browser (I'm using right now) - not likely to get any virusses from any site whatsoever.

ShaidarHaran · Dec 4, 2009

I'll bet Combofix or MWAV would catch it if run in safe mode.

Sinistar · Dec 5, 2009

My guess, its what keeps Chrome updated.

digitalwanderer · Dec 5, 2009

Arwin said:
I'm still using AVG Free myself. Seems decent enough (except for that one incident last year - probably won't happen again though ).

Thanks! AVG, that was it.

What happened last year? I never follow virus protection stuff...

Kaotik · Dec 5, 2009

Sinistar said:
My guess, its what keeps Chrome updated.

Yeah, except that I don't have Chrome installed

MS Security Essentials is quite good package, even though this went unnoticed (like it did with most other softwares)
quite a few people say it's rated atm the best free av package on independent tests, don't have links though so don't know if it's really true

Malo · Dec 5, 2009

ShaidarHaran said:
I'll bet Combofix or MWAV would catch it if run in safe mode.

I didn't think combofix worked under anything but XP

ShaidarHaran · Dec 5, 2009

Malo said:
I didn't think combofix worked under anything but XP

I use it every week at work to clean up infected PCs, works just fine under Vista and even 7.

Arwin · Dec 5, 2009

digitalwanderer said:
What happened last year? I never follow virus protection stuff...

Just over a year ago, there was a glitch in the definitions file that caused AVG8 on Windows XP to consider user32.dll an infected file and delete it (after which machines tended not to boot anymore, or kept rebooting in a loop). I think it only affected Dutch, French, Italian, Portuguese or Spanish versions of XP though, or everyone here would have known about it

, and obviously the issue was addressed rather quickly.

Neb · Dec 5, 2009

Richard said:
Best AV? Don't visit warez sites, or gay sheep pr0n websites for that matter.

use a secure VM with an AV to browse the internet. I do it for the most time. You never know when searching for info, mods etc. If I ever get a virus then I just reload VM to previous state.

Neb · Dec 5, 2009

Arwin said:
Just over a year ago, there was a glitch in the definitions file that caused AVG8 on Windows XP to consider user32.dll an infected file and delete it (after which machines tended not to boot anymore, or kept rebooting in a loop). I think it only affected Dutch, French, Italian, Portuguese or Spanish versions of XP though, or everyone here would have known about it , and obviously the issue was addressed rather quickly.

Shouldn't that file be in backup folder created and maintained by OS as a security mesure?

So if you delete it it gets put back by OS integrity system. That unless AVG would have been deleting it constantly upon boot or people using pirated version with file integrity check disabled.

Malo · Dec 5, 2009

ShaidarHaran said:
I use it every week at work to clean up infected PCs, works just fine under Vista and even 7.

Guess they updated it awhile ago or I'm on drugs. Anyway it's probably one of the best removal tools around, makes life a lot easier at work for cleaning PC's.

googledownload.exe

Kaotik

Drunk Member

Scott_Arm

Kaotik

Drunk Member

Scott_Arm

digitalwanderer

wandering

Zaphod

Remember

digitalwanderer

wandering

Richard

Mord's imaginary friend

pcchen

Moderator

Arwin

Now Officially a Top 10 Poster

ShaidarHaran

hardware monkey

Sinistar

I LIVE

digitalwanderer

wandering

Kaotik

Drunk Member

Malo

Yak Mechanicum

ShaidarHaran

hardware monkey

Arwin

Now Officially a Top 10 Poster

Neb

Iron "BEAST" Man

Neb

Iron "BEAST" Man

Malo

Yak Mechanicum

Similar threads