googledownload.exe

[Silent_Buddha]

The file is located (in Win7 anyway) under C:\Users\[username]\AppData\Roaming\ and won't be visible until you untick "hide protected system files" or some such (and possibly the "show hidden files and folders", too)

If the file is directly in the root Roaming dir, that's suspicious in itself. Everything will be put into a relevant subfolder for whatever program uses it. I can't think of any legit file I've ever seen in the root Roaming folder.

Regards,
SB

 

[Kaotik]

If the file is directly in the root Roaming dir, that's suspicious in itself. Everything will be put into a relevant subfolder for whatever program uses it. I can't think of any legit file I've ever seen in the root Roaming folder.

Regards,
SB

Yep, it's in root of Roaming folder

 

[Kaotik]

Best AV? Don't visit warez sites, or gay sheep pr0n websites for that matter.

Indeed, I can't even remember last time I got anything on my computer; but sadly even "legit sites" sometimes give you things they're not supposed to (including some popup ad at imageshack)

 

[Silent_Buddha]

Speaking of which I really don't like the UAC in Win7 compared to Vista. I suppose by default it's "less annoying." But it also allows in potentially more malicious code.

When I open something I downloaded, even if it's a legit file from a legit source, I want to know if it's going to access protected system files or the registry. I thought that was a huge step up for Vista comapred to XP. Granted everyone should run in user mode and not admin mode, but Vista was a nice compromise.

Heck I had even finally trained most of my relatives to actually think about whether they think a program should be accessing stuff programs usually don't need access to and whether they should trust a program or not in Vista. And if they weren't sure to contact me.

I know you can raise the level of UAC in Win7, but it still doesn't seem to prompt for as much stuff as it did in Vista. Letting things go through regardless...

Regards,
SB

 

[Bludd]

Silent_Buddha, get Agnitum's Outpost Firewall Pro. It lets you monitor that kind of stuff in a very detailed fashion.

 

[digitalwanderer]

Best AV? Don't visit warez sites, or gay sheep pr0n websites for that matter.

Actually I take a proactive stance; I use adblocker+ & noscript on some rather strict settings. An ounce of prevention avoids a whole lot of headaches.

 

[Silent_Buddha]

Actually I take a proactive stance; I use adblocker+ & noscript on some rather strict settings. An ounce of prevention avoids a whole lot of headaches.

What's going to be interesting is how easily computers will be able to be exploited once HTML5 takes over those duties and you can't disable them.

Regards,
SB

 

[Richard]

Speaking of which I really don't like the UAC in Win7 compared to Vista. I suppose by default it's "less annoying." But it also allows in potentially more malicious code.

<SNIP>
I know you can raise the level of UAC in Win7, but it still doesn't seem to prompt for as much stuff as it did in Vista. Letting things go through regardless...

AFAIK, the highest setting in Win7 is equivalent to ON in Vista. The lowest setting in Win7 is equivalent to OFF in Vista.

And yeah, they dropped it from the Vista setting so it's less annoying, unfortunately there's a loop-hole in it which makes it pretty much the same as disabled for an adversary so I just keep it off.

 

[obonicus]

And yeah, they dropped it from the Vista setting so it's less annoying, unfortunately there's a loop-hole in it which makes it pretty much the same as disabled for an adversary so I just keep it off.

Is that loophole still there? I tried running that and I noticed that a) UAC asks you about changing settings at all settings but 'off' and b) once the change UAC window is open, it doesn't seem like the window was receiving the 'sendKeys' events. The second might just be because it's not a great script, of course.

 

[Richard]

Is that loophole still there? I tried running that and I noticed that a) UAC asks you about changing settings at all settings but 'off' and b) once the change UAC window is open, it doesn't seem like the window was receiving the 'sendKeys' events. The second might just be because it's not a great script, of course.

AFAIK it's still open in RTM code.