Versions
(Note, Righway Technologies publishes each variation of this file with the same version, but the hashes are unique.)
Relationships
gffupdater.exe
GoforFiles Application by Righway Technologies (Signed)
Warning 18 antivirus scanners has detected malware in various versions of gffupdater.exe.
Overview
gffupdater.exe has 3 known versions, the most recent one is 3, 0, 0, 1. gffupdater.exe is run as a standard windows process with the logged in user's account privileges. The process utilizes the Windows Task Scheduler to automatically launch the file as a process when a user logs into Windows. The average file size is about 518.39 KB. It is an authenticode code-signed executable issued to Righway Technologies by the certification authority COMODO CA Limited. Numerous variations of gffupdater.exe have been installed with both GoforFiles and Feature Update Service (GFF).
 Details
|
| File name: | gffupdater.exe |
| Publisher: | http://goforfiles.com/ |
| Product name: | GoforFiles Application |
| Description: | GoforFiles Updater Application |
| Typical file path: | C:\Program Files\goforfiles\gffupdater.exe |
| Original name: | GoforFiles.exe |
| Certificate |
| Issued to: | Righway Technologies |
| Authority (CA): | COMODO CA Limited |
| Expiration date: | Sunday, August 23, 2015 |
Programs installed in
(Note, the programs listed below are for all versions of GoforFiles Application.)
“It's totally unique. Very simple interface is specifically designed for each and everyone. GoforFiles does not require any specific knowledge to operate it, but combines powerful programming technique...”
|
Righway Technologies, Inc |
|
GoforFiles bundles various adware toolbars including the Delta Search Toolbar (an adware toolbar that modifies the user's web browser home page, search settings and other settings).
Behaviors
(Note, the behaviors below are for all versions of gffupdater.exe, select a unique version for details.)
Scheduled tasks
- The job 'GoforFilesUpdate' runs on logon in the path '\GoforFilesUpdate'
Scheduled tasks startups
Set to load on user login (bypasses Windows UAC if enabled)
- Login entry path '\GoforFilesUpdate'
Malware detections
Based on 40+ industry antivirus scanners, 18 of them detected the following malware.
| Antivirus engine | Engine version | Detection | File version |
| avast! |
8.0.1489.320 |
Win32:Adware-AHK [PUP] |
3, 0, 0, 1 |
| avast! |
8.0.1489.320 |
Win32:Adware-AHK [PUP] |
3, 0, 0, 1 |
| Baidu Antivirus |
3.5.1.41473 |
Trojan.Win32.YourFileDownloader.B |
3, 0, 0, 1 |
| ESET NOD32 |
7.8844 |
a variant of Win32/YourFileDownloader.B |
3, 0, 0, 1 |
| ESET NOD32 |
7.8861 |
a variant of Win32/YourFileDownloader.B |
3, 0, 0, 1 |
| K7 AntiVirus |
9.172.9695 |
Riskware |
3, 0, 0, 1 |
| K7GW |
12.7.0.14 |
Riskware |
3, 0, 0, 1 |
| Kingsoft |
2013.04.09.267 |
Win32.Troj.Generic.a.(kcloud) |
3, 0, 0, 1 |
| Kingsoft |
2013.4.9.267 |
Win32.Troj.Generic.a.(kcloud) |
3, 0, 0, 1 |
| McAfee |
6.4.564 |
Artemis!56C016DCB606 |
3, 0, 0, 1 |
| McAfee |
5.600.1067 |
Artemis!7AF38D476C75 |
3, 0, 0, 1 |
| McAfee Gateway Anti-Malware |
v2013-dat |
Artemis!56C016DCB606 |
3, 0, 0, 1 |
| McAfee Gateway Anti-Malware |
v2013-dat |
Artemis!7AF38D476C75 |
3, 0, 0, 1 |
| Panda Antivirus |
10.0.3.5 |
Suspicious file |
3, 0, 0, 1 |
| Trend Micro HouseCall |
9.700-1001 |
TROJ_GEN.F47V0920 |
3, 0, 0, 1 |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.F47V0808 |
3, 0, 0, 1 |
| VIPRE Antivirus |
21832 |
ExpressFiles Installer (fs) |
3, 0, 0, 1 |
| VIPRE Antivirus |
21986 |
ExpressFiles Installer (fs) |
3, 0, 0, 1 |
All file variations of gffupdater.exe
