Should I block it?

98%
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization

VersionsAdditional versions

3, 0, 0, 1 20.00%
3, 0, 0, 1 60.00%
3, 0, 0, 1 20.00%
(Note, Righway Technologies publishes each variation of this file with the same version, but the hashes are unique.)

Relationships


PE structurePE file structure

Show functions
Import table
advapi32.dll
GetTokenInformation
htmlayout.dll
HTMLayoutUpdateWindow
kernel32.dll
GetVersion, InterlockedIncrement, GetModuleFileNameW, GetModuleHandleA, LoadLibraryA, LocalAlloc, LocalFree, GetModuleFileNameA, ExitProcess
ole32.dll
CoUninitialize
shell32.dll
ShellExecuteW
shlwapi.dll
StrStrIW
user32.dll
FindWindowExA
userenv.dll
DestroyEnvironmentBlock
wininet.dll
HttpOpenRequestW
wtsapi32.dll
WTSQueryUserToken

gffupdater.exe

GoforFiles Application by Righway Technologies (Signed)

Remove gffupdater.exe
Version:   3, 0, 0, 1
MD5:   56c016dcb6060cf7b6c09445d621ed81
SHA1:   a6a7c309626a6902033653e0d0286239bdb11b29
SHA256:   95fd96a03a2e2b2824c3613f4e991b82ae92e48712be9d8e8c121b1416ab5e4f
Warning 11 antivirus scanners has detected malware.

Overview

gffupdater.exe is malware that executes as a process with the local user's privileges. It is an auto-starting process that used the Windows Task Scheduler service to load when the user logs into Windows (sometimes this is required to bypass the UAC protection). It is installed with a couple of know programs including GoforFiles published by Righway Technologies, Inc, GoforFiles from Righway Technologies, Inc and GoforFiles by Righway Technologies, Inc. The file is digitally signed by Righway Technologies which was issued by the COMODO CA Limited certificate authority (CA).

DetailsDetails

File name:gffupdater.exe
Publisher:http://goforfiles.com/
Product name:GoforFiles Application
Description:GoforFiles Updater Application
Typical file path:C:\Program Files\goforfiles\gffupdater.exe
Original name:GoforFiles.exe
File version:3, 0, 0, 1
Product version:3,0,0,0
Size:355.58 KB (364,112 bytes)
Build date:8/8/2013 11:21 AM
Certificate
Issued to:Righway Technologies
Authority (CA):COMODO CA Limited
Expiration date:Sunday, August 23, 2015
Digital DNA
File packed:No
.NET CLR:No
More details

ResourcesPrograms

The following programs will install this file
Righway Technologies, Inc
  70% remove
GoforFiles bundles various adware toolbars including the Delta Search Toolbar (an adware toolbar that modifies the user's web browser home page, search settings and other settings).

BehaviorsBehaviors

Scheduled tasks
  • The job 'GoforFilesUpdate' runs on logon in the path '\GoforFilesUpdate'
Scheduled tasks startups
Set to load on user login (bypasses Windows UAC if enabled)
  • Login entry path '\GoforFilesUpdate'

MalwareMalware detections

Based on 40+ industry antivirus scanners, 11 of them detected the following malware.
Antivirus engineEngine versionDetection
avast! 8.0.1489.320 Win32:Adware-AHK [PUP]
Baidu Antivirus 3.5.1.41473 Trojan.Win32.YourFileDownloader.B
ESET NOD32 7.8844 a variant of Win32/YourFileDownloader.B
K7 AntiVirus 9.172.9695 Riskware
K7GW 12.7.0.14 Riskware
Kingsoft 2013.04.09.267 Win32.Troj.Generic.a.(kcloud)
McAfee 6.4.564 Artemis!56C016DCB606
McAfee Gateway Anti-Malware v2013-dat Artemis!56C016DCB606
Panda Antivirus 10.0.3.5 Suspicious file
Trend Micro HouseCall 9.700-1001 TROJ_GEN.F47V0920
VIPRE Antivirus 21832 ExpressFiles Installer (fs)

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 8.1 Pro Preview 40.00%
Windows 7 Ultimate 40.00%
Windows 8 Pro 20.00%

Distribution by countryDistribution by country

Saudi Arabia installs about 40.00% of GoforFiles Application.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Acer 66.67%
Alienware 33.33%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE