Should I block it?

98%
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization

VersionsAdditional versions

1, 0, 0, 18 40.00%
1, 0, 0, 17 60.00%

Relationships

GFFupdater.exe

Go for Updater by Righway Technologies (Signed)

Remove GFFupdater.exe
Version:   1, 0, 0, 18
MD5:   65f00e976fcf8c01d5c2b5295aec41a6
SHA1:   d845c08aa95b26c50a67faba9f1bb8c569826cf3
SHA256:   5cc5b509afeeca8485f6af864c9ac62d55ccbaff32671d7493ab2d00b05aad8f
Warning 5 antivirus scanners has detected malware.

What is GFFupdater.exe?

Go for Files Updater is the software updater program which runs in the background of Windows and automatically starts up when your PC boots. It checks for software udpates and automatically downloads and installs them if found.

Overview

gffupdater.exe is malware that executes as a process with the local user's privileges. It is an auto-starting process that used the Windows Task Scheduler service to load when the user logs into Windows (sometimes this is required to bypass the UAC protection). It is installed with a couple of know programs including GoforFiles published by Righway Technologies, Inc, GoforFiles from Righway Technologies, Inc and GoforFiles by Righway Technologies, Inc. The file is digitally signed by Righway Technologies which was issued by the COMODO CA Limited certificate authority (CA).

DetailsDetails

File name:gffupdater.exe
Publisher:http://www.goforfiles.com/
Product name:Go for Updater
Description:Go for Files Updater
Typical file path:C:\Program Files\goforfiles\gffupdater.exe
File version:1, 0, 0, 18
Product version:1,0,0,0
Size:355.58 KB (364,112 bytes)
Certificate
Issued to:Righway Technologies
Authority (CA):COMODO CA Limited
Effective date:Wednesday, August 22, 2012
Expiration date:Sunday, August 23, 2015
Digital DNA
File packed:No
.NET CLR:No
More details

ResourcesPrograms

The following programs will install this file
Righway Technologies, Inc
  70% remove
GoforFiles bundles various adware toolbars including the Delta Search Toolbar (an adware toolbar that modifies the user's web browser home page, search settings and other settings).

BehaviorsBehaviors

Scheduled tasks
  • The task 'GoforFilesUpdate' runs on logon in the path '\GoforFilesUpdate'
  • The job 'Go for FilesUpdate' runs on logon in the path '\Go for FilesUpdate'
  • Entry path 'C:\WINDOWS\Tasks\GoforFilesUpdate.job'
  • Entry path '\Go for FilesUpdate'
Scheduled tasks startups
Set to load on user login (bypasses Windows UAC if enabled)
  • Login entry path '\GoforFilesUpdate'
  • Login entry path 'C:\WINDOWS\Tasks\GoforFilesUpdate.job'
  • Login entry path '\Go for FilesUpdate'

MalwareMalware detections

Based on 40+ industry antivirus scanners, 5 of them detected the following malware.
Antivirus engineEngine versionDetection
Bkav Security 1.3.0.4246 W32.HfsAuto.Baf1
Dr.Web 8.13.9.28 Adware.Downware.1204
ESET NOD32 7.9031 Win32/YourFileDownloader.B
Trend Micro HouseCall 9.700.0.1001 TROJ_GEN.F47V0315
VIPRE Antivirus 23260 ExpressFiles Installer (fs)

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00006754%
0.028634%
Kernel CPU:0.00004510%
0.013761%
User CPU:0.00002243%
0.014873%
Kernel CPU time:187 ms/min
100,923,805ms/min
Memory
Private memory:9.03 MB
21.59 MB
Private (maximum):10.62 MB
Private (minimum):824 KB
Non-paged memory:9.03 MB
21.59 MB
Virtual memory:86.96 MB
140.96 MB
Virtual memory (peak):95.78 MB
169.69 MB
Working set:972 KB
18.61 MB
Working set (peak):12.14 MB
37.95 MB
Resource allocations
Threads:3
12
Handles:178
600
GUI GDI count:23
103
GUI GDI peak:24
142
GUI USER count:6
49
GUI USER peak:7
71

BehaviorsProcess properties

Integrety level:High
Platform:64-bit
Command line:"C:\Program Files\goforfiles\gffupdater.exe"
Owner:User

ResourcesThreads

Averages
 
GFFUpdater.exe (main module)
Total CPU:0.00018035%
0.272967%
Kernel CPU:0.00010520%
0.107585%
User CPU:0.00007515%
0.165382%
CPU cycles:7,257/sec
5,741,424/sec
Memory:568 KB
1.16 MB
wow64win.dll
Total CPU:0.00001900%
Kernel CPU:0.00001900%
User CPU:0.00000000%
CPU cycles:157/sec
Memory:360 KB

Common loaded modules

These are modules that are typiclaly loaded within the context of this process.

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Ultimate 37.78%
Windows 7 Home Premium 31.11%
Windows 8 6.67%
Windows 7 Ultimate N 6.67%
Windows 7 Professional 4.44%
Windows 8 Enterprise 4.44%
Windows Vista Home Premium 4.44%
Microsoft Windows XP 4.44%

Distribution by countryDistribution by country

United States installs about 33.33% of Go for Updater.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Hewlett-Packard 32.14%
Dell 28.57%
Sony 14.29%
Toshiba 14.29%
Acer 10.71%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE