Should I block it?

98%
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization

VersionsAdditional versions

3, 0, 0, 1 20.00%
3, 0, 0, 1 60.00%
3, 0, 0, 1 20.00%
(Note, Righway Technologies publishes each variation of this file with the same version, but the hashes are unique.)

Relationships


PE structurePE file structure

Show functions
Import table
advapi32.dll
GetTokenInformation
htmlayout.dll
HTMLayoutUpdateWindow
kernel32.dll
GetVersion, InterlockedIncrement, GetModuleFileNameW, GetModuleHandleA, LoadLibraryA, LocalAlloc, LocalFree, GetModuleFileNameA, ExitProcess
ole32.dll
CoUninitialize
shell32.dll
ShellExecuteW
shlwapi.dll
StrStrIW
user32.dll
FindWindowExA
userenv.dll
DestroyEnvironmentBlock
wininet.dll
HttpOpenRequestW
wtsapi32.dll
WTSQueryUserToken

gffupdater.exe

GoforFiles Application by Righway Technologies (Signed)

Remove gffupdater.exe
Version:   3, 0, 0, 1
MD5:   7af38d476c757509ae47e9aa292b3c6b
SHA1:   aa9fc79d519472c700bd38a830f120036e0cf574
SHA256:   f81e4396c9787496c10d61ae98124984b3be01ac43eab73023b9509e71123a85
Warning 7 antivirus scanners has detected malware.

Overview

gffupdater.exe is malware that executes as a process with the local user's privileges. It is an auto-starting process that used the Windows Task Scheduler service to load when the user logs into Windows (sometimes this is required to bypass the UAC protection). It is installed with a couple of know programs including GoforFiles published by Righway Technologies, Inc, GoforFiles from Righway Technologies, Inc and GoforFiles by Righway Technologies, Inc. The file is digitally signed by Righway Technologies which was issued by the COMODO CA Limited certificate authority (CA).

DetailsDetails

File name:gffupdater.exe
Publisher:http://goforfiles.com/
Product name:GoforFiles Application
Description:GoforFiles Updater Application
Typical file path:C:\Program Files\goforfiles\gffupdater.exe
Original name:GoforFiles.exe
File version:3, 0, 0, 1
Product version:3,0,0,0
Size:237.58 KB (243,280 bytes)
Build date:8/8/2013 11:21 PM
Certificate
Issued to:Righway Technologies
Authority (CA):COMODO CA Limited
Expiration date:Sunday, August 23, 2015
Digital DNA
File packed:No
.NET CLR:No
More details

ResourcesPrograms

The following programs will install this file
Righway Technologies, Inc
  70% remove
GoforFiles bundles various adware toolbars including the Delta Search Toolbar (an adware toolbar that modifies the user's web browser home page, search settings and other settings).

BehaviorsBehaviors

Scheduled tasks
  • The job 'GoforFilesUpdate' runs on logon in the path '\GoforFilesUpdate'
Scheduled tasks startups
Set to load on user login (bypasses Windows UAC if enabled)
  • Login entry path '\GoforFilesUpdate'

MalwareMalware detections

Based on 40+ industry antivirus scanners, 7 of them detected the following malware.
Antivirus engineEngine versionDetection
avast! 8.0.1489.320 Win32:Adware-AHK [PUP]
ESET NOD32 7.8861 a variant of Win32/YourFileDownloader.B
Kingsoft 2013.4.9.267 Win32.Troj.Generic.a.(kcloud)
McAfee 5.600.1067 Artemis!7AF38D476C75
McAfee Gateway Anti-Malware v2013-dat Artemis!7AF38D476C75
Trend Micro HouseCall 9.700.0.1001 TROJ_GEN.F47V0808
VIPRE Antivirus 21986 ExpressFiles Installer (fs)

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 8.1 Pro Preview 40.00%
Windows 7 Ultimate 40.00%
Windows 8 Pro 20.00%

Distribution by countryDistribution by country

Saudi Arabia installs about 40.00% of GoforFiles Application.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Acer 66.67%
Alienware 33.33%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE