GFFupdater.exe
Go for Updater by Righway Technologies (Signed)
Warning 11 antivirus scanners has detected malware in various versions of GFFupdater.exe.
Overview
There are 2 versions of gffupdater.exe in the wild, the latest version being 1, 0, 0, 18. gffupdater.exe is run as a standard windows process with the logged in user's account privileges. The process utilizes the Windows Task Scheduler to automatically launch the file as a process when a user logs into Windows. The average file size is about 275.61 KB. The file is a digitally signed and issued to Righway Technologies by COMODO CA Limited. Some variations of the file have been seen to be installed with the program GoforFiles from Righway Technologies, Inc. During the process's lifecycle, the typical CPU resource utilization is about 0.0012% including both foreground and background operations, the average private memory consumption is about 9.33 MB. Addionally, typically read and write I/O disk operations is about 49.73 KB per minute for reads and 0 Bytes per minute for writes.
What is gffupdater.exe?
Go for Files Updater is the software updater program which runs in the background of Windows and automatically starts up when your PC boots. It checks for software udpates and automatically downloads and installs them if found.
 Details
|
| File name: | gffupdater.exe |
| Publisher: | http://www.goforfiles.com/ |
| Product name: | Go for Updater |
| Description: | Go for Files Updater |
| Typical file path: | C:\Program Files\goforfiles\gffupdater.exe |
| Certificate |
| Issued to: | Righway Technologies |
| Authority (CA): | COMODO CA Limited |
| Effective date: | Wednesday, August 22, 2012 |
| Expiration date: | Sunday, August 23, 2015 |
Programs installed in
(Note, the programs listed below are for all versions of Go for Updater.)
|
Righway Technologies, Inc |
|
GoforFiles bundles various adware toolbars including the Delta Search Toolbar (an adware toolbar that modifies the user's web browser home page, search settings and other settings).
Behaviors
(Note, the behaviors below are for all versions of gffupdater.exe, select a unique version for details.)
Scheduled tasks
- The task 'GoforFilesUpdate' runs on logon in the path '\GoforFilesUpdate'
- The job 'Go for FilesUpdate' runs on logon in the path '\Go for FilesUpdate'
- Entry path 'C:\WINDOWS\Tasks\GoforFilesUpdate.job'
- Entry path '\Go for FilesUpdate'
Scheduled tasks startups
Set to load on user login (bypasses Windows UAC if enabled)
- Login entry path '\GoforFilesUpdate'
- Login entry path 'C:\WINDOWS\Tasks\GoforFilesUpdate.job'
- Login entry path '\Go for FilesUpdate'
Malware detections
Based on 40+ industry antivirus scanners, 11 of them detected the following malware.
| Antivirus engine | Engine version | Detection | File version |
| avast! |
6.0.1289.0 |
Win32:Adware-AHK [PUP] |
1, 0, 0, 17 |
| Bkav Security |
1.3.0.4246 |
W32.HfsAuto.Baf1 |
1, 0, 0, 18 |
| Dr.Web |
8.13.4.12 |
Tool.DownLoader.52 |
1, 0, 0, 17 |
| Dr.Web |
8.13.9.28 |
Adware.Downware.1204 |
1, 0, 0, 18 |
| Emsisoft Anti-Malware |
3.0.0.575 |
Trojan.Win32.YourFileDownloader.AMN (A) |
1, 0, 0, 17 |
| eSafe |
7.0.17.0 |
Win32.Trojan |
1, 0, 0, 17 |
| ESET NOD32 |
7.8216 |
a variant of Win32/YourFileDownloader.B |
1, 0, 0, 17 |
| ESET NOD32 |
7.9031 |
Win32/YourFileDownloader.B |
1, 0, 0, 18 |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.F47V0115 |
1, 0, 0, 17 |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.F47V0315 |
1, 0, 0, 18 |
| VIPRE Antivirus |
23260 |
ExpressFiles Installer (fs) |
1, 0, 0, 18 |
All file variations of gffupdater.exe
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Ultimate |
37.78% |
|
| Windows 7 Home Premium |
31.11% |
|
| Windows 8 |
6.67% |
|
| Windows 7 Ultimate N |
6.67% |
|
| Windows 7 Professional |
4.44% |
|
| Windows 8 Enterprise |
4.44% |
|
| Windows Vista Home Premium |
4.44% |
|
| Microsoft Windows XP |
4.44% |
|
Distribution by country
United States installs about 33.33% of Go for Updater.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Hewlett-Packard |
32.14% |
|
| Dell |
28.57% |
|
| Sony |
14.29% |
|
| Toshiba |
14.29% |
|
| Acer |
10.71% |
|
